• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
swoodall

CPU Usage at 100% after coolsearch

9 posts in this topic

...and since then my laptop is just about useless. CW Shredder found a coolsearch variant and Norton found a bloodhound virus and my CPA usage indicator in the Windows Task Manager is stuck at 100%. I don't know what is going on. My HijackThis log follows. I appreciate any advice anyone can give me.

 

 

Logfile of HijackThis v1.97.7

Scan saved at 9:50:23 PM, on 6/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Atheros\acu.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\rundll32.exe

C:\WINDOWS\System32\egfemh.exe

C:\documents and settings\steve\local settings\temp\oDa.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\System32\dp-him.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\docume~1\steve\locals~1\temp\msbb.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\services\toosl.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\WINDOWS\System32\mcarror.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Steve\Application Data\seeo.exe

C:\WINDOWS\System32\mmurrenu.exe

C:\WINDOWS\System32\oginl.exe

C:\WINDOWS\System32\msiexec.exe

C:\WINDOWS\System32\Ffewp.exe

C:\WINDOWS\System32\Kwhu0Tz.exe

C:\WINDOWS\System32\wuauclt.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Documents and Settings\Steve\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)

F1 - win.ini: run=C:\WINDOWS\System32\services\exploit.exe

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - (no file)

O2 - BHO: (no name) - {01C5BF6C-E699-4CD7-BEA1-786FA05C83AB} - C:\Program Files\SysAI\AproposPlugin.dll

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {1C4DA27D-4D52-4465-A089-98E01BB725CA} - C:\WINDOWS\System32\inetdctr.dll

O2 - BHO: (no name) - {9C691A33-7DDA-4C2F-BE4C-C176083F35CF} - (no file)

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe

O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program Files\Atheros\DisableWinXPWZCS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [RunDLL] rundll32.exe "C:\WINDOWS\System32\bridge.dll",Load

O4 - HKLM\..\Run: [mxpvyp] C:\WINDOWS\System32\egfemh.exe

O4 - HKLM\..\Run: [WebRebates0] "C:\Program Files\Web_Rebates\WebRebates0.exe"

O4 - HKLM\..\Run: [oDa] C:\documents and settings\steve\local settings\temp\oDa.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [3H7GF6L2FGJW8R] C:\WINDOWS\System32\GnsDk.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [msbb] c:\docume~1\steve\locals~1\temp\msbb.exe

O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe

O4 - HKLM\..\Run: [slojsfwj] C:\WINDOWS\slojsfwj.exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [czud] C:\WINDOWS\czud.exe

O4 - HKLM\..\Run: [AutoLoaderswvo1JPgcMLL] "C:\WINDOWS\System32\mcarror.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [fudgn] C:\WINDOWS\fudgn.exe

O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\System32\services\toosl.exe /u

O4 - HKLM\..\Run: [s34U37S] mcarror.exe

O4 - HKLM\..\Run: [oginl] C:\WINDOWS\System32\oginl.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Tmtr] C:\Documents and Settings\Steve\Application Data\seeo.exe

O4 - HKCU\..\Run: [d0v8RXeqj] mmurrenu.exe

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Steve\Application Data\DownloadPlus.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/

O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8130.4479513889

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{B8DFD9AD-0B37-429D-972A-36D376865766}: NameServer = 207.69.188.187 207.69.188.186

 

 

 

Again, thanks for any help you can give.

 

-steve

Share this post


Link to post
Share on other sites

I have run those programs and removed a lot of stuff but the machine is still sluggish. Please someone take a look at my HijackThis log:

 

 

Logfile of HijackThis v1.97.7

Scan saved at 1:18:53 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Atheros\acu.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\egfemh.exe

C:\documents and settings\steve\local settings\temp\oDa.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\System32\dp-him.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\System32\services\toosl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Steve\Application Data\seeo.exe

C:\WINDOWS\System32\mmurrenu.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\WINDOWS\System32\ONFIGC.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\Ffewp.exe

C:\WINDOWS\System32\FmrC.exe

C:\Documents and Settings\Steve\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/

F1 - win.ini: run=C:\WINDOWS\System32\services\exploit.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe

O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program Files\Atheros\DisableWinXPWZCS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mxpvyp] C:\WINDOWS\System32\egfemh.exe

O4 - HKLM\..\Run: [oDa] C:\documents and settings\steve\local settings\temp\oDa.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [3H7GF6L2FGJW8R] C:\WINDOWS\System32\Uhbg.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [slojsfwj] C:\WINDOWS\slojsfwj.exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [czud] C:\WINDOWS\czud.exe

O4 - HKLM\..\Run: [AutoLoaderswvo1JPgcMLL] "C:\WINDOWS\System32\mcarror.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [fudgn] C:\WINDOWS\fudgn.exe

O4 - HKLM\..\Run: [s34U37S] mcarror.exe

O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\System32\services\toosl.exe /u

O4 - HKLM\..\Run: [ONFIGC] C:\WINDOWS\System32\ONFIGC.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Tmtr] C:\Documents and Settings\Steve\Application Data\seeo.exe

O4 - HKCU\..\Run: [d0v8RXeqj] mmurrenu.exe

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Steve\Application Data\DownloadPlus.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/

O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8130.4479513889

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

 

Thanks

Share this post


Link to post
Share on other sites

I have no idea what is wrong. I thought it might be spyware so I ran spybot, adaware, cwshredder, hijack this, and removed some junk but I got no relief. Does anyone have any ideas? When I start my computer up I get the following message:

 

Windows cannot find 'C:\WINDOWS\System32\services\exploit.exe.' Make sure you typed the name correctly, and then try again. To search for a file, click the Start button, and then click Search.

 

 

and after I click OK I get the following message:

 

 

Could not load or run 'C:\WINDOWS\System32\exploit.exe' specified in the registry. Make sure the file exists on your computer or remove the reference to it in the registry.

 

 

and then I click OK and Windows Media Player opens up, but nothing plays in it, just the Player window opens.

 

And then my computer just runs at the slowest rate I have ever seen; the CPU usage meter is stuck at 100%.

 

My HJT log follows:

 

Logfile of HijackThis v1.97.7

Scan saved at 1:18:53 AM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Atheros\acu.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\egfemh.exe

C:\documents and settings\steve\local settings\temp\oDa.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\System32\dp-him.exe

C:\Program Files\AutoUpdate\AutoUpdate.exe

C:\WINDOWS\System32\services\toosl.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Documents and Settings\Steve\Application Data\seeo.exe

C:\WINDOWS\System32\mmurrenu.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\WINDOWS\System32\ONFIGC.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\wuauclt.exe

C:\WINDOWS\System32\Ffewp.exe

C:\WINDOWS\System32\FmrC.exe

C:\Documents and Settings\Steve\My Documents\HijackThis.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/

F1 - win.ini: run=C:\WINDOWS\System32\services\exploit.exe

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe

O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program Files\Atheros\DisableWinXPWZCS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mxpvyp] C:\WINDOWS\System32\egfemh.exe

O4 - HKLM\..\Run: [oDa] C:\documents and settings\steve\local settings\temp\oDa.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [3H7GF6L2FGJW8R] C:\WINDOWS\System32\Uhbg.exe

O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"

O4 - HKLM\..\Run: [slojsfwj] C:\WINDOWS\slojsfwj.exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [czud] C:\WINDOWS\czud.exe

O4 - HKLM\..\Run: [AutoLoaderswvo1JPgcMLL] "C:\WINDOWS\System32\mcarror.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [fudgn] C:\WINDOWS\fudgn.exe

O4 - HKLM\..\Run: [s34U37S] mcarror.exe

O4 - HKLM\..\Run: [ist service uninstall] C:\WINDOWS\System32\services\toosl.exe /u

O4 - HKLM\..\Run: [ONFIGC] C:\WINDOWS\System32\ONFIGC.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - HKCU\..\Run: [Tmtr] C:\Documents and Settings\Steve\Application Data\seeo.exe

O4 - HKCU\..\Run: [d0v8RXeqj] mmurrenu.exe

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Steve\Application Data\DownloadPlus.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/

O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8130.4479513889

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} (WMService Class) - http://download.overpro.com/WildApp.cab

 

Thanks for the help

Share this post


Link to post
Share on other sites

Hi swoodall

 

First, run this Peper trojan uninstaller,

Download it Here (NOTE: - you must be connected and online for it to work, and must allow any access if your firewall asks permission )

 

Run the Un-installer twice, to be sure it is removed.

 

Then reboot and repost a fresh log from HijackThis.

Share this post


Link to post
Share on other sites

Thank you 12G.

Here is my new HJT log:

 

Logfile of HijackThis v1.97.7

Scan saved at 12:44:44 PM, on 6/26/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Atheros\acu.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\WINDOWS\System32\egfemh.exe

C:\documents and settings\steve\local settings\temp\oDa.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\WINDOWS\System32\impdatas.exe

C:\HJT\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.fujitsupc.com/

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe

O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program Files\Atheros\DisableWinXPWZCS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [mxpvyp] C:\WINDOWS\System32\egfemh.exe

O4 - HKLM\..\Run: [oDa] C:\documents and settings\steve\local settings\temp\oDa.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [AutoLoaderswvo1JPgcMLL] "C:\WINDOWS\System32\mcarror.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [s34U37S] mcarror.exe

O4 - HKLM\..\Run: [impdatas] C:\WINDOWS\System32\impdatas.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Steve\Application Data\DownloadPlus.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/

O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec Control) - http://portal.uga.edu/nps/portal/gadgets/c...t/LocalExec.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) - http://v4.windowsupdate.microsoft.com/CAB/...8130.4479513889

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

Share this post


Link to post
Share on other sites

Whenever I run Spybot it always finds "DSO Exploit" 5 objects. This was both before and after I ran the Peper trojan uninstaller. My Spybot results are as follows:

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-21-833816944-1566896112-986619336-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

DSO Exploit: Data source object exploit (Registry change, nothing done)

HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0\1004!=W=3

 

 

--- Spybot - Search && Destroy version: 1.3 ---

2004-06-16 Includes\Cookies.sbi

2004-06-16 Includes\Dialer.sbi

2004-06-17 Includes\Hijackers.sbi

2004-06-16 Includes\Keyloggers.sbi

2004-05-12 Includes\LSP.sbi

2004-06-16 Includes\Malware.sbi

2004-06-16 Includes\Revision.sbi

2004-06-16 Includes\Security.sbi

2004-06-16 Includes\Spybots.sbi

2004-06-16 Includes\Tracks.uti

2004-06-16 Includes\Trojans.sbi

Share this post


Link to post
Share on other sites

Hi,

 

Through Add/Remove programs Remove any instances of, unless you know of it and use it,

 

SEP

 

Make sure all browsers and windows are closed except for hijackthis and put a check against the following and click 'fix checked';

 

NOTE THE OPTIONAL FIX:

 

 

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O4 - HKLM\..\Run: [mxpvyp] C:\WINDOWS\System32\egfemh.exe

O4 - HKLM\..\Run: [Dsi] C:\WINDOWS\System32\dp-him.exe

O4 - HKLM\..\Run: [intdctrr] C:\WINDOWS\System32\idctup20.exe

O4 - HKLM\..\Run: [AutoLoaderswvo1JPgcMLL] "C:\WINDOWS\System32\mcarror.exe" /PC="AM.WILD" /HideUninstall

O4 - HKLM\..\Run: [s34U37S] mcarror.exe

O4 - HKLM\..\Run: [impdatas] C:\WINDOWS\System32\impdatas.exe

O4 - Startup: Download Plus.lnk = C:\Documents and Settings\Steve\Application Data\DownloadPlus.exe

 

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE<<<<OPTIONAL<<These items are considered to be resource hogs that are not needed and it may be worthwhile to fix them with HJT. You will still be able to start them manually if you need them...

 

O16 - DPF: {FF65677A-8977-48CA-916A-DFF81B037DF3} - http://download.overpro.com/WildApp.cab

 

Restart your computer in

Safe Mode Also make sure you show hidden files Then delete the following files or folders as indicated below if they still show:

 

 

Not all of these may still show,

 

C:\Program Files\SEP\sep.dll<<<<Folder

C:\WINDOWS\System32\egfemh.exe<<<<File

C:\WINDOWS\System32\dp-him.exe<<<<File

C:\WINDOWS\System32\idctup20.exe<<<<File

C:\WINDOWS\System32\mcarror.exe<<<<File

C:\WINDOWS\System32\impdatas.exe<<<<File

C:\Documents and Settings\Steve\Application Data\DownloadPlus.exe<<<<File

 

 

Reboot, then post a fresh logfile so that I can check to see if it is clean.

Share this post


Link to post
Share on other sites

Thank you for your help. My new HJT log is below:

 

Logfile of HijackThis v1.97.7

Scan saved at 4:19:27 PM, on 6/27/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\System32\Ati2evxx.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\AGRSMMSG.exe

C:\Program Files\Apoint2K\Apoint.exe

C:\Program Files\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe

C:\Program Files\Fujitsu\Application Panel\QuickTouch.exe

C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\Atheros\acu.exe

C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\QuickTime\qttask.exe

C:\documents and settings\steve\local settings\temp\oDa.exe

C:\Program Files\Messenger\msmsgs.exe

C:\Program Files\mozilla.org\Mozilla\Mozilla.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Apoint2K\HidFind.exe

C:\Program Files\Apoint2K\Apntex.exe

C:\WINDOWS\System32\wbem\wmiprvse.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\System32\uauservw.exe

C:\HJT\HijackThis.exe

C:\WINDOWS\System32\wuauclt.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =

 

http://www.fujitsupc.com/

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%

 

3A%5CProgram%20Files%5Cmozilla.org%5CMozilla%5Csearchplugins%

 

5Cgoogle.src"); (C:\Documents and Settings\Steve\Application

 

Data\Mozilla\Profiles\default\hsnhckmq.slt\prefs.js)

O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:

 

\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:

 

\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:

 

\program files\google\googletoolbar1.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:

 

\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:

 

\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1

 

D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA

 

46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll

O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:

 

\program files\google\googletoolbar1.dll

O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe

O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control

 

Panel\atiptaxx.exe

O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe

O4 - HKLM\..\Run: [indicatorUtility] C:\Program Files\Fujitsu\Fujitsu Hotkey

 

Utility\IndicatorUty.exe

O4 - HKLM\..\Run: [LoadFujitsuQuickTouch] C:\Program

 

Files\Fujitsu\Application Panel\QuickTouch.exe

O4 - HKLM\..\Run: [LoadBtnHnd] C:\Program Files\Fujitsu\BtnHnd\BtnHnd.

 

exe

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec

 

Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec

 

Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [ACU] C:\Program Files\Atheros\acu.exe

O4 - HKLM\..\Run: [DisableWinXPWZCS] C:\Program

 

Files\Atheros\DisableWinXPWZCS.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.

 

2_04\bin\jusched.exe

O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.

 

exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.

 

exe" -atboottime

O4 - HKLM\..\Run: [oDa] C:\documents and settings\steve\local

 

settings\temp\oDa.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.

 

exe"

O4 - HKLM\..\Run: [uauservw] C:\WINDOWS\System32\uauservw.exe

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe"

 

/background

O4 - HKCU\..\Run: [Mozilla Quick Launch] "C:\Program Files\mozilla.

 

org\Mozilla\Mozilla.exe" -turbo

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program

 

Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program

 

Files\Quicken\QWDLLS.EXE

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program

 

Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Google Search - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmsearch.html

O8 - Extra context menu item: Backward &Links - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmbacklinks.html

O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:

 

\Program Files\Google\GoogleToolbar1.dll/cmcache.html

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:

 

\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O8 - Extra context menu item: Si&milar Pages - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmsimilar.html

O8 - Extra context menu item: Translate into English - res://C:\Program

 

Files\Google\GoogleToolbar1.dll/cmtrans.html

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra 'Tools' menuitem: MaxSpeed (HKLM)

O14 - IERESET.INF: START_PAGE_URL=http://www.fujitsupc.com/

O16 - DPF: {2B1AA38D-2D12-11D5-AAD0-00C04FA03D78} (LocalExec

 

Control) - http://portal.uga.edu/nps/portal/gadgets/c...ell.nps.gadgets

 

.shortcut.ShortcutGadget/LocalExec.CAB

O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} (Update Class) -

 

http://v4.windowsupdate.microsoft.com/CAB/...iuctl.CAB?38130.

 

4479513889

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave

 

Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/

 

flash/swflash.cab

Share this post


Link to post
Share on other sites

Hi there,

 

Ok your log is now clean, to help keep it that way, do this

 

To provide future protection - download and install:

 

SpywareBlaster will block bad ActiveX and malevolent cookies. Download from Here

 

IE-SPYAD puts over 4000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all. Download

Here

Both are very small free programs that you run once, and then just weekly to check for updates.

 

And also see

So how did I get infected in the first place?

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0