Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ssk3 Problem And More....


  • This topic is locked This topic is locked
26 replies to this topic

#1 Shannon Roach

Shannon Roach

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 14 July 2006 - 12:53 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:23:19 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\udltjfc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe
C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
C:\WINDOWS\udltjfcA.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\svchost.exe
C:\WINDOWS\system32\dlcdcoms.exe
C:\Program Files\Common Files\{64990E1F-09E4-1033-0917-020105290001}\Update.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Network Monitor\netmon.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\rundll32.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insightbb.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\2.bin\W6BAR.DLL
O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll
O4 - HKLM\..\Run: [DLCDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [dlcdmon.exe] "C:\Program Files\Dell Photo AIO Printer 944\dlcdmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] C:\Program Files\Dell Photo AIO Printer 944\memcard.exe
O4 - HKLM\..\Run: [keyboard] C:\\kybrdad_5.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [udltjfcA] C:\WINDOWS\udltjfcA.exe
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.21/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.5.1.24/ccta...ctank-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.29/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.1.29/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.34/bowl...wling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.2.25/vide...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.32/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.2.25/ches...2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.5.1.24/ccst...trike-en_US.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.5.30/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.3.37/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.3.2.32/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/itso...e-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.1.3.28/vide...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.2.51/gin/gin-ob-assets.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.1.29/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.5.1.24/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahj...hjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.5.21/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.3.0.53/nasc...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.1.46/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.0.27/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.6.1.37/pira...sgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.4.27/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.5.0.45/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.28/popp...t-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.0.45/hots...k-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.1.4.29/quic...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squa...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.0.4.31/rico...t-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.4.34/ride...e-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.5.29/spad...ades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.1.24/spad...pades-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.1.31/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.31/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.1.53/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/hold...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.9.3.29/si...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.6.0.27/topd...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.1.24/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.4.21/jumb...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.2.32/turb...1-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turb...rbo22-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.3.0.53/vert...r-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memo...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.5.31/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.24/worl...class-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152239117191
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O20 - Winlogon Notify: DateTime - C:\WINDOWS\system32\dnj0011me.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9hY2g\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\udltjfc.exe

BC AdBot (Login to Remove)

 


#2 therock247uk

therock247uk

    Malware Killer


  • Malware Response Team
  • 154 posts
  • OFFLINE
  •  
  • Location:Newark, Nottingham, UK
  • Local time:12:07 AM

Posted 14 July 2006 - 01:05 PM

User in chat...

Go to Start > Settings > Control Panel > Add/Remove and uninstall the following.

Command Service
Network Monitor
ToolBar888

Then please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX

#3 Shannon Roach

Shannon Roach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 14 July 2006 - 02:09 PM

Look2Me-Destroyer V1.0.12

Scanning for infected files.....
Scan started at 7/14/2006 2:35:04 PM

Infected! C:\WINDOWS\system32\l24q0ch5ef4.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0355017.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0360451.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0360459.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0363887.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0363888.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370381.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370516.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370522.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373938.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373978.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373992.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373993.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0374018.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375151.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375152.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375156.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375163.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375167.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375173.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375174.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375183.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375184.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375188.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375195.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375216.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375243.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375247.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375253.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375267.dll
Infected! C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375272.dll
Infected! C:\WINDOWS\system32\botsprx3.dll
Infected! C:\WINDOWS\system32\l24q0ch5ef4.dll
Infected! C:\WINDOWS\system32\n64s0gh7e64.dll
Infected! C:\WINDOWS\system32\pgustab.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\l24q0ch5ef4.dll
C:\WINDOWS\system32\l24q0ch5ef4.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0355017.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0355017.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0360451.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0360451.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0360459.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0360459.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0363887.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0363887.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0363888.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP777\A0363888.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370381.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370381.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370516.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370516.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370522.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0370522.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373938.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373938.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373978.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373978.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373992.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373992.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373993.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0373993.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0374018.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0374018.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375151.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375151.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375152.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375152.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375156.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375156.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375163.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375163.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375167.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375167.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375173.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375173.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375174.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375174.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375183.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375183.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375184.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375184.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375188.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375188.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375195.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP779\A0375195.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375216.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375216.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375243.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375243.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375247.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375247.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375253.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375253.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375267.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375267.dll Deleted successfully!

Attempting to delete: C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375272.dll
C:\System Volume Information\_restore{E927C930-2021-4ECE-889B-670AF8097759}\RP780\A0375272.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\botsprx3.dll
C:\WINDOWS\system32\botsprx3.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l24q0ch5ef4.dll
C:\WINDOWS\system32\l24q0ch5ef4.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n64s0gh7e64.dll
C:\WINDOWS\system32\n64s0gh7e64.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\pgustab.dll
C:\WINDOWS\system32\pgustab.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Dynamic Directory

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{CE479DC7-A75D-47FB-BA75-9BAE5EA41B06}"
HKCR\Clsid\{CE479DC7-A75D-47FB-BA75-9BAE5EA41B06}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{F045D79A-CADE-4678-8291-7B9716D62125}"
HKCR\Clsid\{F045D79A-CADE-4678-8291-7B9716D62125}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{64656B90-3E90-4490-9C04-3F49A7A6BA27}"
HKCR\Clsid\{64656B90-3E90-4490-9C04-3F49A7A6BA27}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{2D26E94A-69F8-4794-AB3D-E4C3C96DE45C}"
HKCR\Clsid\{2D26E94A-69F8-4794-AB3D-E4C3C96DE45C}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{B980DD3B-B419-4E63-BD68-E9B9FF8CFCC4}"
HKCR\Clsid\{B980DD3B-B419-4E63-BD68-E9B9FF8CFCC4}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

Logfile of HijackThis v1.99.1
Scan saved at 2:47:12 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\Um9hY2g\command.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\udltjfc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\mptft.exe
C:\WINDOWS\system32\bdpn.exe
C:\WINDOWS\udltjfcA.exe
C:\Program Files\Common Files\{64990E1F-09E5-1033-0917-020105290001}\Update.exe
C:\WINDOWS\system32\ssec.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\system32\xd7ehbkw.exe
C:\WINDOWS\system32\tfthot.exe
C:\Program Files\rdso\eetu.exe
C:\Documents and Settings\ROACH'S\My Documents\?dobe\wowexec.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\svchost.exe
C:\Program Files\TClock\TClock.exe
C:\Documents and Settings\ROACH'S\setup.exe
C:\unzipped\hijackthis[1]\HijackThis.exe
C:\WINDOWS\system32\setup.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insightbb.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\2.bin\W6BAR.DLL
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll
O4 - HKLM\..\Run: [ftexc] C:\WINDOWS\system32\mptft.exe
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [csr] csrrs.exe
O4 - HKLM\..\Run: [udltjfcA] C:\WINDOWS\udltjfcA.exe
O4 - HKLM\..\RunServices: [csr] csrrs.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Aida] "C:\Program Files\rdso\eetu.exe" -vt yazb
O4 - HKCU\..\Run: [Qzxw] C:\Documents and Settings\ROACH'S\My Documents\?dobe\wowexec.exe
O4 - Global Startup: svchost.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.21/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.5.1.24/ccta...ctank-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.29/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.1.29/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.34/bowl...wling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.2.25/vide...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.32/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.2.25/ches...2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.5.1.24/ccst...trike-en_US.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.5.30/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.3.37/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.3.2.32/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/itso...e-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.1.3.28/vide...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.2.51/gin/gin-ob-assets.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.1.29/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.5.1.24/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahj...hjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.5.21/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.3.0.53/nasc...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.1.46/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.0.27/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.6.1.37/pira...sgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.4.27/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.5.0.45/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.28/popp...t-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.0.45/hots...k-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.1.4.29/quic...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squa...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.0.4.31/rico...t-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.4.34/ride...e-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.5.29/spad...ades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.1.24/spad...pades-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.1.31/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.31/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.1.53/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/hold...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.9.3.29/si...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.6.0.27/topd...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.1.24/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.4.21/jumb...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.2.32/turb...1-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turb...rbo22-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.3.0.53/vert...r-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memo...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.5.31/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.24/worl...class-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152239117191
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\Um9hY2g\command.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\udltjfc.exe

#4 therock247uk

therock247uk

    Malware Killer


  • Malware Response Team
  • 154 posts
  • OFFLINE
  •  
  • Location:Newark, Nottingham, UK
  • Local time:12:07 AM

Posted 14 July 2006 - 02:14 PM

1. Please download ewido anti-spyware from HERE and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close ewido anti-spyware, Do Not run a scan just yet, we will shortly.

2. Please download Brute Force Uninstaller to your desktop.
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close ewido.
5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.
  • Start the Brute Force Uninstaller by doubleclicking BFU.exe
  • Behind the scriptline to execute field click the folder icon Posted Image and select alcanshorty.bfu
  • Press Execute and let the program do itís job. (You ought to see a progress bar if you did this correctly.)
  • Wait for the complete script execution box to pop up and press OK.
  • Press exit to terminate the BFU program.
Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

#5 Shannon Roach

Shannon Roach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 14 July 2006 - 08:26 PM

First of all everything you told me to do worked fine except I could not save the Ewido text. It would freeze up each time, I tried 3 times. I did the rest with no problems and here is my new HJT log:

Logfile of HijackThis v1.99.1
Scan saved at 9:22:25 PM, on 7/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bdpn.exe
C:\WINDOWS\udltjfcA.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{64990E1F-09E5-1033-0917-020105290001}\Update.exe
C:\Program Files\TClock\TClock.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insightbb.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\2.bin\W6BAR.DLL
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [udltjfcA] C:\WINDOWS\udltjfcA.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Qzxw] C:\Documents and Settings\ROACH'S\My Documents\?dobe\wowexec.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.21/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.5.1.24/ccta...ctank-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.29/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.1.29/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.34/bowl...wling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.2.25/vide...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.32/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.2.25/ches...2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.5.1.24/ccst...trike-en_US.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.5.30/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.3.37/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.3.2.32/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/itso...e-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.1.3.28/vide...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.2.51/gin/gin-ob-assets.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.1.29/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.5.1.24/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahj...hjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.5.21/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.3.0.53/nasc...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.1.46/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.0.27/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.6.1.37/pira...sgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.4.27/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.5.0.45/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.28/popp...t-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.0.45/hots...k-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.1.4.29/quic...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squa...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.0.4.31/rico...t-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.4.34/ride...e-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.5.29/spad...ades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.1.24/spad...pades-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.1.31/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.31/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.1.53/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/hold...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.9.3.29/si...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.6.0.27/topd...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.1.24/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.4.21/jumb...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.2.32/turb...1-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turb...rbo22-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.3.0.53/vert...r-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memo...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.5.31/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.24/worl...class-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152239117191
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
O23 - Service: Windows Overlay Components - Unknow

#6 therock247uk

therock247uk

    Malware Killer


  • Malware Response Team
  • 154 posts
  • OFFLINE
  •  
  • Location:Newark, Nottingham, UK
  • Local time:12:07 AM

Posted 14 July 2006 - 08:48 PM

Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Boot into safemode to do this keep tapping F8 on your keyboard while your PC is starting up you will get a menu select safemode.

While in safemode open Hijackthis and click scan. Then check mark the following entries

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=20069&k=
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Yvakt Class - {00172AD1-F4BD-48C0-AEB5-A4CFE4638393} - C:\WINDOWS\system32\v199.dll
O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Related Page - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - C:\WINDOWS\system32\WinNB57.dll (file missing)
O4 - HKLM\..\Run: [kSPYv] "C:\WINDOWS\system32\bdpn.exe"
O4 - HKLM\..\Run: [udltjfcA] C:\WINDOWS\udltjfcA.exe
O4 - HKCU\..\Run: [Qzxw] C:\Documents and Settings\ROACH'S\My Documents\?dobe\wowexec.exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\system32\dmonwv.dll (file missing)
O9 - Extra button: Poker.com - {6FDD5236-C9F0-49ef-935D-385F5E21991A} - C:\Program Files\Poker.com\poker.exe (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - C:\Program Files\PartyPoker.net\partypokernet.exe (file missing)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.mmohsix.com
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O18 - Filter: text/html - {0F9A5F09-3BFD-40D3-85FE-36227430A374} - C:\WINDOWS\system32\v199.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\udltjfc.exe

Now close all open windows except Hijackthis and click fix checked

Delete the folders. (if present)

C:\Documents and Settings\ROACH'S\My Documents\?dobe

Delete the files. (if present)

C:\WINDOWS\system32\v199.dll
C:\WINDOWS\system32\bdpn.exe
C:\WINDOWS\udltjfcA.exe
C:\WINDOWS\udltjfc.exe

Reboot and Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


#7 Shannon Roach

Shannon Roach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 July 2006 - 01:21 AM

Incident Status Location

Adware:Adware/PurityScan Not disinfected c:\windows\system32\f?nts\services.exe
Adware:adware program Not disinfected c:\windows\system32\data.~
Spyware:spyware/marketscore Not disinfected c:\windows\system32\rk.exe
Adware:adware/powersearch Not disinfected c:\windows\system32\stlb2.xml
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\ROACH'S\Local Settings\Temporary Internet Files\Ssk.log
Adware:adware/bookedspace Not disinfected c:\windows\cfgmgr52.ini
Adware:adware/gator Not disinfected c:\program files\common files\GMT
Adware:adware/delfinmedia Not disinfected c:\windows\system32\nsvsvc
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Adware:adware/addestroyer Not disinfected c:\documents and settings\all users.windows\application data\AdDestroyer
Adware:adware/savenow Not disinfected c:\documents and settings\all users.windows\application data\nsv
Adware:adware/virtualbouncer Not disinfected c:\documents and settings\all users.windows\application data\VBouncer
Adware:adware/popper Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Spyware:spyware/dogpile Not disinfected Windows Registry
Adware:adware/ezula Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\ON21G70T\ctxad-301[1].0000[NDrv.dll]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\ON21G70T\ctxad-306[1].0000[NDrv.dll]
Adware:Adware/Lop Not disinfected C:\Documents and Settings\ROACH'S\Application Data\STOP BASE DRAW\eqhelp.exe
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@advertising[1].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@banners.searchingbooth[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@doubleclick[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@servedby.advertising[1].txt
Adware:Adware/PornShoter Not disinfected C:\Documents and Settings\Shannon\Local Settings\Temp\ybd.12.dll
Adware:Adware/PornShoter Not disinfected C:\Documents and Settings\Shannon\Local Settings\Temp\ybd.13.dll
Adware:Adware/PornShoter Not disinfected C:\Documents and Settings\Shannon\Local Settings\Temp\ybd.18.dll
Adware:Adware/PurityScan Not disinfected C:\Mendoza1.exe
Adware:Adware/ConsumerAlertSystem Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B910AE34-FA14-4584-8AF2-345713\0B9945E5-B21B-4007-9E2B-3680B4
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\2.bin\NPMYSRWB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\2.bin\W6PLUGIN.DLL
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\istactivex.inf
Virus:Trj/Downloader.HPZ Not disinfected C:\WINDOWS\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\WINDOWS\pf78.exe[SYSC00.exe]
Virus:Trj/Downloader.JKC Disinfected C:\WINDOWS\ssqbn.exe
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\cemetrix.dll
Adware:Adware/NewAds Not disinfected C:\WINDOWS\system32\tpuninstall.exe
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\WINDOWS\system32\VSL05.exe[auxe.exe]
Adware:Adware/DigInk Not disinfected C:\WINDOWS\Tagasuarus2.exe
Adware:Adware/CommAd Not disinfected C:\WINDOWS\Um9hY2g\oA61sZ0.vbs
Adware:Adware/DigInk Not disinfected C:\WINDOWS\uni_ehhh.exe
Adware:Adware/MediaTickets Not disinfected C:\WINDOWS\YOINSI.exe

#8 therock247uk

therock247uk

    Malware Killer


  • Malware Response Team
  • 154 posts
  • OFFLINE
  •  
  • Location:Newark, Nottingham, UK
  • Local time:12:07 AM

Posted 15 July 2006 - 08:26 AM

Delete the files. (if present)

c:\windows\system32\f?nts\services.exe

Please download the Killbox by Option^Explicit.

Note: In the event you already have Killbox, this is a new version that I need you to download.
  • Save it to your desktop.
  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    c:\windows\system32\data.~
    c:\windows\system32\rk.exe
    c:\windows\system32\stlb2.xml
    C:\Documents and Settings\ROACH'S\Local Settings\Temporary Internet Files\Ssk.log
    C:\windows\cfgmgr52.ini
    c:\program files\common files\GMT
    c:\windows\system32\nsvsvc
    c:\documents and settings\all users.windows\application data\AdDestroyer
    c:\documents and settings\all users.windows\application data\nsv
    c:\documents and settings\all users.windows\application data\VBouncer
    C:\Documents and Settings\ROACH'S\Application Data\STOP BASE DRAW\eqhelp.exe
    C:\Documents and Settings\ROACH'S\Application Data\STOP BASE DRAW
    C:\Documents and Settings\Shannon\Local Settings\Temp\ybd.12.dll
    C:\Documents and Settings\Shannon\Local Settings\Temp\ybd.13.dll
    C:\Documents and Settings\Shannon\Local Settings\Temp\ybd.18.dll
    C:\Mendoza1.exe
    C:\WINDOWS\pf78.exe
    C:\WINDOWS\ssqbn.exe
    C:\WINDOWS\system32\cemetrix.dll
    C:\WINDOWS\system32\tpuninstall.exe
    C:\WINDOWS\system32\VSL05.exe
    C:\WINDOWS\Tagasuarus2.exe
    C:\WINDOWS\Um9hY2g\oA61sZ0.vbs
    C:\WINDOWS\uni_ehhh.exe
    C:\WINDOWS\YOINSI.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

Run Panda again and post the log it makes also post a new Hijackthis log.

#9 Shannon Roach

Shannon Roach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 July 2006 - 02:04 PM

Here is the Panda Log:

Incident Status Location

Adware:adware program Not disinfected c:\windows\system32\key.~
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\ROACH'S\Application Data\Sskcwrd.dll
Adware:adware/gator Not disinfected c:\program files\common files\GMT
Adware:adware/delfinmedia Not disinfected c:\windows\system32\nsvsvc
Potentially unwanted tool:application/myway Not disinfected c:\program files\MyWay
Adware:adware/addestroyer Not disinfected c:\documents and settings\all users.windows\application data\AdDestroyer
Adware:adware/savenow Not disinfected c:\documents and settings\all users.windows\application data\nsv
Adware:adware/virtualbouncer Not disinfected c:\documents and settings\all users.windows\application data\VBouncer
Adware:adware/popper Not disinfected Windows Registry
Adware:adware/qoologic Not disinfected Windows Registry
Spyware:spyware/dogpile Not disinfected Windows Registry
Adware:adware/ezula Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{3f4d4f88-0198-4921-b630-957f3eb814e0}
Adware:adware/mirar Not disinfected Windows Registry
Adware:adware/dyfuca Not disinfected Windows Registry
Adware:adware/sqwire Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Adware:adware/ist.yoursitebar Not disinfected Windows Registry
Adware:adware/ist.sidefind Not disinfected Windows Registry
Spyware:Spyware/MarketScore Not disinfected C:\!KillBox\cemetrix.dll
Adware:Adware/Lop Not disinfected C:\!KillBox\eqhelp.exe
Adware:Adware/PurityScan Not disinfected C:\!KillBox\Mendoza1.exe
Adware:Adware/CommAd Not disinfected C:\!KillBox\oA61sZ0.vbs
Virus:Trj/Downloader.HPZ Not disinfected C:\!KillBox\pf78.exe[pms111x.exe]
Virus:Trj/VB.MC Not disinfected C:\!KillBox\pf78.exe[SYSC00.exe]
Spyware:Spyware/MarketScore Not disinfected C:\!KillBox\rk.exe
Adware:Adware/DigInk Not disinfected C:\!KillBox\Tagasuarus2.exe
Adware:Adware/NewAds Not disinfected C:\!KillBox\tpuninstall.exe
Adware:Adware/DigInk Not disinfected C:\!KillBox\uni_ehhh.exe
Adware:Adware/Deskwizz Not disinfected C:\!KillBox\VSL05.exe[VSL.dl_]
Adware:Adware/Deskwizz Not disinfected C:\!KillBox\VSL05.exe[auxe.exe]
Adware:Adware/PornShoter Not disinfected C:\!KillBox\ybd.12.dll
Adware:Adware/PornShoter Not disinfected C:\!KillBox\ybd.13.dll
Adware:Adware/PornShoter Not disinfected C:\!KillBox\ybd.18.dll
Adware:Adware/MediaTickets Not disinfected C:\!KillBox\YOINSI.exe
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\ON21G70T\ctxad-301[1].0000[NDrv.dll]
Adware:Adware/PurityScan Not disinfected C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\ON21G70T\ctxad-306[1].0000[NDrv.dll]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@ad.yieldmanager[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@advertising[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@atdmt[2].txt
Spyware:Cookie/nCase Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@banners.searchingbooth[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@doubleclick[1].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@hitbox[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@servedby.advertising[1].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@server.iad.liveperson[1].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\ROACH'S\Cookies\roach's@trafficmp[1].txt
Adware:Adware/Qoologic Not disinfected C:\Documents and Settings\ROACH'S\Local Settings\Temp\b123.exe[wni.exe][installer.exe]
Adware:Adware/ConsumerAlertSystem Not disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\B910AE34-FA14-4584-8AF2-345713\0B9945E5-B21B-4007-9E2B-3680B4
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\2.bin\NPMYSRWB.DLL
Potentially unwanted tool:Application/MyWebSearch Not disinfected C:\Program Files\MyWebSearchWB\bar\2.bin\W6PLUGIN.DLL
Adware:Adware/PurityScan Not disinfected C:\RECYCLER\S-1-5-21-1060284298-583907252-682003330-1004\Dc1.exe
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\Downloaded Program Files\CONFLICT.1\istactivex.inf

Logfile of HijackThis v1.99.1
Scan saved at 3:00:42 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{64990E1F-09E5-1033-0917-020105290001}\Update.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\Program Files\TClock\TClock.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insightbb.com
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\2.bin\W6BAR.DLL
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.21/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.5.1.24/ccta...ctank-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.29/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.1.29/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.34/bowl...wling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.2.25/vide...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.32/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.2.25/ches...2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.5.1.24/ccst...trike-en_US.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.5.30/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.3.37/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.3.2.32/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/itso...e-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.1.3.28/vide...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.2.51/gin/gin-ob-assets.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.1.29/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.5.1.24/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahj...hjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.5.21/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.3.0.53/nasc...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.1.46/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.0.27/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.6.1.37/pira...sgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.4.27/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.5.0.45/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.28/popp...t-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.0.45/hots...k-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.1.4.29/quic...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squa...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.0.4.31/rico...t-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.4.34/ride...e-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.5.29/spad...ades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.1.24/spad...pades-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.1.31/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.31/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.1.53/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/hold...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.9.3.29/si...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.6.0.27/topd...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.1.24/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.4.21/jumb...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.2.32/turb...1-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turb...rbo22-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.3.0.53/vert...r-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memo...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.5.31/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.24/worl...class-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152239117191
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

#10 therock247uk

therock247uk

    Malware Killer


  • Malware Response Team
  • 154 posts
  • OFFLINE
  •  
  • Location:Newark, Nottingham, UK
  • Local time:12:07 AM

Posted 15 July 2006 - 02:17 PM

Please make sure your PC is set to show all hidden files and folders go here for instructions on how to do this. http://pchowtos.co.uk/index.php?page=tutor...=view&id=34

Open Hijackthis and click scan. Then check mark the following entries

O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab

Now close all open windows except Hijackthis and click fix checked

Reboot and delete the folders. (if present)

c:\program files\common files\GMT
c:\windows\system32\nsvsvc
c:\documents and settings\all users.windows\application data\AdDestroyer
c:\documents and settings\all users.windows\application data\nsv
c:\documents and settings\all users.windows\application data\VBouncer
C:\!KillBox
C:\Program Files\TClock

Delete the files. (if present)

c:\windows\system32\key.~
C:\Documents and Settings\ROACH'S\Application Data\Sskcwrd.dll
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\ON21G70T\ctxad-301[1].0000
C:\Documents and Settings\NetworkService.NT AUTHORITY\Local Settings\Temporary Internet Files\Content.IE5\ON21G70T\ctxad-306[1].0000
C:\Documents and Settings\ROACH'S\Local Settings\Temp\b123.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\istactivex.inf

Then post a new Hijackthis log here in a reply.

#11 Shannon Roach

Shannon Roach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 15 July 2006 - 03:09 PM

I checked and yes my coputer is still showing hidden files and folders.

Logfile of HijackThis v1.99.1
Scan saved at 4:06:36 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common

Files\{64990E1F-09E5-1033-0917-020105290001}\Update.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet

Explorer\Main,Start Page = http://bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet

Explorer\Main,Default_Page_URL =

http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet

Explorer\Main,Window Title = Microsoft Internet Explorer

provided by Insightbb.com
O3 - Toolbar: WeatherBug Browser Bar - powered by

MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} -

C:\Program Files\MyWebSearchWB\bar\2.bin\W6BAR.DLL
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido

anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection]

C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program

Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program

Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console -

{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: MoneySide -

{E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program

Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -

{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet

Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF:

START_PAGE_URL=http://www.insightbb.com
O16 - DPF: 6th Street Omaha Poker by pogo -

http://game1.pogo.com/applet-6.4.3.36/omaha/omaha-ob-ass

ets.cab
O16 - DPF: Aces Up! by pogo -

http://game1.pogo.com/applet-6.1.3.21/aces/aces-ob-asset

s.cab
O16 - DPF: Ali Baba Slots TM by pogo -

http://slots.pogo.com/applet-5.9.4.22/slots/alibaba-ob-a

ssets.cab
O16 - DPF: Armored Attack by pogo -

http://game1.pogo.com/applet-6.5.1.24/cctank/cctank-en_U

S.cab
O16 - DPF: Backgammon by pogo -

http://game1.pogo.com/applet-6.3.3.38/backgammon/backgam

mon-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo -

http://game1.pogo.com/applet-6.6.1.29/battlephlinx/battl

ephlinx-en_US.cab
O16 - DPF: Blackjack by pogo -

http://game1.pogo.com/applet-6.6.1.29/blackjack/blackjac

k-en_US.cab
O16 - DPF: Blooop by pogo -

http://game1.pogo.com/applet-6.6.5.31/cascade/cascade-en

_US.cab
O16 - DPF: Bowling by pogo -

http://game1.pogo.com/applet-6.6.3.34/bowling/bowling-en

_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo -

http://game1.pogo.com/applet-6.1.2.25/videoblackjack/vid

eoblackjack-ob-assets.cab
O16 - DPF: Canasta by pogo -

http://canasta.pogo.com/applet-6.0.0.32/canasta/canasta-

ob-assets.cab
O16 - DPF: Checkers by pogo -

http://game1.pogo.com/applet-6.2.5.42/checkers2/checkers

-ob-assets.cab
O16 - DPF: Chess by pogo -

http://game1.pogo.com/applet-6.1.2.25/chess2/chess2-ob-a

ssets.cab
O16 - DPF: Command and Conquer Comanche by pogo -

http://game1.pogo.com/applet-6.5.1.24/ccstrike/ccstrike-

en_US.cab
O16 - DPF: Cribbage by pogo -

http://crib.pogo.com/applet-5.9.5.30/cribbage/cribbage-o

b-assets.cab
O16 - DPF: Dice Derby by pogo -

http://game1.pogo.com/applet-6.1.4.22/checkeredflag/chec

keredflag-ob-assets.cab
O16 - DPF: Dominoes by pogo -

http://game1.pogo.com/applet-6.5.3.37/domino/domino-en_U

S.cab
O16 - DPF: Euchre by pogo -

http://game1.pogo.com/applet-6.3.3.27/euchre/euchre-ob-a

ssets.cab
O16 - DPF: First Class Solitaire by pogo -

http://game1.pogo.com/applet-6.4.4.27/firstclass2/firstc

lass2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo -

http://game1.pogo.com/applet-6.6.5.31/superbingo/superbi

ngo-en_US.cab
O16 - DPF: Greenback Bayou by pogo -

http://game1.pogo.com/applet-6.5.0.45/greenback/greenbac

k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo -

http://game1.pogo.com/applet-6.6.3.34/harvest/harvest-en

_US.cab
O16 - DPF: Hearts by pogo -

http://game1.pogo.com/applet-6.4.4.34/hearts/hearts-ob-a

ssets.cab
O16 - DPF: High Stakes Poker by pogo -

http://game1.pogo.com/applet-6.3.2.32/drawpoker/drawpoke

r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo -

http://game1.pogo.com/applet-6.1.3.28/pool2/pool-ob-asse

ts.cab
O16 - DPF: Its Outta Here 2 by pogo -

http://game1.pogo.com/applet-6.3.0.53/itsoutofhere/itsou

tofhere-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo -

http://game3.pogo.com/applet-6.0.2.21/jigsaw/jigsaw-ob-a

ssets.cab
O16 - DPF: Jokers Wild Poker by pogo -

http://game1.pogo.com/applet-6.1.3.28/videopoker2/jokers

wild-ob-assets.cab
O16 - DPF: Jungle Gin by pogo -

http://game1.pogo.com/applet-6.2.2.51/gin/gin-ob-assets.

cab
O16 - DPF: Lost Temple Poker by pogo -

http://game1.pogo.com/applet-6.6.1.29/mhpoker/mhpoker-en

_US.cab
O16 - DPF: Lottso by pogo -

http://game1.pogo.com/applet-6.5.1.24/lottso/lottso-en_U

S.cab
O16 - DPF: Mah Jong Garden by pogo -

http://game1.pogo.com/applet-6.6.5.31/mahjong/mahjong-en

_US.cab
O16 - DPF: Multiline Slots by pogo -

http://game1.pogo.com/applet-6.1.5.21/mlslots/mlslots-ob

-assets.cab
O16 - DPF: NASCAR Web Racing by pogo -

http://game1.pogo.com/applet-6.3.0.53/nascar/nascar-ob-a

ssets.cab
O16 - DPF: Pai Gow by pogo -

http://game1.pogo.com/applet-6.4.4.34/paigow/paigow-ob-a

ssets.cab
O16 - DPF: Payday FreeCell by pogo -

http://game1.pogo.com/applet-6.4.1.53/freecell/freecell-

ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo -

http://game1.pogo.com/applet-6.4.1.46/waterwheel/waterwh

eel-ob-assets.cab
O16 - DPF: Phlinx by pogo -

http://game1.pogo.com/applet-6.6.0.27/flinger/flinger-en

_US.cab
O16 - DPF: Pinochle by pogo -

http://game1.pogo.com/applet-6.2.5.28/pinochle/pinochle-

ob-assets.cab
O16 - DPF: Pirate's Gold by pogo -

http://game1.pogo.com/applet-6.6.1.37/piratesgold/pirate

sgold-en_US.cab
O16 - DPF: Pop Fu by pogo -

http://game1.pogo.com/applet-6.4.4.27/popfu/popfu-ob-ass

ets.cab
O16 - DPF: PoppaZoppa by pogo -

http://game1.pogo.com/applet-6.5.2.33/poppazoppa/poppazo

ppa-en_US.cab
O16 - DPF: Poppit by pogo -

http://game1.pogo.com/applet-6.5.0.45/poppit2/poppit2-ob

-assets.cab
O16 - DPF: Poppit TM by pogo -

http://game1.pogo.com/applet-6.1.3.28/poppit/poppit-ob-a

ssets.cab
O16 - DPF: Quick Quack by pogo -

http://game1.pogo.com/applet-6.5.0.45/hotstreak/hotstrea

k-ob-assets.cab
O16 - DPF: Quick Shot by pogo -

http://game1.pogo.com/applet-6.1.4.29/quickshot/quicksho

t-ob-assets.cab
O16 - DPF: QWERTY by pogo -

http://game1.pogo.com/applet-6.6.2.35/squares/squares-en

_US.cab
O16 - DPF: Ricochet by pogo -

http://game4.pogo.com/applet-6.0.4.31/ricochet/ricochet-

ob-assets.cab
O16 - DPF: Ride The Tide by pogo -

http://game1.pogo.com/applet-6.4.4.34/ride/ride-ob-asset

s.cab
O16 - DPF: Showbiz Slots by pogo -

http://game1.pogo.com/applet-6.2.0.37/slots/showbiz-ob-a

ssets.cab
O16 - DPF: Shuffle Bump by pogo -

http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.ca

b
O16 - DPF: Spades 2 by pogo -

http://game1.pogo.com/applet-6.5.5.29/spades2/spades2-en

_US.cab
O16 - DPF: Spades by pogo -

http://game1.pogo.com/applet-6.5.1.24/spades/spades-en_U

S.cab
O16 - DPF: Spider Solitaire by pogo -

http://game1.pogo.com/applet-6.3.4.64/spider/spider-ob-a

ssets.cab
O16 - DPF: Squelchies by pogo -

http://game1.pogo.com/applet-6.5.1.31/squelchies/squelch

ies-en_US.cab
O16 - DPF: Stax by pogo -

http://game1.pogo.com/applet-6.5.1.31/stax/stax-en_US.ca

b
O16 - DPF: Stellar Sweeper by pogo -

http://game1.pogo.com/applet-6.4.3.28/sweeper/sweeper-ob

-assets.cab
O16 - DPF: Sweet Tooth TM by pogo -

http://game1.pogo.com/applet-6.4.1.53/sweettooth/sweetto

oth-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo -

http://game1.pogo.com/applet-6.6.5.31/holdem/holdem-en_U

S.cab
O16 - DPF: The Sims Pinball by pogo -

http://simball.pogo.com/applet-5.9.3.29/simball/simball-

ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo -

http://game1.pogo.com/applet-6.6.0.27/topdown2/topdown2-

en_US.cab
O16 - DPF: Tri-Peaks by pogo -

http://game1.pogo.com/applet-6.5.1.24/peaks/peaks-en_US.

cab
O16 - DPF: Tumble Bees by pogo -

http://game1.pogo.com/applet-6.6.4.21/jumbee/jumbee-en_U

S.cab
O16 - DPF: Turbo 21 TM by pogo -

http://game1.pogo.com/applet-6.3.2.32/turbo21/turbo21-ob

-assets.cab
O16 - DPF: Turbo 21 v2 by pogo -

http://game1.pogo.com/applet-6.7.0.32/turbo22/turbo22-en

_US.cab
O16 - DPF: Vert Skater by pogo -

http://game1.pogo.com/applet-6.3.0.53/vertskater/vertska

ter-ob-assets.cab
O16 - DPF: Video Poker by pogo -

http://vpoker.pogo.com/applet-6.0.3.28/videopoker2/video

poker-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo -

http://game1.pogo.com/applet-6.5.3.37/memories/memories-

en_US.cab
O16 - DPF: Word Whomp by pogo -

http://game1.pogo.com/applet-6.6.2.21/wordwhomp2/whomp2-

en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo -

http://game1.pogo.com/applet-6.6.5.31/whackdown/whackdow

n-en_US.cab
O16 - DPF: WordJong by pogo -

http://game1.pogo.com/applet-6.4.2.30/wordjong/wordjong-

ob-assets.cab
O16 - DPF: World Class Solitaire by pogo -

http://game1.pogo.com/applet-6.5.1.24/worldclass/worldcl

ass-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED}

(Support.com Configuration Class) -

http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} -

http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} -

http://download.mcafee.com/molbin/shared/mcinsctl/en-us/

4,0,0,90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3}

(MUWebControl Class) -

http://update.microsoft.com/microsoftupdate/v6/V5Control

s/en/x86/client/muweb_site.cab?1152239117191
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1}

(ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.c

ab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} -

http://download.mcafee.com/molbin/shared/mcgdmgr/en-us/1

,0,0,23/mcgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} -

http://us.dl1.yimg.com/download.companion.yahoo.com/dl/t

oolbar/yiebio5_1_6_0.cab
O23 - Service: Creative Service for CDROM Access -

Creative Technology Ltd -

C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner -

C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard -

Anti-Malware Development a.s. - C:\Program Files\ewido

anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark

International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown

owner - C:\WINDOWS\Nhksrv.exe

#12 therock247uk

therock247uk

    Malware Killer


  • Malware Response Team
  • 154 posts
  • OFFLINE
  •  
  • Location:Newark, Nottingham, UK
  • Local time:12:07 AM

Posted 15 July 2006 - 03:51 PM

Can you please post it again? this time with out wordwrap on in notepad (makes all them spaces and makes it hard to read)

#13 Shannon Roach

Shannon Roach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 16 July 2006 - 12:39 AM

Sorry I didn't even know that it was on there or what it was, sorry.


Logfile of HijackThis v1.99.1
Scan saved at 4:06:36 PM, on 7/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Common Files\{64990E1F-09E5-1033-0917-020105290001}\Update.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insightbb.com
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\2.bin\W6BAR.DLL
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.21/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.5.1.24/ccta...ctank-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.29/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.1.29/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.34/bowl...wling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.2.25/vide...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.32/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.2.25/ches...2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.5.1.24/ccst...trike-en_US.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.5.30/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.3.37/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.3.2.32/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/itso...e-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.1.3.28/vide...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.2.51/gin/gin-ob-assets.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.1.29/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.5.1.24/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahj...hjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.5.21/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.3.0.53/nasc...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.1.46/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.0.27/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.6.1.37/pira...sgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.4.27/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.5.0.45/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.28/popp...t-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.0.45/hots...k-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.1.4.29/quic...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squa...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.0.4.31/rico...t-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.4.34/ride...e-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.5.29/spad...ades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.1.24/spad...pades-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.1.31/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.31/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.1.53/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/hold...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.9.3.29/si...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.6.0.27/topd...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.1.24/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.4.21/jumb...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.2.32/turb...1-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turb...rbo22-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.3.0.53/vert...r-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memo...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.5.31/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.24/worl...class-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152239117191
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe

#14 therock247uk

therock247uk

    Malware Killer


  • Malware Response Team
  • 154 posts
  • OFFLINE
  •  
  • Location:Newark, Nottingham, UK
  • Local time:12:07 AM

Posted 16 July 2006 - 08:06 AM

Your log is clean :thumbsup:


Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
To protect yourself further:
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
I also suggest that you delete any files from "temp", "tmp" folders. In Internet Explorer, click on "Tools" => "Internet Options" => "Delete Files" and select the box that says "Delete All Offline Content" and click on "OK" twice. Also, empty the recycle bin by right clicking on it and selecting "Empty Recycle Bin". These steps should be done on a regular basis.

#15 Shannon Roach

Shannon Roach
  • Topic Starter

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Local time:07:07 PM

Posted 21 July 2006 - 12:26 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:21:54 PM, on 7/21/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Microsoft Works\MSWorks.exe
C:\unzipped\hijackthis[1]\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://bellsouth.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.insightbb.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Insightbb.com
O3 - Toolbar: WeatherBug Browser Bar - powered by MyWebSearch - {8EAB99C9-F9EC-4b64-A4BA-D9BCAE8779C2} - C:\Program Files\MyWebSearchWB\bar\2.bin\W6BAR.DLL
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.insightbb.com
O16 - DPF: 6th Street Omaha Poker by pogo - http://game1.pogo.com/applet-6.4.3.36/omah...a-ob-assets.cab
O16 - DPF: Aces Up! by pogo - http://game1.pogo.com/applet-6.1.3.21/aces...s-ob-assets.cab
O16 - DPF: Ali Baba Slots TM by pogo - http://slots.pogo.com/applet-5.9.4.22/slot...a-ob-assets.cab
O16 - DPF: Armored Attack by pogo - http://game1.pogo.com/applet-6.5.1.24/ccta...ctank-en_US.cab
O16 - DPF: Backgammon by pogo - http://game1.pogo.com/applet-6.3.3.38/back...n-ob-assets.cab
O16 - DPF: Battle Phlinx by pogo - http://game1.pogo.com/applet-6.6.1.29/batt...hlinx-en_US.cab
O16 - DPF: Blackjack by pogo - http://game1.pogo.com/applet-6.6.1.29/blac...kjack-en_US.cab
O16 - DPF: Blooop by pogo - http://game1.pogo.com/applet-6.6.5.31/casc...scade-en_US.cab
O16 - DPF: Bowling by pogo - http://game1.pogo.com/applet-6.6.3.34/bowl...wling-en_US.cab
O16 - DPF: Buckaroo Blackjack TM by pogo - http://game1.pogo.com/applet-6.1.2.25/vide...k-ob-assets.cab
O16 - DPF: Canasta by pogo - http://canasta.pogo.com/applet-6.0.0.32/ca...a-ob-assets.cab
O16 - DPF: Checkers by pogo - http://game1.pogo.com/applet-6.2.5.42/chec...s-ob-assets.cab
O16 - DPF: Chess by pogo - http://game1.pogo.com/applet-6.1.2.25/ches...2-ob-assets.cab
O16 - DPF: Command and Conquer Comanche by pogo - http://game1.pogo.com/applet-6.5.1.24/ccst...trike-en_US.cab
O16 - DPF: Cribbage by pogo - http://crib.pogo.com/applet-5.9.5.30/cribb...e-ob-assets.cab
O16 - DPF: Dice Derby by pogo - http://game1.pogo.com/applet-6.1.4.22/chec...g-ob-assets.cab
O16 - DPF: Dominoes by pogo - http://game1.pogo.com/applet-6.5.3.37/domi...omino-en_US.cab
O16 - DPF: Euchre by pogo - http://game1.pogo.com/applet-6.3.3.27/euch...e-ob-assets.cab
O16 - DPF: First Class Solitaire by pogo - http://game1.pogo.com/applet-6.4.4.27/firs...2-ob-assets.cab
O16 - DPF: Fortune Bingo by pogo - http://game1.pogo.com/applet-6.6.5.31/supe...bingo-en_US.cab
O16 - DPF: Greenback Bayou by pogo - http://game1.pogo.com/applet-6.5.0.45/gree...k-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.com/applet-6.6.3.34/harv...rvest-en_US.cab
O16 - DPF: Hearts by pogo - http://game1.pogo.com/applet-6.4.4.34/hear...s-ob-assets.cab
O16 - DPF: High Stakes Poker by pogo - http://game1.pogo.com/applet-6.3.2.32/draw...r-ob-assets.cab
O16 - DPF: High Stakes Pool by pogo - http://game1.pogo.com/applet-6.1.3.28/pool...l-ob-assets.cab
O16 - DPF: Its Outta Here 2 by pogo - http://game1.pogo.com/applet-6.3.0.53/itso...e-ob-assets.cab
O16 - DPF: Jigsaw Detective by pogo - http://game3.pogo.com/applet-6.0.2.21/jigs...w-ob-assets.cab
O16 - DPF: Jokers Wild Poker by pogo - http://game1.pogo.com/applet-6.1.3.28/vide...d-ob-assets.cab
O16 - DPF: Jungle Gin by pogo - http://game1.pogo.com/applet-6.2.2.51/gin/gin-ob-assets.cab
O16 - DPF: Lost Temple Poker by pogo - http://game1.pogo.com/applet-6.6.1.29/mhpo...poker-en_US.cab
O16 - DPF: Lottso by pogo - http://game1.pogo.com/applet-6.5.1.24/lott...ottso-en_US.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.com/applet-6.6.5.31/mahj...hjong-en_US.cab
O16 - DPF: Multiline Slots by pogo - http://game1.pogo.com/applet-6.1.5.21/mlsl...s-ob-assets.cab
O16 - DPF: NASCAR Web Racing by pogo - http://game1.pogo.com/applet-6.3.0.53/nasc...r-ob-assets.cab
O16 - DPF: Pai Gow by pogo - http://game1.pogo.com/applet-6.4.4.34/paig...w-ob-assets.cab
O16 - DPF: Payday FreeCell by pogo - http://game1.pogo.com/applet-6.4.1.53/free...l-ob-assets.cab
O16 - DPF: Perfect Pair Solitaire by pogo - http://game1.pogo.com/applet-6.4.1.46/wate...l-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.com/applet-6.6.0.27/flin...inger-en_US.cab
O16 - DPF: Pinochle by pogo - http://game1.pogo.com/applet-6.2.5.28/pino...e-ob-assets.cab
O16 - DPF: Pirate's Gold by pogo - http://game1.pogo.com/applet-6.6.1.37/pira...sgold-en_US.cab
O16 - DPF: Pop Fu by pogo - http://game1.pogo.com/applet-6.4.4.27/popf...u-ob-assets.cab
O16 - DPF: PoppaZoppa by pogo - http://game1.pogo.com/applet-6.5.2.33/popp...zoppa-en_US.cab
O16 - DPF: Poppit by pogo - http://game1.pogo.com/applet-6.5.0.45/popp...2-ob-assets.cab
O16 - DPF: Poppit TM by pogo - http://game1.pogo.com/applet-6.1.3.28/popp...t-ob-assets.cab
O16 - DPF: Quick Quack by pogo - http://game1.pogo.com/applet-6.5.0.45/hots...k-ob-assets.cab
O16 - DPF: Quick Shot by pogo - http://game1.pogo.com/applet-6.1.4.29/quic...t-ob-assets.cab
O16 - DPF: QWERTY by pogo - http://game1.pogo.com/applet-6.6.2.35/squa...uares-en_US.cab
O16 - DPF: Ricochet by pogo - http://game4.pogo.com/applet-6.0.4.31/rico...t-ob-assets.cab
O16 - DPF: Ride The Tide by pogo - http://game1.pogo.com/applet-6.4.4.34/ride...e-ob-assets.cab
O16 - DPF: Showbiz Slots by pogo - http://game1.pogo.com/applet-6.2.0.37/slot...z-ob-assets.cab
O16 - DPF: Shuffle Bump by pogo - http://game1.pogo.com/applet-6.7.0.32/puck/puck-en_US.cab
O16 - DPF: Spades 2 by pogo - http://game1.pogo.com/applet-6.5.5.29/spad...ades2-en_US.cab
O16 - DPF: Spades by pogo - http://game1.pogo.com/applet-6.5.1.24/spad...pades-en_US.cab
O16 - DPF: Spider Solitaire by pogo - http://game1.pogo.com/applet-6.3.4.64/spid...r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://game1.pogo.com/applet-6.5.1.31/sque...chies-en_US.cab
O16 - DPF: Stax by pogo - http://game1.pogo.com/applet-6.5.1.31/stax/stax-en_US.cab
O16 - DPF: Stellar Sweeper by pogo - http://game1.pogo.com/applet-6.4.3.28/swee...r-ob-assets.cab
O16 - DPF: Sweet Tooth TM by pogo - http://game1.pogo.com/applet-6.4.1.53/swee...h-ob-assets.cab
O16 - DPF: Texas Hold'em Poker by pogo - http://game1.pogo.com/applet-6.6.5.31/hold...oldem-en_US.cab
O16 - DPF: The Sims Pinball by pogo - http://simball.pogo.com/applet-5.9.3.29/si...l-ob-assets.cab
O16 - DPF: Top Down Baseball Challenge by pogo - http://game1.pogo.com/applet-6.6.0.27/topd...down2-en_US.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.com/applet-6.5.1.24/peaks/peaks-en_US.cab
O16 - DPF: Tumble Bees by pogo - http://game1.pogo.com/applet-6.6.4.21/jumb...umbee-en_US.cab
O16 - DPF: Turbo 21 TM by pogo - http://game1.pogo.com/applet-6.3.2.32/turb...1-ob-assets.cab
O16 - DPF: Turbo 21 v2 by pogo - http://game1.pogo.com/applet-6.7.0.32/turb...rbo22-en_US.cab
O16 - DPF: Vert Skater by pogo - http://game1.pogo.com/applet-6.3.0.53/vert...r-ob-assets.cab
O16 - DPF: Video Poker by pogo - http://vpoker.pogo.com/applet-6.0.3.28/vid...r-ob-assets.cab
O16 - DPF: Wonderland Memories by pogo - http://game1.pogo.com/applet-6.5.3.37/memo...ories-en_US.cab
O16 - DPF: Word Whomp by pogo - http://game1.pogo.com/applet-6.6.2.21/word...homp2-en_US.cab
O16 - DPF: Word Whomp Whackdown by pogo - http://game1.pogo.com/applet-6.6.5.31/whac...kdown-en_US.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.com/applet-6.4.2.30/word...g-ob-assets.cab
O16 - DPF: World Class Solitaire by pogo - http://game1.pogo.com/applet-6.5.1.24/worl...class-en_US.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://help.bellsouth.net/sdccommon/download/tgctlcm.cab
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} - http://www.tbcode.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...90/mcinsctl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1152239117191
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,23/mcgdmgr.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - http://us.dl1.yimg.com/download.companion....ebio5_1_6_0.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: dlcd_device - Unknown owner - C:\WINDOWS\system32\dlcdcoms.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users