Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Latest HJT Scan

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Latest HJT Scan

Unread postby opp884 » March 12th, 2006, 7:54 pm

Logfile of HijackThis v1.99.1
Scan saved at 6:53:54 PM, on 3/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\svchost.exe
c:\Program Files\Common Files\fh.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\windows\system32\lucsdw.exe
C:\program files\mailskinner\mailskinner.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Juno\bin\juno.exe
C:\Program Files\Juno\qsacc\x1exec.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\Stephen Oppenheimer\Local Settings\Temporary Internet Files\Content.IE5\F429DB3Y\HijackThis[1].exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:7900
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 64.136.29.30;64.136.21.30;64.136.29.34;searchap.untd.com;127.0.0.1;localhost;*microsoft.com;*windowsupdate.com;*wustat.windows.com;*.pogo.com;*.worldwinner.com;*test-speed.com;liveupdate.symantecliveupdate.com;*symantec.com;*.nai.com;*.networkassociates.com;*photosite.com;*.dir.untd.com;<local>
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Stephen Oppenheimer\Application Data\Mozilla\Profiles\default\g2sn8tat.slt\prefs.js)
O2 - BHO: X1IEHook Class - {52706EF7-D7A2-49AD-A615-E903858CF284} - C:\Program Files\Juno\qsacc\X1IEBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lucsdw] c:\windows\system32\lucsdw.exe lucsdw
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MailSkinner] c:\program files\mailskinner\mailskinner.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [Instant Access] rundll32.exe EGACCESS4_1058.dll,InstantAccess
O4 - HKCU\..\RunOnce: [untd_recovery] C:\Program Files\Juno\qsacc\x1exec.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: Display All Images with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/228
O8 - Extra context menu item: Display Image with Full Quality - res://C:\Program Files\Juno\qsacc\appres.dll/227
O8 - Extra context menu item: Open Picture in &Microsoft PhotoDraw - res://C:\PROGRA~1\MICROS~4\Office\1033\phdintl.dll/phdContext.htm
O9 - Extra button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted IP range: 64.127.104.144
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 0106821187
O16 - DPF: {87C1805D-C5AE-4455-AB39-E245BB516136} - http://scripts.dlv4.com/binaries/egacce ... 059_XP.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BDD734E-4046-453D-B965-7E51DA4B7D48}: NameServer = 64.136.28.120 64.136.20.120
O20 - Winlogon Notify: defrag - C:\WINDOWS\System32\dfrgai.dll (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Performance Manager (svhost) - Unknown owner - c:\Program Files\Common Files\fh.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe (file missing)
opp884
Active Member
 
Posts: 7
Joined: March 8th, 2006, 11:22 pm
Location: Bronx, NY
Advertisement
Register to Remove

Unread postby Susan528 » March 12th, 2006, 8:54 pm

Hi!
I am still gettin the same pop ups!
S.O.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:43:36 PM, 3/12/2006
+ Report-Checksum: E328573A

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Instant Access -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1659937173-2700125742-2583974445-1007\Software\egdhtml -> Dialer.Generic : Cleaned with backup
[580] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[604] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[648] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[660] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[832] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[908] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning
[944] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[988] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning
[1076] C:\WINDOWS\system32\msclock32.dll -> Adware.NaviPromo : Error during cleaning
[1616] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[1636] VM_10001000 -> Adware.NaviPromo : Error during cleaning
[1940] VM_009B1000 -> Adware.NaviPromo : Error during cleaning
[156] VM_10001000 -> Adware.NaviPromo : Error during cleaning
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0142444.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0142467.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0142493.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP188\A0142513.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143514.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143532.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143553.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143629.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143683.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143699.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143704.dll -> Adware.NaviPromo : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143705.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP189\A0143720.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\WINDOWS\SYSTEM32\EGACCESS.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__egaccess4_1059.dll -> Trojan.Dialer.pc : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__msclock32.dll -> Adware.NaviPromo : Cleaned with backup
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA

Unread postby Susan528 » March 12th, 2006, 9:21 pm

Hello opp884,

You are in good hands with Elrond helping you! Please follow his advice!
User avatar
Susan528
MRU Master
MRU Master
 
Posts: 1594
Joined: April 4th, 2005, 9:20 am
Location: Alabama, USA


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 50 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware