Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Need Help removing these !!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Still..

Unread postby unlv » May 1st, 2006, 10:24 pm

Did everthing you said ,still pages won't be displayed in IE.
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm
Advertisement
Register to Remove

Unread postby agrarianmonk » May 1st, 2006, 10:32 pm

ok. getting some additional advice from other experts. thanks for your patience,
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

I'm got..

Unread postby unlv » May 1st, 2006, 11:11 pm

IE working now . I found another IE.exe in C:\WINDOWS\ServicePackFiles\i386 after I rebooted !

Will now do a Kaspersky Webscan !!
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » May 1st, 2006, 11:12 pm

great!!!!!

can you include a new hijackthis log w/ the results of your kaspersky scan?

thanks!
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Kaspersky !!

Unread postby unlv » May 2nd, 2006, 3:32 am

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 02, 2006 3:27:11 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 2/05/2006
Kaspersky Anti-Virus database records: 191003
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 90489
Number of viruses found: 8
Number of infected objects: 20
Number of suspicious objects: 2
Duration of the scan process: 01:52:19

Infected Object Name / Virus Name / Last Action
C:\!KillBox\pop06ap2.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Dave\.housecall\Quarantine\A0172436.exe.bac_a03804 Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\Documents and Settings\Dave\.housecall\Quarantine\A0172691.exe.bac_a03804 Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\Downloads\ccsetup127_basic.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\ccsetup127_basic.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\ccsetup127_basic.exe NSIS: infected - 2 skipped
C:\mti-hits.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0176527.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0176527.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0176527.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0180522.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.k skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0180522.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0184400.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\WINDOWS\chadch.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\chadch.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\WINDOWS\chadch.exe NSIS: infected - 2 skipped
C:\WINDOWS\pf78ba.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.k skipped
C:\WINDOWS\pf78ba.exe NSIS: infected - 1 skipped
C:\WINDOWS\system32\gebxx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped
C:\WINDOWS\system32\ѕystem\services.exe Infected: Trojan-Downloader.Win32.PurityScan.cj skipped

Scan process completed.
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

New Hijack Log !!

Unread postby unlv » May 2nd, 2006, 3:34 am

Logfile of HijackThis v1.99.1
Scan saved at 3:33:09 AM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\hijack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/
O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » May 2nd, 2006, 11:42 am

  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC15.zip
    C:\mti-hits.exe
    C:\WINDOWS\chadch.exe
    C:\WINDOWS\pf78ba.exe
    C:\WINDOWS\system32\gebxx.dll
    C:\WINDOWS\system32\ѕystem\services.exe

  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.

****************************************

After the reboot


Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases

  • Click OK
  • Now under select a target to scan:
      Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

*************************************
In your next post, please include:
  • new HijackThis log
  • Kaspersky Log


*use separate posts to ensure that the logs don't get cut off!
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Here !!

Unread postby unlv » May 2nd, 2006, 2:02 pm

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, May 02, 2006 1:59:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 2/05/2006
Kaspersky Anti-Virus database records: 191092
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 86783
Number of viruses found: 8
Number of infected objects: 28
Number of suspicious objects: 2
Duration of the scan process: 01:45:05

Infected Object Name / Virus Name / Last Action
C:\!KillBox\chadch.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\!KillBox\chadch.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\!KillBox\chadch.exe NSIS: infected - 2 skipped
C:\!KillBox\gebxx.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped
C:\!KillBox\mti-hits.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\!KillBox\pf78ba.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.k skipped
C:\!KillBox\pf78ba.exe NSIS: infected - 1 skipped
C:\!KillBox\pop06ap2.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\!KillBox\SmitfraudC15.zip/MTE3NDI6ODoxNg.exe Suspicious: Password-protected-EXE skipped
C:\!KillBox\SmitfraudC15.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Dave\.housecall\Quarantine\A0172436.exe.bac_a03804 Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\Documents and Settings\Dave\.housecall\Quarantine\A0172691.exe.bac_a03804 Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\Downloads\ccsetup127_basic.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\ccsetup127_basic.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\Downloads\ccsetup127_basic.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0176527.exe/stream/data0006 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0176527.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0176527.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0180522.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.k skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0180522.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP325\A0184400.exe Infected: not-a-virus:AdWare.Win32.MediaMotor.l skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206430.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206434.exe Infected: not-a-virus:AdWare.Win32.EZula.bn skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206435.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206435.exe/stream Infected: not-a-virus:AdWare.Win32.SideFind.a skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206435.exe NSIS: infected - 2 skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206436.exe/data0002 Infected: not-a-virus:AdWare.Win32.CASClient.k skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206436.exe NSIS: infected - 1 skipped
C:\System Volume Information\_restore{555BFF32-4841-46AF-A143-45AB5E5A1549}\RP330\A0206437.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bj skipped
C:\WINDOWS\system32\ѕystem\services.exe Infected: Trojan-Downloader.Win32.PurityScan.cj skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 2:01:36 PM, on 5/2/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\hijack\HijackThis.exe

O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Still Waiting !!!

Unread postby unlv » May 3rd, 2006, 10:15 am

Been 24 hours , Whats Up !!
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » May 3rd, 2006, 12:16 pm

Hi there,

We are all volunteers, and sometimes real life can get in the way.

One of the experts I am working with is currently away; he will be back shortly. As soon as he is back, I will give you more directions. I apologize for the inconvenience.

In the meantime, how is your computer running?

Thanks for your patience,
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Everything...

Unread postby unlv » May 3rd, 2006, 9:48 pm

seems to running smooth ,but my Outlook express gets a error !

Your server has unexpectedly terminated the connection. Possible causes for this include server problems, network problems, or a long period of inactivity. Account: 'mail.adelphia.net', Server: 'mail.adelphia.net', Protocol: POP3, Port: 110, Secure(SSL): No, Error Number: 0x800CCC0F.
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » May 4th, 2006, 2:39 pm

sorry for the delay,

please go to Purity Scan Uninstaller and follow the directions listed to unisntall Purity Scan.

Please go HERE to run Panda's ActiveScan
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report

In your next post, please include:
  • panda scan
  • new hijackthis log
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Here You Go !!

Unread postby unlv » May 4th, 2006, 10:02 pm

Incident Status Location

Adware:adware/commad Not disinfected c:\windows\system32\atmtd.dll
Adware:adware/secure32 Not disinfected c:\windows\secure32.html
Adware:adware/beginto Not disinfected c:\windows\system32\cache3244tbvds
Adware:adware/purityscan Not disinfected Windows Registry
Adware:adware/statblaster Not disinfected Windows Registry
Adware:adware/sbsoft Not disinfected Windows Registry
Spyware:Spyware/Virtumonde Not disinfected C:\!KillBox\gebxx.dll
Adware:Adware/eZula Not disinfected C:\!KillBox\mti-hits.exe[²èÇ]
Spyware:Spyware/Media-motor Not disinfected C:\!KillBox\pop06ap2.exe
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.atdmt.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.2o7.net/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.fastclick.net/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.go.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.hitbox.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.statcounter.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\dggwqqio.Default User\cookies.txt[.microsofteup.112.2o7.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[servedby.advertising.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.advertising.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.as-us.falkag.net/]
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.trafficmp.com/]
Spyware:Cookie/cs.sexcounter Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.cs.sexcounter.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.questionmarket.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.mediaplex.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.perf.overture.com/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.serving-sys.com/]
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.tribalfusion.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.revenue.net/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.adtech.de/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[sel.as-eu.falkag.net/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.as-eu.falkag.net/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.cdfreaks.com/]
Spyware:Cookie/Cd Freaks Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.club.cdfreaks.com/]
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.go.com/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dave\Application Data\Mozilla\Firefox\Profiles\vavly9y3.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dave\Cookies\dave@2o7[2].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[1].txt
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Dave\Cookies\dave@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Cookies\dave@advertising[2].txt
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Dave\Cookies\dave@as-us.falkag[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dave\Cookies\dave@atdmt[2].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Cookies\dave@belnk[1].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dave\Cookies\dave@burstnet[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Cookies\dave@c5.zedo[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@casalemedia[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dave\Cookies\dave@com[1].txt
Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\Dave\Cookies\dave@dist.belnk[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Dave\Cookies\dave@fastclick[2].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Dave\Cookies\dave@go[2].txt
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dave\Cookies\dave@hitbox[2].txt
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Dave\Cookies\dave@maxserving[1].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Dave\Cookies\dave@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Dave\Cookies\dave@questionmarket[2].txt
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Dave\Cookies\dave@realmedia[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dave\Cookies\dave@servedby.advertising[2].txt
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Dave\Cookies\dave@serving-sys[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Dave\Cookies\dave@statcounter[2].txt
Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\Dave\Cookies\dave@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Dave\Cookies\dave@tribalfusion[1].txt
Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\Dave\Cookies\dave@www.burstbeacon[1].txt
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Dave\Cookies\dave@z1.adserver[1].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Dave\Cookies\dave@zedo[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave\Desktop\l2mfix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Dave\Desktop\l2mfix.exe[l2mfix/Process.exe]


Logfile of HijackThis v1.99.1
Scan saved at 9:58:52 PM, on 5/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\WINDOWS\ServicePackFiles\i386\iexplore.exe
C:\hijack\HijackThis.exe

O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm

Unread postby agrarianmonk » May 5th, 2006, 12:34 pm

  • Please double-click Killbox.exe to run it.
  • Select:
    • Delete on Reboot
    • then Click on the All Files button.
  • Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):


    c:\windows\system32\atmtd.dll
    c:\windows\secure32.html
    c:\windows\system32\cache3244tbvds
  • Return to Killbox, go to the File menu, and choose Paste from Clipboard.
  • Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).

If your computer does not restart automatically, please restart it manually.

If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox, click here to download and run missingfilesetup.exe. Then try Killbox again.


Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
    Double-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
If you use Firefox browser
    Click Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser
    Click Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

reboot and post a new hijackthis log. also let me know how your computer is running and if any problems persist.
User avatar
agrarianmonk
MRU Teacher Emeritus
 
Posts: 5439
Joined: December 24th, 2005, 3:11 am

Here !!

Unread postby unlv » May 5th, 2006, 11:18 pm

Logfile of HijackThis v1.99.1
Scan saved at 10:30:05 PM, on 5/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\WgaTray.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\hphmon04.exe
C:\Program Files\DefenderPro AntiSpy\DPASNT.exe
C:\Program Files\Defender Pro Anti Spam\admin.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\PeerGuardian2\pg2.exe
C:\Program Files\Defender Pro Anti Spam\dpantispam.exe
C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
C:\Program Files\DefenderPro AntiSpy\AntiSpy\TSAntiSpy.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\hijack\HijackThis.exe

O2 - BHO: IE PopUp-Killer - {49E0E0F0-5C30-11D4-945D-000000000003} - C:\PROGRA~1\DEFEND~1\DEFEND~2\PopUp.dll
O2 - BHO: OsbornTech Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPHUPD04] "C:\Program Files\HP Photosmart 11\hphinstall\UniPatch\hphupd04.exe"
O4 - HKLM\..\Run: [HPHmon04] C:\WINDOWS\System32\hphmon04.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [DPAS] "C:\Program Files\DefenderPro AntiSpy\DPASNT.exe"
O4 - HKLM\..\Run: [DPASUpdate] "C:\Program Files\DefenderPro AntiSpy\DPASAutoUpdate.exe"
O4 - HKLM\..\Run: [KAVPersonal50] "C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kav.exe" /minimize
O4 - HKLM\..\Run: [103] "C:\Program Files\Defender Pro Anti Spam\admin" "-hide"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [PeerGuardian] C:\Program Files\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [DefenderProAutoRun] "C:\Program Files\Defender Pro Anti Spam\dpantispam" -D "C:\Program Files\Defender Pro Anti Spam\conf"
O4 - HKCU\..\Run: [Ashampoo PopUpBlocker] C:\Program Files\Defender Pro\Defender Pro PC Toolbox\PopUpKiller.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Defender Pro Firewall.lnk = C:\Program Files\Defender Pro\Defender Pro Firewall\KAVPF.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\Program Files\DefenderPro AntiSpy\PopupBlocker\PopupBlocker.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/ka ... nicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resourc ... oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan ... asinst.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Defender Pro LLC - C:\Program Files\Defender Pro\Defender Pro Anti-Virus\kavsvc.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPH11 - HP - C:\WINDOWS\system32\HPHipm11.exe

Everything seems to be working except Outlook express still !
unlv
Regular Member
 
Posts: 42
Joined: April 27th, 2006, 11:24 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 64 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware