Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Board index Malware Removal ForumsInfected? Virus, malware, adware, ransomware, oh my!

need help asap..ty

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.
Topic locked

need help asap..ty

Unread postby illwill » October 25th, 2006, 1:08 am

Logfile of HijackThis v1.99.1
Scan saved at 11:57:25 PM, on 10/24/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mclogsrv.exe
F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\PROGRA~1\McAfee\MSC\mctskshd.exe
F:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\wanmpsvc.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\MMediaCodec\pmsngr.exe
F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
F:\Program Files\QuickTime\qttask.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\PROGRA~1\WinZip\winzip32.exe
F:\DOCUME~1\Trent\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\program files\mcafee\virusscan\scriptsn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UBHBI] F:\WINDOWS\UBHBI.exe
O4 - HKLM\..\Run: [TAHNUBHO] F:\WINDOWS\TAHNUBHO.exe
O4 - HKLM\..\Run: [sysme] F:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [Syscpy] F:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchEnhancement] "F:\Program Files\scbar\v1\scbar.exe" /U
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RapidBlaster] F:\Program Files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [QWAGNU] F:\WINDOWS\QWAGNU.exe
O4 - HKLM\..\Run: [QuikShield] qkshield.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Online_Party] c:\program files\dialers\online_party\online_party.exe /noconnect
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [najgdkl] F:\WINDOWS\najgdkl.exe
O4 - HKLM\..\Run: [MskAgentexe] F:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MovieNetworks] "F:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LMDJQNELR] F:\WINDOWS\LMDJQNELR.exe
O4 - HKLM\..\Run: [IST Service] F:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [GMTZDJT] F:\WINDOWS\GMTZDJT.exe
O4 - HKLM\..\Run: [FMSZFJP] F:\WINDOWS\FMSZFJP.exe
O4 - HKLM\..\Run: [FMSZC] F:\WINDOWS\FMSZC.exe
O4 - HKLM\..\Run: [elotcdol] F:\WINDOWS\elotcdol.exe
O4 - HKLM\..\Run: [DownloadWare Engine] "F:\Program Files\DownloadWare Engine\DWE.EXE" /H
O4 - HKLM\..\Run: [DownloadWare] "F:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DKQXAH] F:\WINDOWS\DKQXAH.exe
O4 - HKLM\..\Run: [DJQWDKQX] F:\WINDOWS\DJQWDKQX.exe
O4 - HKLM\..\Run: [Desire] c:\program files\dialers\desire\desire.exe /noconnect
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Connect2Party] c:\program files\dialers\connect2party\connect2party.exe /noconnect
O4 - HKLM\..\Run: [CMESys] "F:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [BHOUELSY] F:\WINDOWS\BHOUELSY.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AKU] F:\WINDOWS\AKU.exe
O4 - HKLM\..\Run: [Adult_Party] c:\program files\dialers\adult_party\adult_party.exe /noconnect
O4 - HKLM\..\Run: [37YJ79X34AERC8] F:\WINDOWS\SYSTEM32\EKRJY.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DR_S] F:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [ClockSync] F:\Program Files\ClockSync\Sync.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = F:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = F:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/ ... /st3_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/share ... cmysec.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983 ... /setup.exe
O18 - Protocol hijack: mhtml -
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe
illwill
Active Member
 
Posts: 2
Joined: October 25th, 2006, 1:05 am
Top
Advertisement
Register to Remove

Unread postby Trogan » October 25th, 2006, 12:25 pm

Hi illwill, welcome to Malware Removal Forums! :)

The computer has a Password Stealing Trojan. Please do the following immediately:

1. Call all of your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change *all* your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups you belong to.

Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.
__________________________________

The computer has an unpatched version of XP. We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here: http://www.microsoft.com/windowsxp/down ... fault.mspx to get Service Pack 1a

Apply the update, and reboot the computer.
__________________________________

I would like to see another log from HijackThis.
  • Run Hijackthis.
  • Click on Open the Misc Tools section.
  • Next click on Open uninstall manager.
  • Press the Save list button.
  • Save the file to your desktop, with the default name of uninstall_list
  • Copy & Paste the entire contents of that file in your in your next post.


Please post the Uninstall list, and a new HijackThis log.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Top

Unread postby illwill » October 26th, 2006, 2:39 am

Logfile of HijackThis v1.99.1
Scan saved at 1:36:46 AM, on 10/26/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Ahead\InCD\InCDsrv.exe
F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
F:\PROGRA~1\McAfee\MSC\mclogsrv.exe
F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
f:\program files\common files\mcafee\mna\mcnasvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
F:\PROGRA~1\McAfee\MSC\mctskshd.exe
F:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
F:\Program Files\McAfee\MPF\MPFSrv.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\wanmpsvc.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\Explorer.EXE
F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe
f:\PROGRA~1\mcafee.com\agent\mcagent.exe
F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
F:\Program Files\MSN Messenger\msnmsgr.exe
F:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Program Files\SiteAdvisor\4144\SiteAdv.exe
F:\WINDOWS\System32\wuauclt.exe
F:\PROGRA~1\WinZip\winzip32.exe
F:\DOCUME~1\Trent\LOCALS~1\Temp\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/ ... ch/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.ramgo.com/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/ ... .yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - F:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - F:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - f:\program files\mcafee\virusscan\scriptsn.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - F:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: (no name) - {479fd0cf-5be9-4c63-8cda-b6d371c67bd5} - (no file)
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - F:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O4 - HKLM\..\Run: [WinampAgent] "F:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [UBHBI] F:\WINDOWS\UBHBI.exe
O4 - HKLM\..\Run: [TAHNUBHO] F:\WINDOWS\TAHNUBHO.exe
O4 - HKLM\..\Run: [sysme] F:\WINDOWS\System32\sysme.exe
O4 - HKLM\..\Run: [Syscpy] F:\WINDOWS\System32\syscpy.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.5.0_08\bin\jusched.exe"
O4 - HKLM\..\Run: [SearchEnhancement] "F:\Program Files\scbar\v1\scbar.exe" /U
O4 - HKLM\..\Run: [RealTray] F:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [RapidBlaster] F:\Program Files\RapidBlaster\rb32.exe
O4 - HKLM\..\Run: [QWAGNU] F:\WINDOWS\QWAGNU.exe
O4 - HKLM\..\Run: [QuikShield] qkshield.exe
O4 - HKLM\..\Run: [QuickTime Task] "F:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Online_Party] c:\program files\dialers\online_party\online_party.exe /noconnect
O4 - HKLM\..\Run: [NeroCheck] F:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [najgdkl] F:\WINDOWS\najgdkl.exe
O4 - HKLM\..\Run: [MskAgentexe] F:\Program Files\McAfee\MSK\MskAgent.exe
O4 - HKLM\..\Run: [MovieNetworks] "F:\Program Files\MovieNetworks\MovieNetworks.exe" /H
O4 - HKLM\..\Run: [Microsoft Works Update Detection] F:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [LMDJQNELR] F:\WINDOWS\LMDJQNELR.exe
O4 - HKLM\..\Run: [IST Service] F:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "F:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ICQ Lite] F:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [GMTZDJT] F:\WINDOWS\GMTZDJT.exe
O4 - HKLM\..\Run: [FMSZFJP] F:\WINDOWS\FMSZFJP.exe
O4 - HKLM\..\Run: [FMSZC] F:\WINDOWS\FMSZC.exe
O4 - HKLM\..\Run: [elotcdol] F:\WINDOWS\elotcdol.exe
O4 - HKLM\..\Run: [DownloadWare Engine] "F:\Program Files\DownloadWare Engine\DWE.EXE" /H
O4 - HKLM\..\Run: [DownloadWare] "F:\Program Files\DownloadWare\dw.exe" /H
O4 - HKLM\..\Run: [DKQXAH] F:\WINDOWS\DKQXAH.exe
O4 - HKLM\..\Run: [DJQWDKQX] F:\WINDOWS\DJQWDKQX.exe
O4 - HKLM\..\Run: [Desire] c:\program files\dialers\desire\desire.exe /noconnect
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "F:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [Connect2Party] c:\program files\dialers\connect2party\connect2party.exe /noconnect
O4 - HKLM\..\Run: [CMESys] "F:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [BHOUELSY] F:\WINDOWS\BHOUELSY.exe
O4 - HKLM\..\Run: [AltnetPointsManager] c:\program files\altnet\points manager\points manager.exe -s
O4 - HKLM\..\Run: [AKU] F:\WINDOWS\AKU.exe
O4 - HKLM\..\Run: [Adult_Party] c:\program files\dialers\adult_party\adult_party.exe /noconnect
O4 - HKLM\..\Run: [37YJ79X34AERC8] F:\WINDOWS\SYSTEM32\EKRJY.EXE
O4 - HKCU\..\Run: [Yahoo! Pager] "F:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [msnmsgr] "F:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MessengerPlus2] "F:\Program Files\Messenger Plus! 2\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [DR_S] F:\Program Files\DR_S\DR_S.exe
O4 - HKCU\..\Run: [ClockSync] F:\Program Files\ClockSync\Sync.exe
O4 - Global Startup: America Online 8.0 Tray Icon.lnk = F:\Program Files\America Online 8.0\aoltray.exe
O4 - Global Startup: America Online 9.0 Tray Icon.lnk = F:\Program Files\America Online 9.0a\aoltray.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = F:\Program Files\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///F:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///F:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///F:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///F:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - F:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM95\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - F:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - F:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - F:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: F:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Spades - http://download2.games.yahoo.com/games/ ... /st3_x.cab
O16 - DPF: {1D6711C8-7154-40BB-8380-3DEA45B69CBF} (Web P2P Installer) -
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - F:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftup ... 1818964245
O16 - DPF: {BDD2F926-8158-4F62-9E0D-B3B75FD1F07F} (McObjectFactory Class) - http://download.mcafee.com/molbin/share ... cmysec.cab
O16 - DPF: {D97287B6-4018-4060-948D-54D2122FC5C3} - http://www.fastfind.org/ss/client/52983 ... /setup.exe
O18 - Protocol hijack: mhtml -
O18 - Protocol: siteadvisor - {3A5DC592-7723-4EAA-9EE6-AF4222BCF879} - F:\Program Files\SiteAdvisor\4144\SiteAdv.dll
O21 - SSODL: contrabandists - {dfa61db1-388e-4c87-8d56-540fa229bcb4} - (no file)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - F:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - F:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - F:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - f:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - f:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - F:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Task Scheduler (mctskshd.exe) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - F:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - F:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - F:\WINDOWS\wanmpsvc.exe

Uninstall List

Adobe Acrobat 4.0, 5.0
Adobe Flash Player 9
Ahead InCD
Ahead InCD EasyWrite Reader
Ahead Nero Burning ROM
Ahead NeroMIX
Ahead NeroVision Express
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20030807.3)
AOL Instant Messenger
ArcSoft PhotoImpression
Dazzle Software
DeadAIM
DVD Complete
DVD X Copy Platinum RF 4.0.4
DVD X Rescue
Global DiVX Player
HijackThis 1.99.1
HP Photo Printing Software
HP Precisionscan Pro 3.1
ImageDrive (ahead software)
Internet Explorer Security Plugin 2006
iPhoto Plus 4
J2SE Runtime Environment 5.0 Update 8
Learn2 Player (Uninstall Only)
McAfee SecurityCenter
Microsoft Greetings
Microsoft Office XP Professional with FrontPage
Microsoft Picture It! Express 7.0
MMediaCodec 9.0
MSN Messenger 6.0
Netscape (7.1)
Outlook Express Q837009
P2P Networking
Public Messenger ver 2.03
QuickTime
RealPlayer Basic
Saunders Q and A Review for NCLEX-RN
Shockwave
Sonic MyDVD
The ClueFinders(R) Reading Adventures Ages 9-12
Winamp (remove only)
Windows Media Player Hotfix [See wm828026 for more information]
Windows XP Application Compatibility Update[Q319580]
Windows XP Hotfix - KB821557
Windows XP Hotfix - KB823182
Windows XP Hotfix - KB823559
Windows XP Hotfix - KB823980
Windows XP Hotfix - KB824105
Windows XP Hotfix - KB824141
Windows XP Hotfix - KB824146
Windows XP Hotfix - KB825119
Windows XP Hotfix - KB828028
Windows XP Hotfix - KB828035
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB837001
Windows XP Hotfix - KB842773
Windows XP Hotfix (SP1) [See Q309521 for more information]
Windows XP Hotfix (SP1) [See Q311889 for more information]
Windows XP Hotfix (SP1) [See Q311967 for more information]
Windows XP Hotfix (SP1) [See Q313450 for more information]
Windows XP Hotfix (SP1) [See Q314147 for more information]
Windows XP Hotfix (SP1) [See Q314862 for more information]
Windows XP Hotfix (SP1) [See Q315000 for more information]
Windows XP Hotfix (SP1) [See Q315403 for more information]
Windows XP Hotfix (SP1) [See Q317277 for more information]
Windows XP Hotfix (SP1) [See Q318138 for more information]
Windows XP Hotfix (SP1) [See Q323172 for more information]
Windows XP Hotfix (SP1) [See Q324096 for more information]
Windows XP Hotfix (SP1) [See Q324380 for more information]
Windows XP Hotfix (SP1) [See Q326830 for more information]
Windows XP Hotfix (SP1) [See Q328940 for more information]
Windows XP Hotfix (SP1) [See Q329048 for more information]
Windows XP Hotfix (SP1) [See Q329390 for more information]
Windows XP Hotfix (SP1) [See Q329441 for more information]
Windows XP Hotfix (SP1) [See Q329834 for more information]
Windows XP Hotfix (SP1) Q328310
Windows XP Hotfix (SP1) Q329170
Windows XP Hotfix (SP1) Q331953
Windows XP Hotfix (SP1) Q810577
Windows XP Hotfix (SP1) Q810833
Windows XP Hotfix (SP1) Q811493
Windows XP Hotfix (SP1) Q815021
Windows XP Hotfix (SP1) Q817606
Windows XP Hotfix (SP1) Q819696
Windows XP Hotfix (SP2) [See Q329115 for more information]
WinZip
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Toolbar for Internet Explorer
illwill
Active Member
 
Posts: 2
Joined: October 25th, 2006, 1:05 am
Top

Unread postby Trogan » October 26th, 2006, 10:31 am

Illwill, you managed to skip pass getting Service Pack 1a? Why? If you want anyone from this forum to help you, then please download and install Service Pack 1a as instructed in my previous post.

Also, please do the following:

Please follow this WGA troubleshooting procedure:

Please post a reply with the results, along with a new HijackThis log.
User avatar
Trogan
MRU Teacher Emeritus
 
Posts: 2291
Joined: November 26th, 2005, 9:31 am
Location: London
Top

Unread postby markkhunt » November 14th, 2006, 11:45 am

Whilst we appreciate that you may be busy, it has been 14 days or more since we heard from you.

Infections can change and fresh instructions will now need to be given. This topic is now closed, if you still require assistance then please start a new topic in the Malware Removal Forum

If you wish this topic reopened, please send us an email to 'admin at malwareremoval.com' with a link to your thread.

You can help support this site from this link :
Donations For Malware Removal

Do not bother contacting us if you are not the topic starter. A valid,
working link to the closed topic is required along with the user name used.
If the user name does not match the one in the thread linked, the email will be deleted.
User avatar
markkhunt
Admin/Teacher Emeritus
 
Posts: 7913
Joined: April 15th, 2005, 8:58 pm
Location: Newburgh, IN
Top
Advertisement
Register to Remove
Topic locked

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 113 guests

The teamDelete all board cookiesAll times are UTC - 5 hours [ DST ]

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware

Board index