Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Wanted


  • This topic is locked This topic is locked
8 replies to this topic

#1 rom

rom

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 19 April 2006 - 11:01 PM

Hello my pc its infected i think, my task manager will no work and I was at the forum and found some info, but so far no results, I did the stuff about brute force uninst. and also the highjackthis bit and this its my result need some help please!!:
Logfile of HijackThis v1.99.1
Scan saved at 8:39:17 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\csrrs.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\romnixdejesus\My Documents\My Downloads\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lasvegas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://home.microsoft.com/access/autosearch.asp?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;pcs.adam.com;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [blah service] smnp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvokn32.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\RunServices: [blah service] smnp.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe


Mod Edit: This will be moved to a more appropriate Forum.

Edited by Scarlett, 19 April 2006 - 11:09 PM.


BC AdBot (Login to Remove)

 


#2 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:15 PM

Posted 20 April 2006 - 01:58 AM

Click here to download ewido anti-malware - it is a trial version of the program.
  • Install ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen.
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed. Then:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin (do not open any folders or open the windows control panel while the scan is in progress).
  • While the scan is in progress you will be prompted to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido.

Rescan with HJT and post a new log here together with the ewido log so that any remnants can be removed manually.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#3 rom

rom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 20 April 2006 - 10:34 PM

I did everithing you daus now here its the report:
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:31:51 PM, 4/20/2006
+ Report-Checksum: 3F00B7CA

+ Scan result:

HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CLSID -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink\CurVer -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\TopSearch.TSLink.1 -> Adware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup
HKU\S-1-5-21-602162358-308236825-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{59879FA4-4790-461C-A1CC-4EC4DE4CA483} -> Adware.RXToolbar : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq273.tmp\instafink.dll -> Adware.404Search : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\adm.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\adm25.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\adm4.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\admdloader.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\admfdi.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\admprog.dll -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\dmfiles.cab/AltnetUninstall.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\pmexe.cab/Points Manager.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\Authentium\Curtains150\Quarantine\Quarantine\ppq289.tmp\Setup.exe -> Adware.Altnet : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Cookies\romnixdejesus@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Cookies\romnixdejesus@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Cookies\romnixdejesus@clickbank[1].txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Cookies\romnixdejesus@com[1].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Cookies\romnixdejesus@coxhsi.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Accent Office Password Recovery 2.12.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Acronis True Image 9.0 Build 2323.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Acronis True Image 9.0 Build.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Act Of War - Direct Action and High Treason.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Adobe Creative Suite 2 iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Agon The Mysterious Codex.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Alchemist Wizard 1.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Alcohol 120 v1.9.5.3823 Retail.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\All-In-One RapidShare Hacks.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Apollo Photo2VCD v1.1.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Ashampoo AntiSpyWare 1.20.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Asound Recoder v2.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\AVI DivX to DVD SVCD VCD Converter 1.4.8.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Aye Parental Control v2.04.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Bopup Communication Server v2.0.3.114.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Bopup Messenger v4.1.0.2328.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\BTK Killer DVDrip Xvid.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\CD Audio Wave Editor 1.93 beta.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Citizen Toxie The Toxic Avenger IV DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Corbis Urban Grafitti Clipart.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Corel Painter Essentials v3.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\COREL PAINTER IX.5.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\CREATiVE Dimensions 3Dsom Pro v2.0.3.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\CSS Editor v.1.2.4.317.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Cycore Effects v1.0.1 for Adobe After Effects 7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Damage Cleanup Services v3.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Dane Cook - Harmful if swallowed HDTVRip Mp4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Darksim DarkTree Textures.v2.5.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\DAZ3D Stone Texture Building Kit br_ma001b for Bry.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Digital Anarchy Primatte Cromakey v2.0 For Photosh.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Download Accelerator Plus 8.0.6.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Duke Nukem 3D - 05.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Easy Music CD Burner v3.0.31.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Easy Remover 2004 2.6.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Fallout Tactics Brotherhood of Steel.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Fast Food Tycoon 2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Gadget Tycoon.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Guitar Pro 5 With RSE [realistic engine sound].exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Hidden Camera v2.15.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Hitman 2 Silent Assassin is the sequel to the popular.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Human Stain DVDRip Xvid.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\HumanSoftware keygens.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\IAR Embedded Workbench for TI MSP430 v3.41.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\IMSI FloorPlan 3D Design Suite v10.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\ImTOO MPEG Encoder v3.0.2.0412b.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Indiana Jones and the Emperors Tomb - iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\InstantGet 2.01.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Internet TV And Radio Player v3.3.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\IsoBuster 1.9 Pro.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Kaspersky Free Cleaner 12.0.0.7.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\LimeWire 4.11.0 PRO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Lost Marble Moho 5.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Maxthon 1.5.3 Build 18 Standard Combo.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Mcft Office 2003 Pro.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Medal of Honor Allied Assault-DEViANCE iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\MOBILedit 2.0.0.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Motor City Online.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Mp3 Remix For Winamp v3.102.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Need For Speed Most Wanted Black Edition.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Nero 7 Premium iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\NetWatcher v1.6.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\NewLive All Media Fixer Pro 6.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Nexagon Deathmatch.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Norton Ghost 10.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Norton Systemworks Pro 2005 iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Online TV Player v2.9.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\PayPal Notifier v2.0.0.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Pc Tools Registry Mechanic v5.1.0.224.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\PerpetualBudget System v3.8.40.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\PHPedit v2.2.0.219.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Premier Manager 2002-2004.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Prince of Persia The Sands of Time.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Prince of Persia Warrior Within.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Pro-swim Meet Manager 2004.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Professional League TE v1.30.13.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\PSPaudioware PSP Neon VST DX RTAS v1.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\PSRemote v1.2.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\RapidShare Ultimate Tools Collection.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\RapidShare-Killer AIO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Realplayer 10.5 Gold DFX Audio 7.3 Audio Enhancer.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Registry Operator v3.0.0.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Sagasoft Power MP3 WMA Recorder v1.02.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\SiteFinity v2.5.1 Enterprise.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Ski-Doo X-Team Racing.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Soldner - Secret Wars.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Spyware Doctor 3.8.0.1557 Incl.LiveUpdate.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\SQL Server Backup v5.32.308.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Stronghold 2 iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Syberia II iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Symantec Client Security ver. 3.0 Retail.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Symantec Ghost Corporate Edition 8.3.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Symantec Ghost Solution Suite 1.1 iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\T3 War Of The Machines.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\The Godfather The Game.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\The Stalin Subway.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Time Control Mantragora VSTi v1.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\True Crime New York City iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\TurboLaunch v5.0.8 -.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\TurboSound 1.x.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\TurboSprite 4.4.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Tycoon City New York iSO.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\UltraISO Premium Edition 8.0.0 Build 1392.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Visual Comparer v1.10.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Web Button Menu Maker v2.1.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Will Rock.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Windows XP Pro SP2 2005 Gold Updated.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Windows XP Tiger.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\WinMerge v2.0.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\xzxzxzxzxzxz.exe -> Dropper.VB.lu : Cleaned with backup
C:\Documents and Settings\romnixdejesus\Shared\_\Your Unistaller 2006 Pro.exe -> Dropper.VB.lu : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc112.exe -> Dropper.VB.lu : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc136.txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc138.txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc139.txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc141.txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc143.txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc144.txt -> TrackingCookie.Clickbank : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc147.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc148.txt -> TrackingCookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc151.txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc154.txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc157.txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc169.txt -> TrackingCookie.2o7 : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc171.txt -> TrackingCookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc175.txt -> TrackingCookie.Overture : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc178.txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\RECYCLER\S-1-5-21-602162358-308236825-1801674531-1004\Dc181.txt -> TrackingCookie.Revenue : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP450\A0061345.exe -> Backdoor.Rbot : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP450\A0061386.exe -> Dropper.VB.lu : Cleaned with backup
C:\System Volume Information\_restore{B6441411-87B0-4BDA-9E4A-8AC5B81921CD}\RP450\A0061402.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\b.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\SADWJN7Q\silent_install[2].exe -> Adware.EliteBar : Cleaned with backup
C:\WINDOWS\system32\TFTP3268 -> Backdoor.SdBot.kn : Cleaned with backup


::Report End

#4 rom

rom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 20 April 2006 - 10:37 PM

here its the hjt report:
Logfile of HijackThis v1.99.1
Scan saved at 8:34:47 PM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cox\Applications\app\Prism.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Documents and Settings\romnixdejesus\My Documents\My Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lasvegas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;pcs.adam.com;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [blah service] smnp.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvokn32.exe
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKLM\..\RunServices: [blah service] smnp.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/html - (no CLSID) - (no file)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe

#5 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:15 PM

Posted 21 April 2006 - 01:56 AM

Make sure that you have no browser windows open as this could prevent the fix from working properly. Open HijackThis, scan and when complete, remove the following entries by checking the box to the left and clicking 'fixed checked':

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/.../search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
O2 - BHO: (no name) - {4D1C4E81-A32A-416b-BCDB-33B3EF3617D3} - (no file)
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll (file missing)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O4 - HKLM\..\Run: [ZTgServerSwitch] c:\program files\support.com\client\lserver\server.vbs
O4 - HKLM\..\Run: [blah service] smnp.exe
O4 - HKLM\..\Run: [kalvsys] C:\windows\system32\kalvokn32.exe
O4 - HKLM\..\RunServices: [blah service] smnp.exe
O8 - Extra context menu item: &Search - http://km.bar.need2find.com/KM/menusearch.html?p=KM
O18 - Filter: text/html - (no CLSID) - (no file)


Exit HijackThis when done. Reboot into Safe Mode by tapping F8 after the BIOS has loaded. Using Windows Explorer, find and delete the following:

C:\windows\system32\kalvokn32.exe

Exit Explorer and reboot into Normal Mode. Rescan with HijackThis and post a new log here.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#6 rom

rom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 22 April 2006 - 01:01 AM

thanks for the help I didi what you said and here its the report:
Logfile of HijackThis v1.99.1
Scan saved at 10:58:58 PM, on 4/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Cox\Applications\app\Prism.exe
c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
c:\opt\MBCASE\pm\bin\mcp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
c:\opt\MBCASE\WIS\TBCD\tbmux32.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\cmserver.exe
C:\WINDOWS\system32\cmd.exe
C:\opt\MBCASE\pm\bin\lic_srv.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\WScript.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe
C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
C:\Program Files\Sony\VAIO Action Setup\VAServ.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
c:\progra~1\Support.com\client\bin\tgcmd.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\romnixdejesus\My Documents\My Downloads\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lasvegas.cox.net/cci/home
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sony.com/vaiopeople
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.sbc.com/dsl
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;pcs.adam.com;<local>
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\AUserInit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AuthBHO.cBHO - {A4D90779-6CB2-4752-83C2-A2AB4D9A672D} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Cox Popup Blocker - {64634180-B0EA-48B6-82B7-9620D33362C1} - C:\Program Files\Cox\Applications\app\AuthBHO.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [IPInSightLAN 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" -l
O4 - HKLM\..\Run: [IPInSightMonitor 02] "C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [SemanticInsight] C:\Program Files\RXToolBar\Semantic Insight\SemanticInsight.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [errorkiller] "C:\Program Files\errorkiller\errorkiller.exe" -boot
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: VAIO Action Setup (Server).lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {200B3EE9-7242-4EFD-B1E4-D97EE825BA53} (VerifyGMN Class) - http://h20270.www2.hp.com/ediags/gmn/insta...staller_gmn.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {37DF41B2-61DB-4CAC-A755-CFB3C7EE7F40} - http://esupport.aol.com/help/acp2/engine/aolcoach_core_1.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.av.aol.com/molbin/shared/m...83/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by5fd.bay5.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secur...loadManager.ocx
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.av.aol.com/molbin/shared/m...,20/mcgdmgr.cab
O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab
O16 - DPF: {FFFFFFFF-CACE-BABE-BABE-00AA0055595A} - http://www.trueswitch.com/sbcyahoo/TrueInstallSBC.exe
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: Curtains for Windows System Service (CurtainsSysSvc) - Authentium, Inc. - c:\program files\cox\applications\app\CurtainsSysSvcNt.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: konfig - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: license - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: mcp - Unknown owner - c:\opt\MBCASE\pm\bin\mcp (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: TransBaseService - TransAction Software, D 81737 Munich - c:\opt\MBCASE\WIS\TBCD\tbmux32.exe

#7 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:15 PM

Posted 22 April 2006 - 01:55 AM

Looks better - how is it running now?
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here

#8 rom

rom
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:15 AM

Posted 24 April 2006 - 10:49 PM

its running very good I thank you for your help,, thanks

#9 Daemon

Daemon

    Security Expert


  • Members
  • 1,446 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:UK
  • Local time:04:15 PM

Posted 24 April 2006 - 11:50 PM

You're welcome - glad to help :thumbsup:

To help keep you clean follow the recommendations in the article here:

So how did I get infected?



As this problem has been resolved the topic will be closed. If you need this topic reopened, please email the moderating team - be sure to include the address of the thread and the name you posted under.
Posted Image

Have I helped you? Please consider donating to help me continue with the fight against malware. Click here




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users