Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help with Malware removal

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Need Help with Malware removal

Unread postby utford » August 27th, 2005, 9:33 am

I have attempted to remove a Malware issue on my own (mostly by deleting executables and registry entries in safe mode), but have been stymied by it's returning. Here is my Hijack This Log.

Logfile of HijackThis v1.99.1
Scan saved at 9:34:21 AM, on 8/27/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
D:\PROGRAM FILES\2WIRE\HOMEPORTAL\2PORTALMON.EXE
C:\PROGRAM FILES\BROTHER\CONTROLCENTER2\BRCTRCEN.EXE
D:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\DSPDDK.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
D:\PROGRAM FILES\MOZILLA FIREFOX\FIREFOX.EXE
D:\TEMP\PROCEXP.EXE
D:\TEMP\AUTORUNS.EXE
C:\WINDOWS\SYSTEM\WINOA386.MOD
C:\WINDOWS\WUAUCLT.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\PROGRAM FILES\SURFSIDEKICK 3\SSKBHO.DLL (file missing)
O2 - BHO: (no name) - {215D33BE-840B-8EFA-2DF4-D0F88D969FCA} - C:\WINDOWS\SYSTEM\PXGUIUO.DLL
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.sav /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [2wSysTray] D:\Program Files\2Wire\HomePortal\2PortalMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.sav -startup
O4 - HKLM\..\Run: [xBrotherMeCom] C:\BRME\BrMeCom.exe 5
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.sav
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2_sav.DLL,_Run@16
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\SmVmZiBGb3Jk\command.sav
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.sav
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.sav
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.sav
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\dspddk.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [bkfpnc] C:\WINDOWS\SYSTEM\bkfpnc.sav
O4 - HKLM\..\Run: [newexp] C:\WINDOWS\SYSTEM\newexp
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.sav
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = D:\Program Files\Office2K\Office\OSA9.EXE
O4 - Startup: tiac.exe
O4 - Startup: tiac.sav
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204

Thanks for any help,
Jeff
utford
Active Member
 
Posts: 3
Joined: August 27th, 2005, 9:27 am
Advertisement
Register to Remove

Unread postby MaKaVeLi » August 27th, 2005, 6:32 pm

Hi utford,

I'm looking over your log right now and will reply back soon with some fixes.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby MaKaVeLi » August 28th, 2005, 11:42 am

Hi utford,

Run Panda's online virus scan from http://www.pandasoftware.com/activescan ... ncipal.htm and perform a full system scan. (Note: Make sure the Autoclean box is checked!)
- Once you are on the Panda site click the "Scan your PC" button
- A new window will open...click "Next" button
- Enter your e-mail address and click send
- Enter your State then click "Start" button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It will take a couple minutes)
- Under "Scan Options" make sure all is selected except "Scan e-mail files"
- Click on "Hard disks" to start the scan
- Post Panda scan results in your next reply

In your next reply post a new HijackThis log along with the results from the Panda scan.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Results

Unread postby utford » August 28th, 2005, 10:14 pm

Thanks MaKaVeLi for looking at this. Here are the results of the Panda scan:


Incident Status Location

Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069784.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069786.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069787.CPY
Virus:Trj/Downloader.EFG Disinfected C:\_RESTORE\TEMP\A0069788.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\MMPCIC.0
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069803.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069805.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069806.CPY
Virus:Trj/Downloader.EFG Disinfected C:\_RESTORE\TEMP\A0069807.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\CSBVIEW.0
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069831.CPY
Adware:Adware/PurityScan No disinfected C:\_RESTORE\TEMP\A0069833.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069836.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069858.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069864.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069866.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069867.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069871.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\WJASERVC.0
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069913.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069914.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069915.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069920.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069922.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069923.CPY
Virus:Trj/Downloader.EFG Disinfected C:\_RESTORE\TEMP\A0069924.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069927.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069953.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069955.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069956.CPY
Virus:Trj/Downloader.EFG Disinfected C:\_RESTORE\TEMP\A0069957.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069975.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069977.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0069978.CPY
Virus:Trj/Downloader.EFG Disinfected C:\_RESTORE\TEMP\A0069979.CPY
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\IEONLIB.0
Adware:Adware/Look2Me No disinfected C:\_RESTORE\TEMP\SSNS.0
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0070108.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0070110.CPY
Adware:Adware/QoolShown No disinfected C:\_RESTORE\TEMP\A0070111.CPY
Virus:Trj/Downloader.EFG Disinfected C:\_RESTORE\TEMP\A0070112.CPY
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SVC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MJOEACCT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QCV.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WCAUPD98.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WHPCD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\CYMDLG32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DSNMPNTW.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WJVDMOE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\HSD.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DDGEST.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\IUSCONFG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\LTSYRC.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SGSDETMG.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\curtc.dll
Adware:Adware/PurityScan No disinfected C:\WINDOWS\SYSTEM\Shex.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\SJGE.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\WG5INF16.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\NHNDS.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MCOEACCT.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\OHDIS400.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\drnlobby.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\ORE2.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\bk.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\GFU32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\TUEMBED.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MVTEXT40.DLL
Virus:Trj/Clicker.DJ Disinfected C:\WINDOWS\SYSTEM\AUNPS2.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\UTP10.DLL
Possible Virus. No disinfected C:\WINDOWS\SYSTEM\newexp
Virus:Trj/Downloader.AYV Disinfected C:\WINDOWS\SYSTEM\wintask.exe
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsvs.dll
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\nsvsvc\nsv.ocx
Adware:Adware/DelFinMedia No disinfected C:\WINDOWS\SYSTEM\vidctrl\vidctrl.exe
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\SYSTEM\datadx.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\mWxrast.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\pamas.dll
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DAKAPI32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\DECOBJ.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\QHOLE32.DLL
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM\MHCN30.DLL
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\bkfpnc.exe
Adware:Adware/AdLogix No disinfected C:\WINDOWS\SYSTEM\bkfpnf.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\TEMP\cmdinst.exe
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\TEMP\f1155744.exe
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\nsh_104.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\tp7543.exe
Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\!update.exe
Virus:Trj/Downloader.EIK Disinfected C:\WINDOWS\TEMP\dinst.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\TEMP\i52E0.TMP
Adware:Adware/WinAD No disinfected C:\WINDOWS\TEMP\MediaAccessInstPack.exe
Adware:adware/ncase No disinfected C:\WINDOWS\TEMP\180sainstallersca.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\TEMP\MTE2ODI6ODoxNg
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav12F6.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav12F7.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1303.TMP
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\TEMP\pav1305.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav1317.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1319.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1321.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1326.TMP
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\TEMP\pav1331.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav1342.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1345.TMP
Adware:Adware/PurityScan No disinfected C:\WINDOWS\TEMP\pav1351.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1354.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav136B.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav136C.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1370.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1375.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav1383.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav1399.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav13AB.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav13B2.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav13B3.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2002.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2004.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2012.TMP
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\TEMP\pav2015.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2018.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2034.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2035.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2036.TMP
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\TEMP\pav2041.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav204C.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav204D.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav2054.TMP
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\TEMP\pav2060.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav20B4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav20C4.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav20E4.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav20E6.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\TEMP\pav20F6.TMP
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\TEMP\pav2101.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4205.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4260.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pav4314.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA230.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA285.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA2C0.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA2D4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA300.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA345.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA355.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA364.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA374.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA383.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA392.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavA3B2.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB025.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB043.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB123.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB133.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB150.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB170.TMP
Adware:Adware/ClkOptimizer No disinfected C:\WINDOWS\TEMP\pavB1B3.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB1F4.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB220.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB234.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB251.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB265.TMP
Adware:Adware/Look2Me No disinfected C:\WINDOWS\TEMP\pavB282.TMP
Adware:Adware/QoolShown No disinfected C:\WINDOWS\Start Menu\Programs\StartUp\tiac.exe
Spyware:Spyware/SurfSideKick No disinfected C:\WINDOWS\Temporary Internet Files\SSK39.exe
Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\Temporary Internet Files\Ssk.log
Adware:Adware/PortalScan No disinfected C:\WINDOWS\Temporary Internet Files\InstallAPS.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\Temporary Internet Files\MTE2NzY6ODoxNg.exe
Adware:Adware/AlwaysupdatednewsNo disinfected C:\WINDOWS\Temporary Internet Files\shopinst.exe
Virus:Trj/Downloader.EIK Disinfected C:\WINDOWS\dinst.exe
Adware:Adware/EnhSrch No disinfected C:\WINDOWS\dsrdll.sav
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\baakksav.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\dspddk.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\dspddk.sav
Adware:Adware/AdBehavior No disinfected C:\WINDOWS\vkuyy.dat
Adware:Adware/QoolShown No disinfected C:\WINDOWS\gssdddk.dll
Adware:Adware/QoolShown No disinfected C:\WINDOWS\omaqqcr.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\gssdddksav.dll
Virus:Trj/Downloader.EFG Disinfected C:\WINDOWS\baakk.dll
Virus:Trj/Downloader.BJG Disinfected C:\WINDOWS\MTE2ODI6ODoxNgsav.exe
Adware:Adware/QoolShown No disinfected C:\WINDOWS\omaqqcrsav.exe
Adware:Adware/DelFinMedia No disinfected C:\Program Files\Common Files\Uninstall Information\RemoveDisplayUtility.exe
Adware:Adware/PurityScan No disinfected C:\Program Files\sbua\dhtl.exe
Possible Virus. No disinfected C:\Program Files\SurfSideKick 3\Ssk_sav.exe
Possible Virus. No disinfected C:\Program Files\SurfSideKick 3\SskBho_Sav.dll
Possible Virus. No disinfected C:\Program Files\SurfSideKick 3\SskCore_sav.dll
Adware:Adware/QoolShown No disinfected C:\Program Files\HijackThis\backups\backup-20050827-174822-299-tiac.exe
Adware:Adware/AdBehavior No disinfected C:\Program Files\HijackThis\backups\backup-20050827-174822-154-tiac.sav
Adware:Adware/PurityScan No disinfected C:\Program Files\HijackThis\backups\backup-20050827-174835-797.dll
Adware:Adware/Look2Me No disinfected C:\Temp\Installer.exe
And the Latest Hijack this:

Logfile of HijackThis v1.99.1
Scan saved at 10:18:05 PM, on 8/28/2005
Platform: Windows ME (Win9x 4.90.3000)
MSIE: Internet Explorer v5.50 (5.50.4134.0100)

Running processes:
C:\WINDOWS\SYSTEM\KERNEL32.DLL
C:\WINDOWS\SYSTEM\MSGSRV32.EXE
C:\WINDOWS\SYSTEM\mmtask.tsk
C:\WINDOWS\SYSTEM\SPOOL32.EXE
C:\WINDOWS\SYSTEM\MPREXE.EXE
C:\WINDOWS\SYSTEM\MSTASK.EXE
C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE
C:\WINDOWS\EXPLORER.EXE
C:\WINDOWS\RUNDLL32.EXE
C:\WINDOWS\TASKMON.EXE
C:\WINDOWS\SYSTEM\SYSTRAY.EXE
D:\PROGRAM FILES\ALCATEL\SPEEDTOUCH USB\DRAGDIAG.EXE
D:\PROGRAM FILES\2WIRE\HOMEPORTAL\2PORTALMON.EXE
C:\PROGRAM FILES\BROTHER\CONTROLCENTER2\BRCTRCEN.EXE
C:\WINDOWS\SYSTEM\WMIEXE.EXE
D:\PROGRAM FILES\WINAMP\WINAMPA.EXE
C:\WINDOWS\DSPDDK.EXE
C:\WINDOWS\RUNDLL32.EXE
D:\PROGRAM FILES\AIM\AIM.EXE
C:\WINDOWS\SYSTEM\STIMON.EXE
C:\WINDOWS\SYSTEM\DDHELP.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\WINDOWS\SYSTEM\PSTORES.EXE
C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
C:\PROGRAM FILES\HIJACKTHIS\HIJACKTHIS.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX
O4 - HKLM\..\Run: [ScanRegistry] C:\WINDOWS\scanregw.sav /autorun
O4 - HKLM\..\Run: [TaskMonitor] C:\WINDOWS\taskmon.exe
O4 - HKLM\..\Run: [PCHealth] C:\WINDOWS\PCHealth\Support\PCHSchd.exe -s
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "D:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [2wSysTray] D:\Program Files\2Wire\HomePortal\2PortalMon.exe
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [BrmfRmPA.exe] C:\WINDOWS\BrmfRmPA.sav -startup
O4 - HKLM\..\Run: [xBrotherMeCom] C:\BRME\BrMeCom.exe 5
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.sav
O4 - HKLM\..\Run: [AUNPS2] RUNDLL32 AUNPS2_sav.DLL,_Run@16
O4 - HKLM\..\Run: [WinampAgent] D:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Command] C:\WINDOWS\SmVmZiBGb3Jk\command.sav
O4 - HKLM\..\Run: [WinTask driver] C:\WINDOWS\SYSTEM\wintask.sav
O4 - HKLM\..\Run: [Nsv] C:\WINDOWS\SYSTEM\nsvsvc\nsvsvc.sav
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\SYSTEM\VIDCTRL\VIDCTRL.sav
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\dspddk.exe reg_run
O4 - HKLM\..\Run: [autoupdate] rundll32 C:\WINDOWS\SYSTEM\DATADX.DLL,SHStart
O4 - HKLM\..\Run: [bkfpnc] C:\WINDOWS\SYSTEM\bkfpnc.sav
O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe
O4 - HKLM\..\RunServices: [SSDPSRV] C:\WINDOWS\SYSTEM\ssdpsrv.sav
O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe
O4 - HKCU\..\Run: [AIM] D:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl
O4 - Startup: Microsoft Office.lnk = D:\Program Files\Office2K\Office\OSA9.EXE
O4 - Startup: tiac.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: MSN Messenger Service - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\PROGRA~1\MESSEN~1\MSMSGS.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\PROGRAM FILES\AIM\AIM.EXE
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - D:\PROGRA~1\SPYWAR~1\TOOLS\IESDPB.DLL
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan ... asinst.cab

Thanks,
utford
utford
Active Member
 
Posts: 3
Joined: August 27th, 2005, 9:27 am

Unread postby MaKaVeLi » August 28th, 2005, 10:59 pm

Hi utford,

Please run the Panda scan one more time and make sure the Autoclean box is checked. Save the log.

Now post the results from the Panda scan and a new HijackThis log.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Autoclean?

Unread postby utford » August 29th, 2005, 9:29 am

OK, thanks, I'll run it again when I get home today. I didn't see an Autoclean checkbox - where exactly is that?

Thanks,
utford
utford
Active Member
 
Posts: 3
Joined: August 27th, 2005, 9:27 am

Unread postby MaKaVeLi » September 2nd, 2005, 1:32 pm

Hi utford,

Sorry for the late reply. There isn't an Autoclean box anymore. The scan should automatically clean everything. If you didn't run the Panda scan since your last post can you run it again? Then post a new HijackThis log.
User avatar
MaKaVeLi
Regular Member
 
Posts: 263
Joined: July 4th, 2005, 5:46 pm
Location: USA

Unread postby NonSuch » September 17th, 2005, 3:53 am

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
NonSuch
Administrator
Administrator
 
Posts: 27226
Joined: February 23rd, 2005, 7:08 am
Location: California
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 43 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware