Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spyware Named Internet Explorer Plugin 2006


  • This topic is locked This topic is locked
13 replies to this topic

#1 yoman_atn

yoman_atn

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 12 March 2007 - 08:07 PM

Can you please help me,
I had this file or program called Internet explorer plugin 2006 installed in my computer which I know I did not do. I have read some informations and now I know that it is a spyware. My Internet Home page also became a page of ads for anti-spayware called pest capture and something else, which AVG anti-virus detected as a trojan.
I have been using AVG and Spy-bot, and they found some spyware and fixed them all, but I think there are still something that they couldn't get rid of. I looked into my programs and I found Internet Explorer Seurity plugin 2006, I tried to uninstall it and I couldn't, but I tried a numerous times, and now it's not there anymore. Now I am also using Hijackthis and I had these logs, please can you analyse this?

Logfile of HijackThis v1.99.1
Scan saved at 8:38:19 PM, on 3/12/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Video Access ActiveX Object\isamntr.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Video Access ActiveX Object\isamini.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgwb.dat
C:\Documents and Settings\Joseane\Application Data\U3\0CC0296100227959\LaunchPad.exe
C:\Documents and Settings\Joseane\Application Data\U3\0CC0296100227959\58EA136C-7E57-4416-B59E-394C46DD505B\Exec\trillian.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Joseane\Local Settings\Temp\Temporary Directory 1 for HijackThis.zip\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A6ACAE64-F798-4930-AD86-BD3FB32038DB} - C:\Program Files\Video Access ActiveX Object\isadd.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Protection Bar - {84938242-5C5B-4A55-B6B9-A1507543B418} - C:\Program Files\Video Access ActiveX Object\iesplugin.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://malagasygurl.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172306046784
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_29.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe


Thank you

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 March 2007 - 04:43 AM

Welcome to BleepingComputer yoman_atn :thumbsup:

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*****************************

Please download Sophos Anti-Rootkit,and save it on your desktop.
1. Double-click sarsfx.exe to extract the files and leave the default settings.
2. Open the folder C:\SOPHTEMP and double-click sargui.exe to start the program.
3. Make sure the following are checked:
- Running processes
- Windows Registry
- Local Hard Drives
4. Click the "Start Scan" button.
5. Click the "OK" button after you get the notification that the scan has finished and close the program.
6. Click on Start>Run and type, or copy and paste: %temp%\sarscan.log then press Enter.
7. This should open the log from the rootkit scan.
Post this log into your next reply.

Note:
If the scan is performed while the computer is in use, false positives may appear in the scan results.
This is caused by files or registry entries being deleted,including temporary files being deleted automatically.
It has also been reported that Trojan Hunter is detecting Sophos Anti-rootkit as Trojan.Dropper.Interlac.100
So if you have Trojan Hunter installed you will need to disable it prior to running a scan.

*****************************

Download SmitfraudFix (by S!Ri), to your desktop.
Double click on Smitfraudfix.cmd
Select option #1 Search, by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply,along with the sarscan.log please.

Edited by RichieUK, 13 March 2007 - 07:04 AM.

Posted Image
Posted Image

#3 yoman_atn

yoman_atn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 March 2007 - 09:07 AM

ok.. I got the log, here it is:


Sophos Anti-Rootkit Version 1.2 (data 1.01) 2006 Sophos Plc
Started logging on 3/13/2007 at 9:48:44 AM
Hidden: registry item \HKEY_USERS\S-1-5-21-1343024091-1957994488-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\TrayNotify\PastIconsStream
Stopped logging on 3/13/2007 at 10:01:32 AM


PS: Notice that when I was done with the cleanup program my home page became normal, the popup didn't appear anymore and it goes directly to the homepage set.

And here is the log from SmitFraudFix

SmitFraudFix v2.148

Scan done at 10:08:16.80, Tue 03/13/2007
Run from C:\Documents and Settings\Tantely\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

hosts


C:\


C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32


C:\Documents and Settings\Tantely


C:\Documents and Settings\Tantely\Application Data


Start Menu

C:\DOCUME~1\ALLUSE~1\STARTM~1\Online Security Guide.url FOUND !
C:\DOCUME~1\ALLUSE~1\STARTM~1\Security Troubleshooting.url FOUND !

C:\DOCUME~1\Tantely\FAVORI~1

C:\DOCUME~1\Tantely\FAVORI~1\Online Security Test.url FOUND !

Desktop


C:\Program Files

C:\Program Files\SpyDawn\ FOUND !
C:\Program Files\Video Access ActiveX Object\ FOUND !

Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{aed6f6a3-183c-488d-9f90-23db99f56e7f}"="apathies"

[HKEY_CLASSES_ROOT\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\System32\geplxss.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{aed6f6a3-183c-488d-9f90-23db99f56e7f}\InProcServer32]
@="C:\WINDOWS\System32\geplxss.dll"



AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


pe386-msguard-lzx32-huy32


Scanning wininet.dll infection


End

Edited by yoman_atn, 13 March 2007 - 09:12 AM.


#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 March 2007 - 09:36 AM

Reboot your computer into SAFE MODE" using the F8 method.
To do this,restart your computer and after hearing your computer beep once during startup (but before the Windows icon appears) press the F8 key repeatedly.
A menu will appear with several options.
Use the arrow keys on your keyboard to navigate and select the option to run Windows in "Safe Mode".

Double click on Smitfraudfix.cmd
Select #2 and hit Enter to delete the infected files.
You will be prompted: 'Do you want to clean the registry?' answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): 'Replace infected file ?' answer Y (yes) and hit Enter to restore a clean file.
A reboot may be needed to finish the cleaning process.
The report can be found at the root of the system drive, usually at C:\rapport.txt

Post the smitfraudfix report,and a new Hijack This log into your next reply.
Posted Image
Posted Image

#5 yoman_atn

yoman_atn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 13 March 2007 - 03:46 PM

ok i did everything, here is the hijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 4:38:45 PM, on 3/13/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\System32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\HijackThis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://malagasygurl.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172306046784
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_29.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs:
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe


and here is the smitfraudfix.cmd log:

SmitFraudFix v2.148

Scan done at 15:29:50.37, Tue 03/13/2007
Run from C:\Documents and Settings\Tantely\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


hosts


127.0.0.1 localhost

Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


Deleting Temp Files


Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


Registry Cleaning

Registry Cleaning done.

SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End


#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 13 March 2007 - 04:42 PM

Have Hijack This fix the following by placing a check in the appropriate boxes and selecting 'Fix checked'.
Make sure all browser and all Windows Explorer windows are closed before fixing:
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
Exit Hijackthis.

*********************************

Copy and paste the following bold blue text in the Quote box below into Notepad.
Click on File(in the menu at the top)>Save as..Save as Type: 'All Files' File name: fix.reg to your desktop.
Then double click on the fix.reg file on your desktop and agree to merge it into the registry,then reboot.

REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=-


Reboot,post a new Hijackthis log into your next reply.
Let me know how your pc is running now please.

Edited by RichieUK, 13 March 2007 - 04:43 PM.

Posted Image
Posted Image

#7 yoman_atn

yoman_atn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 14 March 2007 - 12:17 AM

ok ... here is the last hijackthis log after a reboot:

Logfile of HijackThis v1.99.1
Scan saved at 1:10:46 AM, on 3/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\Tantely\Application Data\U3\0CC0296100227959\LaunchPad.exe
D:\HijackThis\HijackThis.exe
C:\Documents and Settings\Tantely\Application Data\U3\0CC0296100227959\58EA136C-7E57-4416-B59E-394C46DD505B\Exec\trillian.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://malagasygurl.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172306046784
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_29.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe


and for the last question, I have to thank you because my computer is getting better, my internet home page became to normal.

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 March 2007 - 05:02 AM

Download 'e Scan MWAV' from here to your desktop:
http://www.mwti.net/download/tools/mwav.exe
Disconnect from the internet.
Double click on the mwav icon on your desktop.
The program will start,the Licence Agreement will pop up.
Select 'I accept the agreement',then press Ok.
The program will open,leave all the settings as they are.
Now press the 'Scan & Clean' button.
The program will now start scanning your pc.
Once the scan has finished exit MWAV.

******************************

Run 'BitDefender Online Scanner' using Internet Explorer:
http://www.bitdefender.com/scan8/ie.html
Read the 'END USER SOFTWARE LICENSE AGREEMENT' then click 'I agree'.
You'll be prompted to install the activex control,please do so.
Once installed click the 'Click here to scan' button.
The virus signatures will then load.
Once loaded the scan will start.
The scan will take quite some time so please be patient.
Once the scan has finished select the 'Detected Problems' tab.
Click on 'Click here to export scan'.
Save the file as an HTML file to your desktop.
Then click on the saved file and allow it to open with your browser.
Go to 'Edit'/'Select All' then copy and paste that log into your next reply.
Also post a new Hijackthis log please.
Posted Image
Posted Image

#9 yoman_atn

yoman_atn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 14 March 2007 - 07:14 PM

I finished doing those steps, here are the results,

the mwav log:

BitDefender Online Scanner



Scan report generated at: Wed, Mar 14, 2007 - 20:02:13





Scan path: A:\;C:\;D:\;E:\;F:\;G:\;







Statistics

Time
03:37:12

Files
339424

Folders
2850

Boot Sectors
4

Archives
1401

Packed Files
44887




Results

Identified Viruses
1

Infected Files
4

Suspect Files
1

Warnings
0

Disinfected
0

Deleted Files
5




Engines Info

Virus Definitions
404997

Engine build
AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins
14

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)=>mexe.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)=>mexe.com
Disinfection failed

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)=>mexe.com
Deleted

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Disinfection failed

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)=>mwavscan.com
Deleted

C:\Documents and Settings\Tantely\Desktop\mwav.exe=>(RAR Sfx o)
Update failed

C:\Documents and Settings\Tantely\Local Settings\Temp\mexe.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Tantely\Local Settings\Temp\mexe.com
Disinfection failed

C:\Documents and Settings\Tantely\Local Settings\Temp\mexe.com
Deleted

C:\Documents and Settings\Tantely\Local Settings\Temp\mwavscan.com
Infected with: BehavesLike:Win32.FileInfector

C:\Documents and Settings\Tantely\Local Settings\Temp\mwavscan.com
Disinfection failed

C:\Documents and Settings\Tantely\Local Settings\Temp\mwavscan.com
Deleted

C:\System Volume Information\_restore{CD87A552-4EA9-4631-8042-DBF8C98696A6}\RP60\A0015755.exe=>(NSIS o)=>lzma_solid_nsis0000
Suspected of: Trojan.Downloader.Zlob.ZQQ

C:\System Volume Information\_restore{CD87A552-4EA9-4631-8042-DBF8C98696A6}\RP60\A0015755.exe=>(NSIS o)=>lzma_solid_nsis0000
Disinfection failed

C:\System Volume Information\_restore{CD87A552-4EA9-4631-8042-DBF8C98696A6}\RP60\A0015755.exe=>(NSIS o)=>lzma_solid_nsis0000
Deleted

C:\System Volume Information\_restore{CD87A552-4EA9-4631-8042-DBF8C98696A6}\RP60\A0015755.exe=>(NSIS o)
Update failed

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 259)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 260)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 261)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 262)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 269)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 270)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 281)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 282)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 285)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 286)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 287)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 288)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 289)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 290)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 291)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 292)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 295)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 296)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 299)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 300)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 301)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 302)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 303)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 304)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 307)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 308)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 311)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 312)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 321)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 322)
Clean

D:\MSOCache\All Users\90000409-6000-11D3-8CFE-0150048383C9\A3561405.CAB=>ACMAIN11.CHM_1033=>/html/actrbOptimizingPerformanceS.htm=>(JAVASCRIPT 323)
Clean


and the Hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 8:07:19 PM, on 3/14/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\WgaTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Documents and Settings\All Users\Application Data\U3\U3Launcher\LaunchU3.exe
C:\WINDOWS\System32\wuauclt.exe
D:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: LaunchU3.exe.lnk = ?
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab55579.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (MSN Games Buddy Invite) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab55579.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://malagasygurl.spaces.live.com//Photo...ad/MsnPUpld.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab55579.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase9602.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1172306046784
O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - http://zone.msn.com/bingame/zpagames/zpa_wof.cab55579.cab
O16 - DPF: {97E71027-0BA2-44F2-97DB-F84D808ED0B6} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab55762.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab55579.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (MSN Games Game Communicator) - http://zone.msn.com/binframework/v10/StProxy.cab55579.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C1} (GameDesire Pool 8) - http://67.15.101.3/g_bin/eng/billard8_2_0_0_29.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - D:\iPod\bin\iPodService.exe


But I have a little quick question, is it a really bad spyware or virus? Do you think it is safe if I am doing an online banking now?

#10 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 14 March 2007 - 07:46 PM

But I have a little quick question, is it a really bad spyware or virus?
Do you think it is safe if I am doing an online banking now?

We've removed nothing from your pc that would suggest you stopped carrying on with your online finances.

*****************************

You now need to go here and install Service Pack 1;
http://www.microsoft.com/windowsxp/downloa...p1/default.mspx
This will patch numerous security vulnerabilities in Internet Explorer and the Windows operating system.
As your machine stands right now it's exremely vulnerable to infection.

When you've done that,post a new Hijackthis log into your next reply.
Let me know how your pc is running now.

Edited by RichieUK, 14 March 2007 - 09:48 PM.

Posted Image
Posted Image

#11 yoman_atn

yoman_atn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 14 March 2007 - 09:49 PM

there is a problem.
My hard driveis running out of space (that is due to a partition that I have mistaken) I still have a partition free but I don't know how to combine my primary disk with that space.
And also when I tried to install SP1 with the link you gave me, the link transefered me to a microsoft update link and the only update that I have left is SP2 which is the one that I can't download.

#12 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 15 March 2007 - 05:03 AM

Download\install Service Pack 1 from here:
http://www.softwarepatch.com/windows/winxpsp1.html
Posted Image
Posted Image

#13 yoman_atn

yoman_atn
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:07:49 AM

Posted 16 March 2007 - 04:33 PM

sorry man, I think I have to re-install my windows, i really made a big mistake on the partition, I don't have enough space even for the SP1

#14 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:01:49 PM

Posted 16 March 2007 - 05:27 PM

It's not a problem,thanks for the update and hope all goes well for you :thumbsup:

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request. If you should have a new issue, please start a new topic. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users