Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Constant Popups In New Windows


  • Please log in to reply
3 replies to this topic

#1 wiggum75

wiggum75

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 22 April 2007 - 01:39 PM

Hi,

A Google search for one of the previous infections on my computer turned up this site. What a great resource!

I did some software updating on my computer and pretty soon it bogged down and I started getting popups whenever I opened Internet explorer or even randomly with no open windows. At its worst (this hasn't happened in a while) Limewire kept autoloading every 2-3 minutes.

Now I get popups every time I open Internet Explorer and then continuously while I browse a website. The one that happens 90% of the time is (the site doesn't load due to an error):

http://url.cpvfeed.com/cpv.jsp?p=110830&am...stingId=6363502

but I also get everything else under the sun including eBay, various anti-spyware ads - sites usually seem relevant to what is being browsed. IE windows appear both normaly and also without the usual borders and controls.

I ran Adaware, Spybot, Pandasoft (couldn't clean had to delete files manually), Bit Defender, and Housecall, and I ran McAfee Stinger (it said the version wasn't current but I didn't know how to update it.) Finally I installed ZoneAlarm. Here is the latest hijack this log. Thanks in advance for your help!

Logfile of HijackThis v1.99.1
Scan saved at 12:17:18 PM, on 22/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l...tect1&term=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O2 - BHO: (no name) - {03EF882F-6CDD-4E87-905F-4B01B18A31F2} - C:\WINDOWS\System32\efebc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B309AD2-8C22-4E41-8C1E-13224F05E6BE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {0F2514F1-1DA3-46E9-B4C5-3187852B6CF1} - (no file)
O2 - BHO: (no name) - {10B3F84A-45D0-3F23-A33C-6EE33C95F9CE} - C:\WINDOWS\system32\zxumkv.dll (file missing)
O2 - BHO: (no name) - {10E5FF43-47D4-3D76-A33C-6EE33C95F89A} - C:\WINDOWS\system32\rsm.dll (file missing)
O2 - BHO: (no name) - {11EEFB44-1184-3F26-A33C-6EE33C95F99D} - C:\WINDOWS\System32\eokqas.dll (file missing)
O2 - BHO: (no name) - {12E0AC16-1281-3B74-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\uss.dll (file missing)
O2 - BHO: (no name) - {12E1A044-418E-6C20-A33C-6EE33C95F99C} - C:\WINDOWS\System32\llp.dll (file missing)
O2 - BHO: (no name) - {13B1F847-1284-6870-A33C-6EE33C95F99A} - C:\WINDOWS\System32\ccml.dll (file missing)
O2 - BHO: (no name) - {13E2AF15-1C8E-3F22-A33C-6EE33C95F898} - C:\WINDOWS\system32\jxiih.dll (file missing)
O2 - BHO: (no name) - {144EADE1-6C2C-4F75-B7C9-2989F3F6132A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {14E0FA10-4182-682D-A33C-6EE33C95F9CE} - C:\WINDOWS\system32\zboi.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\dupeiwnf.dll (file missing)
O2 - BHO: (no name) - {15E1A916-1087-3571-A33C-6EE33C95F99C} - C:\WINDOWS\System32\kms.dll (file missing)
O2 - BHO: (no name) - {16E4AA46-41D3-682D-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\oear.dll (file missing)
O2 - BHO: (no name) - {16E5AC12-15D0-3F22-A33C-6EE33C95FF98} - C:\WINDOWS\system32\urcgyir.dll (file missing)
O2 - BHO: (no name) - {17B4A14A-4684-3B23-A33C-6EE33C95F99C} - C:\WINDOWS\System32\aaleg.dll (file missing)
O2 - BHO: (no name) - {19E1A845-4580-3F22-A33C-6EE33C95F89F} - C:\WINDOWS\system32\cdmljxhu.dll (file missing)
O2 - BHO: (no name) - {19E1AE4A-1282-6822-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\zcywlrt.dll (file missing)
O2 - BHO: (no name) - {19E7A841-4282-3977-A33C-6EE33C95F99C} - C:\WINDOWS\System32\ljkix.dll (file missing)
O2 - BHO: (no name) - {1EFF83C6-CCEF-46F6-9BC6-E82B5B2108AC} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {1F74152A-8D87-44C2-A553-C8F51B034BAE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {28221B09-F608-44B3-9396-D586BE6B526F} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {30049DF0-CEEF-47FB-A989-42ECCD4C31AE} - (no file)
O2 - BHO: (no name) - {37172383-6521-4834-8D01-7F90BA5B0BB5} - (no file)
O2 - BHO: (no name) - {3DE8B953-CF7C-421C-9AE2-37319A53D850} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {41B1AD41-128F-3F20-A33C-6EE33C95F899} - C:\WINDOWS\system32\lfmfcpit.dll (file missing)
O2 - BHO: (no name) - {41B3AA10-1D8F-6E71-A33C-6EE33C95F99C} - C:\WINDOWS\System32\oavigcoo.dll (file missing)
O2 - BHO: (no name) - {41E0A844-1CD2-682D-A33C-6EE33C95F9CB} - C:\WINDOWS\System32\lemamk.dll (file missing)
O2 - BHO: (no name) - {41E4A944-47D3-3F22-A33C-6EE33C95F99D} - C:\WINDOWS\System32\trrumtgu.dll (file missing)
O2 - BHO: (no name) - {41E6A942-1080-3576-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\asdmz.dll (file missing)
O2 - BHO: (no name) - {42E4FF11-4683-3D2D-A33C-6EE33C95F898} - C:\WINDOWS\system32\rylf.dll (file missing)
O2 - BHO: (no name) - {43B2FC46-17D7-3B22-A33C-6EE33C95F9CD} - C:\WINDOWS\System32\aonxvb.dll (file missing)
O2 - BHO: (no name) - {43B4A141-47D3-3B2D-A33C-6EE33C95F9CA} - C:\WINDOWS\System32\sbxoq.dll (file missing)
O2 - BHO: (no name) - {43E2FB15-1386-3922-A33C-6EE33C95F890} - C:\WINDOWS\system32\cveubi.dll (file missing)
O2 - BHO: (no name) - {45B5A112-1081-3527-A33C-6EE33C95F8CE} - C:\WINDOWS\system32\ixphf.dll (file missing)
O2 - BHO: (no name) - {46B2A011-10D7-3D2C-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\grqvk.dll (file missing)
O2 - BHO: (no name) - {46C73130-114B-44B9-8112-1EDD3F19B43A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {46E1A111-4280-6874-A33C-6EE33C95F9C9} - C:\WINDOWS\System32\vfsi.dll (file missing)
O2 - BHO: 0 - {4A9F609D-347D-4B8A-C984-47F3BA5E3E7E} - C:\Program Files\Outlook Express\wokuciv.dll
O2 - BHO: (no name) - {4C35E0DE-E7BA-491D-B08A-A7DBF118BA62} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {523AF568-5922-4AF6-807C-AA98FDDAA2Fc} - C:\WINDOWS\system32\seavhnnd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B463F03-CD90-4738-9C2D-96EAF995F34E} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {6B865C0D-3CDA-47E6-A70F-F0D8FC563625} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {6BBA2DB7-7388-4D4A-B61E-66F7501E7426} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {771156F9-96F3-46FE-A464-8F7F8E87337D} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {79B4AF1E-9AF7-4887-8461-3911CA518DD3} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {85AAF938-84FA-45CE-96EA-72536BFE6981} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {88531A0E-DDFC-4C4F-A1C7-4B705458A414} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {98D89894-F80D-41C0-A972-BFD9D64A5736} - (no file)
O2 - BHO: (no name) - {A227330C-B0A9-4674-9E74-D93F400B16F4} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {A282A1F5-8FA5-4D55-937C-9279654415CE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {A58D3C8F-4826-466F-BAFF-C6B9065DB4BC} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB1F58F0-332D-45A3-84CC-57D363035BED} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {D6BF3DDC-0683-41F6-B537-47A931A89F75} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {DAF7B939-2CBD-44AC-9D10-E13FBB3D821A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {EA979CBB-B774-4E33-9356-46CE1CAE2464} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {EAB7A9FE-22F5-45FE-9DB7-9BA3642FE198} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {F24BCE0A-61A7-4C6F-BD47-EAF3C3737FDE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {FE4A89E9-5616-4C3B-80D5-4AA1A7E11964} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\User\LOCALS~1\Temp\{1985A585-B673-434B-B8D1-6B64464C9F8E}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\User\LOCALS~1\Temp\L2007tmp\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall.../watches/3d.lbl
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177021810338
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

Logfile of HijackThis v1.99.1
Scan saved at 12:17:18 PM, on 22/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Documents and Settings\User\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l...tect1&term=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O2 - BHO: (no name) - {03EF882F-6CDD-4E87-905F-4B01B18A31F2} - C:\WINDOWS\System32\efebc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B309AD2-8C22-4E41-8C1E-13224F05E6BE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {0F2514F1-1DA3-46E9-B4C5-3187852B6CF1} - (no file)
O2 - BHO: (no name) - {10B3F84A-45D0-3F23-A33C-6EE33C95F9CE} - C:\WINDOWS\system32\zxumkv.dll (file missing)
O2 - BHO: (no name) - {10E5FF43-47D4-3D76-A33C-6EE33C95F89A} - C:\WINDOWS\system32\rsm.dll (file missing)
O2 - BHO: (no name) - {11EEFB44-1184-3F26-A33C-6EE33C95F99D} - C:\WINDOWS\System32\eokqas.dll (file missing)
O2 - BHO: (no name) - {12E0AC16-1281-3B74-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\uss.dll (file missing)
O2 - BHO: (no name) - {12E1A044-418E-6C20-A33C-6EE33C95F99C} - C:\WINDOWS\System32\llp.dll (file missing)
O2 - BHO: (no name) - {13B1F847-1284-6870-A33C-6EE33C95F99A} - C:\WINDOWS\System32\ccml.dll (file missing)
O2 - BHO: (no name) - {13E2AF15-1C8E-3F22-A33C-6EE33C95F898} - C:\WINDOWS\system32\jxiih.dll (file missing)
O2 - BHO: (no name) - {144EADE1-6C2C-4F75-B7C9-2989F3F6132A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {14E0FA10-4182-682D-A33C-6EE33C95F9CE} - C:\WINDOWS\system32\zboi.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\dupeiwnf.dll (file missing)
O2 - BHO: (no name) - {15E1A916-1087-3571-A33C-6EE33C95F99C} - C:\WINDOWS\System32\kms.dll (file missing)
O2 - BHO: (no name) - {16E4AA46-41D3-682D-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\oear.dll (file missing)
O2 - BHO: (no name) - {16E5AC12-15D0-3F22-A33C-6EE33C95FF98} - C:\WINDOWS\system32\urcgyir.dll (file missing)
O2 - BHO: (no name) - {17B4A14A-4684-3B23-A33C-6EE33C95F99C} - C:\WINDOWS\System32\aaleg.dll (file missing)
O2 - BHO: (no name) - {19E1A845-4580-3F22-A33C-6EE33C95F89F} - C:\WINDOWS\system32\cdmljxhu.dll (file missing)
O2 - BHO: (no name) - {19E1AE4A-1282-6822-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\zcywlrt.dll (file missing)
O2 - BHO: (no name) - {19E7A841-4282-3977-A33C-6EE33C95F99C} - C:\WINDOWS\System32\ljkix.dll (file missing)
O2 - BHO: (no name) - {1EFF83C6-CCEF-46F6-9BC6-E82B5B2108AC} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {1F74152A-8D87-44C2-A553-C8F51B034BAE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {28221B09-F608-44B3-9396-D586BE6B526F} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {30049DF0-CEEF-47FB-A989-42ECCD4C31AE} - (no file)
O2 - BHO: (no name) - {37172383-6521-4834-8D01-7F90BA5B0BB5} - (no file)
O2 - BHO: (no name) - {3DE8B953-CF7C-421C-9AE2-37319A53D850} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {41B1AD41-128F-3F20-A33C-6EE33C95F899} - C:\WINDOWS\system32\lfmfcpit.dll (file missing)
O2 - BHO: (no name) - {41B3AA10-1D8F-6E71-A33C-6EE33C95F99C} - C:\WINDOWS\System32\oavigcoo.dll (file missing)
O2 - BHO: (no name) - {41E0A844-1CD2-682D-A33C-6EE33C95F9CB} - C:\WINDOWS\System32\lemamk.dll (file missing)
O2 - BHO: (no name) - {41E4A944-47D3-3F22-A33C-6EE33C95F99D} - C:\WINDOWS\System32\trrumtgu.dll (file missing)
O2 - BHO: (no name) - {41E6A942-1080-3576-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\asdmz.dll (file missing)
O2 - BHO: (no name) - {42E4FF11-4683-3D2D-A33C-6EE33C95F898} - C:\WINDOWS\system32\rylf.dll (file missing)
O2 - BHO: (no name) - {43B2FC46-17D7-3B22-A33C-6EE33C95F9CD} - C:\WINDOWS\System32\aonxvb.dll (file missing)
O2 - BHO: (no name) - {43B4A141-47D3-3B2D-A33C-6EE33C95F9CA} - C:\WINDOWS\System32\sbxoq.dll (file missing)
O2 - BHO: (no name) - {43E2FB15-1386-3922-A33C-6EE33C95F890} - C:\WINDOWS\system32\cveubi.dll (file missing)
O2 - BHO: (no name) - {45B5A112-1081-3527-A33C-6EE33C95F8CE} - C:\WINDOWS\system32\ixphf.dll (file missing)
O2 - BHO: (no name) - {46B2A011-10D7-3D2C-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\grqvk.dll (file missing)
O2 - BHO: (no name) - {46C73130-114B-44B9-8112-1EDD3F19B43A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {46E1A111-4280-6874-A33C-6EE33C95F9C9} - C:\WINDOWS\System32\vfsi.dll (file missing)
O2 - BHO: 0 - {4A9F609D-347D-4B8A-C984-47F3BA5E3E7E} - C:\Program Files\Outlook Express\wokuciv.dll
O2 - BHO: (no name) - {4C35E0DE-E7BA-491D-B08A-A7DBF118BA62} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {523AF568-5922-4AF6-807C-AA98FDDAA2Fc} - C:\WINDOWS\system32\seavhnnd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B463F03-CD90-4738-9C2D-96EAF995F34E} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {6B865C0D-3CDA-47E6-A70F-F0D8FC563625} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {6BBA2DB7-7388-4D4A-B61E-66F7501E7426} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {771156F9-96F3-46FE-A464-8F7F8E87337D} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {79B4AF1E-9AF7-4887-8461-3911CA518DD3} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {85AAF938-84FA-45CE-96EA-72536BFE6981} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {88531A0E-DDFC-4C4F-A1C7-4B705458A414} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {98D89894-F80D-41C0-A972-BFD9D64A5736} - (no file)
O2 - BHO: (no name) - {A227330C-B0A9-4674-9E74-D93F400B16F4} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {A282A1F5-8FA5-4D55-937C-9279654415CE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {A58D3C8F-4826-466F-BAFF-C6B9065DB4BC} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB1F58F0-332D-45A3-84CC-57D363035BED} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {D6BF3DDC-0683-41F6-B537-47A931A89F75} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {DAF7B939-2CBD-44AC-9D10-E13FBB3D821A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {EA979CBB-B774-4E33-9356-46CE1CAE2464} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {EAB7A9FE-22F5-45FE-9DB7-9BA3642FE198} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {F24BCE0A-61A7-4C6F-BD47-EAF3C3737FDE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {FE4A89E9-5616-4C3B-80D5-4AA1A7E11964} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\User\LOCALS~1\Temp\{1985A585-B673-434B-B8D1-6B64464C9F8E}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunOnce: [BorraT2006TMP] cmd /C RD /s/q "C:\DOCUME~1\User\LOCALS~1\Temp\L2007tmp\"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall.../watches/3d.lbl
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177021810338
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Client IP-IPX - Unknown owner - ".exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

BC AdBot (Login to Remove)

 


m

#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 22 April 2007 - 04:40 PM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum wiggum75 :thumbsup:

First of all please delete:
C:\Documents and Settings\User\Desktop\HijackThis.exe

Download and install Hijackthis.
This is a self-extracting version which will automatically install HJT to C:\Program Files\Hijackthis by default,a desktop shortcut will also be created.

*************************

Download\install CleanUp.
Launch CleanUp,then click on 'Options'.
Now move the slider on the left up to 'Standard Cleanup!'.
Click 'Ok',now run the program by clicking on the 'Cleanup' button.
Reboot,or log off/log on when it's finished.

*************************

Download SDFix and save it to your desktop.
http://downloads.andymanchesta.com/RemovalTools/SDFix.zip

Please then reboot your computer into Safe Mode by doing the following :

* Restart your computer
* After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
* Instead of Windows loading as normal, a menu with options should appear;
* Select the first option, to run Windows in Safe Mode, then press "Enter".
* Choose your usual account.

* In Safe Mode, right click the SDFix.zip folder and choose Extract All,
* Open the extracted folder and double click RunThis.bat to start the script.
* Type Y to begin the script.
* It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
* Press any Key and it will restart the PC.
* Your system will take longer that normal to restart as the fixtool will be running and removing files.
* When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
* Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt into your next reply.
* Also post a new Hijackthis log please.

Posted Image
Posted Image

#3 wiggum75

wiggum75
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:11:37 PM

Posted 22 April 2007 - 08:51 PM

Hi,

Thanks for answering my query so quickly! I did what you suggested; cleanup was an added bonus and freed nearly 2G on my hard drive. Then I ran SDFix; log from that and Hijackthis follow:

Mitch

PS I still seem to get the cpvfeed popups.... here is a sample -

http://url.cpvfeed.com/cpv.jsp?p=110830&am...stingId=6183459

-----------------------------------------------------------------------------------

SDFix: Version 1.79

Run by Administrator - 22/04/2007 - 16:13:46.83

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
Client IP-IPX

ImagePath:
"" -e mc-110-12-0000140

Client IP-IPX - Deleted



Restoring Windows Registry Values
Restoring Windows Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

No Trojan Files Found...




Removing Temp Files

ADS Check:

Checking if ADS is attached to system32 Folder
C:\WINDOWS\system32
No streams found.

Checking if ADS is attached to svchost.exe
C:\WINDOWS\system32\svchost.exe
No streams found.



Final Check:

Remaining Services:
------------------



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.0"
"C:\\Program Files\\MSN Messenger\\msncall.exe"="C:\\Program Files\\MSN Messenger\\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone)"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


Remaining Files:
---------------


Checking For Files with Hidden Attributes:

C:\Program Files\Uninstall Information\IE40.Comctl32\AINF0000
C:\Documents and Settings\Jane\NetHood\pdfs on www.grousemountain.com\Desktop.ini
C:\Program Files\Uninstall Information\mshtml.DllReg\AINF0000
C:\WINDOWS\A?pPatch\scanregw.exe
C:\System Volume Information\_restore{EDED007D-C5E0-44BD-B40A-3C5A6E043E73}\RP1565\A0138091.exe
C:\System Volume Information\_restore{EDED007D-C5E0-44BD-B40A-3C5A6E043E73}\RP1565\A0138096.exe
C:\System Volume Information\_restore{EDED007D-C5E0-44BD-B40A-3C5A6E043E73}\RP1567\A0138232.exe
C:\Documents and Settings\Jane\My Documents\observership\~WRL3243.tmp

Finished


Logfile of HijackThis v1.99.1
Scan saved at 7:40:49 PM, on 22/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16414)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\notepad.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.searchtraffic.com/search.php3?l...tect1&term=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://start.shaw.ca/start/enca/addons/search/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.shaw.ca
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer Provided by SHAW Internet
O2 - BHO: (no name) - {03EF882F-6CDD-4E87-905F-4B01B18A31F2} - C:\WINDOWS\System32\efebc.dll (file missing)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0B309AD2-8C22-4E41-8C1E-13224F05E6BE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {0F2514F1-1DA3-46E9-B4C5-3187852B6CF1} - (no file)
O2 - BHO: (no name) - {10B3F84A-45D0-3F23-A33C-6EE33C95F9CE} - C:\WINDOWS\system32\zxumkv.dll (file missing)
O2 - BHO: (no name) - {10E5FF43-47D4-3D76-A33C-6EE33C95F89A} - C:\WINDOWS\system32\rsm.dll (file missing)
O2 - BHO: (no name) - {11EEFB44-1184-3F26-A33C-6EE33C95F99D} - C:\WINDOWS\System32\eokqas.dll (file missing)
O2 - BHO: (no name) - {12E0AC16-1281-3B74-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\uss.dll (file missing)
O2 - BHO: (no name) - {12E1A044-418E-6C20-A33C-6EE33C95F99C} - C:\WINDOWS\System32\llp.dll (file missing)
O2 - BHO: (no name) - {13B1F847-1284-6870-A33C-6EE33C95F99A} - C:\WINDOWS\System32\ccml.dll (file missing)
O2 - BHO: (no name) - {13E2AF15-1C8E-3F22-A33C-6EE33C95F898} - C:\WINDOWS\system32\jxiih.dll (file missing)
O2 - BHO: (no name) - {144EADE1-6C2C-4F75-B7C9-2989F3F6132A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {14E0FA10-4182-682D-A33C-6EE33C95F9CE} - C:\WINDOWS\system32\zboi.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\System32\dupeiwnf.dll (file missing)
O2 - BHO: (no name) - {15E1A916-1087-3571-A33C-6EE33C95F99C} - C:\WINDOWS\System32\kms.dll (file missing)
O2 - BHO: (no name) - {16E4AA46-41D3-682D-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\oear.dll (file missing)
O2 - BHO: (no name) - {16E5AC12-15D0-3F22-A33C-6EE33C95FF98} - C:\WINDOWS\system32\urcgyir.dll (file missing)
O2 - BHO: (no name) - {17B4A14A-4684-3B23-A33C-6EE33C95F99C} - C:\WINDOWS\System32\aaleg.dll (file missing)
O2 - BHO: (no name) - {19E1A845-4580-3F22-A33C-6EE33C95F89F} - C:\WINDOWS\system32\cdmljxhu.dll (file missing)
O2 - BHO: (no name) - {19E1AE4A-1282-6822-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\zcywlrt.dll (file missing)
O2 - BHO: (no name) - {19E7A841-4282-3977-A33C-6EE33C95F99C} - C:\WINDOWS\System32\ljkix.dll (file missing)
O2 - BHO: (no name) - {1EFF83C6-CCEF-46F6-9BC6-E82B5B2108AC} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {1F74152A-8D87-44C2-A553-C8F51B034BAE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {28221B09-F608-44B3-9396-D586BE6B526F} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {30049DF0-CEEF-47FB-A989-42ECCD4C31AE} - (no file)
O2 - BHO: (no name) - {37172383-6521-4834-8D01-7F90BA5B0BB5} - (no file)
O2 - BHO: (no name) - {3DE8B953-CF7C-421C-9AE2-37319A53D850} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {41B1AD41-128F-3F20-A33C-6EE33C95F899} - C:\WINDOWS\system32\lfmfcpit.dll (file missing)
O2 - BHO: (no name) - {41B3AA10-1D8F-6E71-A33C-6EE33C95F99C} - C:\WINDOWS\System32\oavigcoo.dll (file missing)
O2 - BHO: (no name) - {41E0A844-1CD2-682D-A33C-6EE33C95F9CB} - C:\WINDOWS\System32\lemamk.dll (file missing)
O2 - BHO: (no name) - {41E4A944-47D3-3F22-A33C-6EE33C95F99D} - C:\WINDOWS\System32\trrumtgu.dll (file missing)
O2 - BHO: (no name) - {41E6A942-1080-3576-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\asdmz.dll (file missing)
O2 - BHO: (no name) - {42E4FF11-4683-3D2D-A33C-6EE33C95F898} - C:\WINDOWS\system32\rylf.dll (file missing)
O2 - BHO: (no name) - {43B2FC46-17D7-3B22-A33C-6EE33C95F9CD} - C:\WINDOWS\System32\aonxvb.dll (file missing)
O2 - BHO: (no name) - {43B4A141-47D3-3B2D-A33C-6EE33C95F9CA} - C:\WINDOWS\System32\sbxoq.dll (file missing)
O2 - BHO: (no name) - {43E2FB15-1386-3922-A33C-6EE33C95F890} - C:\WINDOWS\system32\cveubi.dll (file missing)
O2 - BHO: (no name) - {45B5A112-1081-3527-A33C-6EE33C95F8CE} - C:\WINDOWS\system32\ixphf.dll (file missing)
O2 - BHO: (no name) - {46B2A011-10D7-3D2C-A33C-6EE33C95F9CC} - C:\WINDOWS\System32\grqvk.dll (file missing)
O2 - BHO: (no name) - {46C73130-114B-44B9-8112-1EDD3F19B43A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {46E1A111-4280-6874-A33C-6EE33C95F9C9} - C:\WINDOWS\System32\vfsi.dll (file missing)
O2 - BHO: 0 - {4A9F609D-347D-4B8A-C984-47F3BA5E3E7E} - C:\Program Files\Outlook Express\wokuciv.dll
O2 - BHO: (no name) - {4C35E0DE-E7BA-491D-B08A-A7DBF118BA62} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {523AF568-5922-4AF6-807C-AA98FDDAA2Fc} - C:\WINDOWS\system32\seavhnnd.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {6B463F03-CD90-4738-9C2D-96EAF995F34E} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {6B865C0D-3CDA-47E6-A70F-F0D8FC563625} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {6BBA2DB7-7388-4D4A-B61E-66F7501E7426} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: (no name) - {771156F9-96F3-46FE-A464-8F7F8E87337D} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {79B4AF1E-9AF7-4887-8461-3911CA518DD3} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {85AAF938-84FA-45CE-96EA-72536BFE6981} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {88531A0E-DDFC-4C4F-A1C7-4B705458A414} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {98D89894-F80D-41C0-A972-BFD9D64A5736} - (no file)
O2 - BHO: (no name) - {A227330C-B0A9-4674-9E74-D93F400B16F4} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {A282A1F5-8FA5-4D55-937C-9279654415CE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {A58D3C8F-4826-466F-BAFF-C6B9065DB4BC} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {BB1F58F0-332D-45A3-84CC-57D363035BED} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {D6BF3DDC-0683-41F6-B537-47A931A89F75} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {DAF7B939-2CBD-44AC-9D10-E13FBB3D821A} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {EA979CBB-B774-4E33-9356-46CE1CAE2464} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {EAB7A9FE-22F5-45FE-9DB7-9BA3642FE198} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {F24BCE0A-61A7-4C6F-BD47-EAF3C3737FDE} - C:\Program Files\Common Files\saxej.dll
O2 - BHO: (no name) - {FE4A89E9-5616-4C3B-80D5-4AA1A7E11964} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [LanzarL2007] "C:\DOCUME~1\User\LOCALS~1\Temp\{1985A585-B673-434B-B8D1-6B64464C9F8E}\{D1DA2BA7-2592-4036-9BB2-DCCABDE8DC1A}\..\..\L2007tmp\Setup.exe" /SETUP:"/l0x0009"
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_8 -reboot 1
O4 - Startup: BOINC Manager.lnk = C:\Program Files\BOINC\boincmgr.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: LimeShop Preferences - file://C:\Program Files\LimeShop\System\Temp\limeshop_script0.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O15 - Trusted Zone: *.sxload.net (HKLM)
O16 - DPF: {03F998B2-0E00-11D3-A498-00104B6EB52E} (MetaStreamCtl Class) - https://components.viewpoint.com/MTSInstall.../watches/3d.lbl
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=58813
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support Tool) - http://go.microsoft.com/fwlink/?LinkId=82580
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200207...meInstaller.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1177021810338
O16 - DPF: {99802379-7362-40E2-9D28-8A3B9AF880B7} - http://hotsearchbar.com/toolbar2/winhot32.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MD Simple Burner Service (NetMDSB) - Unknown owner - C:\Program Files\Sony\MD Simple Burner\NetMDSB.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZONELABS\vsmon.exe

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:07:37 AM

Posted 23 April 2007 - 03:48 AM

Download KillBox,unzip/extract it to your desktop.
http://download.bleepingcomputer.com/spyware/KillBox.zip
Start up Killbox and place a check in 'Delete on Reboot'.
In the 'Full path of file to delete' box,copy and paste:

C:\Program Files\Common Files\saxej.dll

Then press the red button with the white cross.
It will then provide a window for you to confirm the delete.
Next it will ask if you now wish to reboot,select YES.
Allow it to reboot.
If it does'nt reboot automatically,reboot manually.

****************************

Please download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
When VundoFix re-opens,click the "Scan for Vundo" button.
Once it's done scanning,click the "Remove Vundo" button.
You will receive a prompt asking if you want to remove the files, click "YES".
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed,it will prompt that it will reboot your computer,click "OK".
Please post the contents of C:\vundofix.txt into your next reply.

Note:
It is possible that VundoFix encountered a file it could not remove.
In this case,VundoFix will run on reboot,simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.

******************************

Please download Combofix and save to the desktop:
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe
Note:
It is important that it is saved directly to your desktop

Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the C:\ComboFix.txt into your next reply.
Note:
Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.


Restart your pc.
Post the contents of C:\vundofix.txt,the C:\ComboFix.txt,and a new Hijackthis log into your next reply please.

Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users