• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
Sign in to follow this  
Followers 0
presleygirl

Help with Downloader Trojan

3 posts in this topic

I need help getting rid of downloader trojan. I have many pop-ups, my homepages changes and new programs install themselves, sometimes requiring passwords to uninstall. Here is my Hijack This log and Startup List Log. Please help!

 

Logfile of HijackThis v1.97.7

Scan saved at 3:36:41 PM, on 7/24/2004

Platform: Windows XP SP1 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\xl.exe

C:\WINDOWS\DELLMMKB.EXE

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\documents and settings\rhonda\local settings\temp\9Vt.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\system32\pcs\pcsvc.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\PROGRA~1\INTERN~3\inetmgr.exe

C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe

C:\PROGRA~1\INTERN~3\inetsvc.exe

C:\WINDOWS\System32\mmscoi05.exe

C:\Program Files\Netropa\OSD.exe

C:\WINDOWS\System32\d1ccp32k.exe

C:\WINDOWS\System32\NTCACHEF.exe

C:\WINDOWS\System32\IPARSEP.exe

C:\WINDOWS\System32\nmiqxjd.exe

C:\WINDOWS\System32\mob3dv2.exe

C:\Program Files\MSAC-FD1\MSstat.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\dhbrwsr.exe

C:\WINDOWS\mwsvm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Rhonda\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homepage-network.com/start.cgi?new-hklm

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.com/quicksearch.asp?keyphrase=

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homepage-network.com/start.cgi?new-hkcu

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://rd.yahoo.com/mail_us/mailto/ymsgr/D...?.redir=ymmapi9

R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll

O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts

O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)

O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~3\inetkw.dll

O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll

O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif

O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif

O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~2.DLL

O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll

O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll

O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll

O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll

O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Rhonda\Local Settings\Temp\7Zn.dll

O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll

O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll

O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll

O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE

O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [vhttayw] C:\WINDOWS\System32\dnmiqxj.exe

O4 - HKLM\..\Run: [9Vt] C:\documents and settings\rhonda\local settings\temp\9Vt.exe

O4 - HKLM\..\Run: [bakra] C:\WINDOWS\System32\IEHost.exe

O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe

O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe

O4 - HKLM\..\Run: [tgrinqb] C:\WINDOWS\tgrinqb.exe

O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe

O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe

O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe

O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe

O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

O4 - HKLM\..\Run: [pFFf38h] mmscoi05.exe

O4 - HKLM\..\Run: [csmhc9h1Q] C:\documents and settings\rhonda\local settings\temp\csmhc9h1Q.exe

O4 - HKLM\..\Run: [d1ccp32k] C:\WINDOWS\System32\d1ccp32k.exe

O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe

O4 - HKLM\..\Run: [iPARSEP] C:\WINDOWS\System32\IPARSEP.exe

O4 - HKLM\..\Run: [nmiqxjd] C:\WINDOWS\System32\nmiqxjd.exe

O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe

O4 - HKLM\..\Run: [mwsvm] C:\WINDOWS\mwsvm.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q

O4 - HKCU\..\Run: [YowpRUN8j] mob3dv2.exe

O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe

O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe

O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe

O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe

O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe

O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?

O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm

O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm

O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebws400_script0.htm

O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)

O9 - Extra button: Real.com (HKLM)

O9 - Extra button: MoneySide (HKLM)

O9 - Extra button: Messenger (HKLM)

O9 - Extra 'Tools' menuitem: Messenger (HKLM)

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grs0_x.cab

O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pot0_x.cab

O16 - DPF: Yahoo! Word Racer - http://download.yahoo.com/games/clients/y/ws1_x.cab

O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yahoo.com/dl/installs/yinst.cab

O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab

O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldwinner.com/games/v41/wo...be/wordcube.cab

O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualvegas.com/cab/WONWebLauncherControl.cab

O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yahoo.com/dl/mail/autocomplete.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwa...ash/swflash.cab

O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.games.yahoo.com/games/popc...aploader_v5.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{33E378D9-5643-41DC-BB37-273349A218DE}: NameServer = 63.245.131.21 151.164.1.8

 

 

 

 

 

StartupList report, 7/24/2004, 3:44:47 PM

StartupList version: 1.52

Started from : C:\Documents and Settings\Rhonda\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.EXE

Detected: Windows XP SP1 (WinNT 5.01.2600)

Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

* Using default options

==================================================

 

Running processes:

 

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Nhksrv.exe

C:\WINDOWS\System32\alg.exe

C:\WINDOWS\System32\drivers\CDAC11BA.EXE

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\xl.exe

C:\WINDOWS\DELLMMKB.EXE

C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

C:\documents and settings\rhonda\local settings\temp\9Vt.exe

C:\WINDOWS\System32\IEHost.exe

C:\WINDOWS\system32\pcs\pcsvc.exe

C:\Program Files\Common Files\Dpi\dpi.exe

C:\PROGRA~1\INTERN~3\inetmgr.exe

C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe

C:\PROGRA~1\INTERN~3\inetsvc.exe

C:\WINDOWS\System32\mmscoi05.exe

C:\Program Files\Netropa\OSD.exe

C:\WINDOWS\System32\d1ccp32k.exe

C:\WINDOWS\System32\NTCACHEF.exe

C:\WINDOWS\System32\IPARSEP.exe

C:\WINDOWS\System32\nmiqxjd.exe

C:\WINDOWS\System32\mob3dv2.exe

C:\Program Files\MSAC-FD1\MSstat.exe

C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe

C:\WINDOWS\explorer.exe

C:\WINDOWS\dhbrwsr.exe

C:\WINDOWS\mwsvm.exe

C:\Program Files\Internet Explorer\IEXPLORE.EXE

C:\Documents and Settings\Rhonda\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe

C:\WINDOWS\system32\NOTEPAD.EXE

C:\Program Files\Messenger\msmsgs.exe

 

--------------------------------------------------

 

Listing of startup folders:

 

Shell folders Common Startup:

[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]

Billminder.lnk = C:\Program Files\Quicken\billmind.exe

Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe

Microsoft Works Calendar Reminders.lnk = ?

Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe

Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

 

--------------------------------------------------

 

Checking Windows NT UserInit:

 

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]

UserInit = C:\WINDOWS\system32\userinit.exe,

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

 

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

DellTouch = C:\WINDOWS\DELLMMKB.EXE

EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE

HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe

AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"

ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"

mmtask = C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe

QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime

vhttayw = C:\WINDOWS\System32\dnmiqxj.exe

9Vt = C:\documents and settings\rhonda\local settings\temp\9Vt.exe

Bakra = C:\WINDOWS\System32\IEHost.exe

Pcsv = C:\WINDOWS\system32\pcs\pcsvc.exe

Dpi = C:\Program Files\Common Files\Dpi\dpi.exe

tgrinqb = C:\WINDOWS\tgrinqb.exe

inetmgr = C:\PROGRA~1\INTERN~3\inetmgr.exe

aqadcup = C:\WINDOWS\aqadcup.exe

Adstartup = C:\WINDOWS\System32\automove.exe

stcinstaller = c:\installer\id53.exe

msnappau = "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"

THGuard = "C:\Program Files\TrojanHunter 3.9\THGuard.exe"

pFFf38h = mmscoi05.exe

csmhc9h1Q = C:\documents and settings\rhonda\local settings\temp\csmhc9h1Q.exe

d1ccp32k = C:\WINDOWS\System32\d1ccp32k.exe

NTCACHEF = C:\WINDOWS\System32\NTCACHEF.exe

IPARSEP = C:\WINDOWS\System32\IPARSEP.exe

nmiqxjd = C:\WINDOWS\System32\nmiqxjd.exe

slmss = C:\Program Files\Common Files\slmss\slmss.exe

mwsvm = C:\WINDOWS\mwsvm.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

 

TV Media = C:\Program Files\TV Media\Tvm.exe

 

--------------------------------------------------

 

Autorun entries from Registry:

HKCU\Software\Microsoft\Windows\CurrentVersion\Run

 

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

ClockSync = C:\PROGRA~1\CLOCKS~1\Sync.exe /q

YowpRUN8j = mob3dv2.exe

msmc = C:\WINDOWS\System32\msmc.exe

Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe

MyDailyHoroscope = C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

 

--------------------------------------------------

 

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

 

Shell=*INI section not found*

SCRNSAVE.EXE=*INI section not found*

drivers=*INI section not found*

 

Shell & screensaver key from Registry:

 

Shell=Explorer.exe

SCRNSAVE.EXE=*Registry value not found*

drivers=*Registry value not found*

 

Policies Shell key:

 

HKCU\..\Policies: Shell=*Registry key not found*

HKLM\..\Policies: Shell=*Registry value not found*

 

--------------------------------------------------

 

 

Enumerating Browser Helper Objects:

 

(no name) - C:\WINDOWS\mxTarget.dll (file missing) - {0000607D-D204-42C7-8E46-216055BF9918}

(no name) - C:\PROGRA~1\INTERN~3\inetkw.dll - {046D6EA4-15E3-4b27-8010-45BD78A9219E}

(no name) - C:\WINDOWS\System32\mskhhe.dll - {0982868C-47F0-4EFB-A664-C7B0B1015808}

(no name) - C:\WINDOWS\System32\msglji.gif - {0BA1C6EB-D062-4E37-9DB5-B07743276324}

(no name) - C:\WINDOWS\System32\mseggo.gif - {25F7FA20-3FC3-11D7-B487-00D05990014C}

NavErrRedir Class - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL - {4FC95EDD-4796-4966-9049-29649C80111D}

(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}

NavErrRedir Class - C:\PROGRA~1\INCRED~2\BHO\INCFIN~2.DLL - {5D60FF48-95BE-4956-B4C6-6BB168A70310}

(no name) - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}

(no name) - C:\WINDOWS\System32\msjfbl.dll - {94927A13-4AAA-476A-989D-392456427688}

(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}

NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}

(no name) - C:\Program Files\SEP\sep.dll - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}

(no name) - C:\WINDOWS\System32\msfaol.dll - {CC916B4B-BE44-4026-A19D-8C74BBD23361}

WinPage Affiliate - C:\Documents and Settings\Rhonda\Local Settings\Temp\7Zn.dll - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}

(no name) - C:\WINDOWS\System32\msnkmi.dll - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

 

--------------------------------------------------

 

Enumerating Task Scheduler jobs:

 

Norton AntiVirus - Scan my computer.job

Symantec NetDetect.job

{332EA3A6-025D-4F84-AB79-601E1816A0BD}_DGPHQ511_Rhonda.job

{775AF42D-6204-4B59-95EB-42218DED707C}_DGPHQ511_Harold.job

 

--------------------------------------------------

 

Enumerating Download Program Files:

 

[YInstStarter Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll

CODEBASE = http://download.yahoo.com/dl/installs/yinst.cab

 

[blockwerx Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\BLOCKW~1.OCX

CODEBASE = http://mirror.worldwinner.com/games/v44/bl...x/blockwerx.cab

 

[Word Cubes Control]

InProcServer32 = C:\WINDOWS\DOWNLO~1\wordcube.ocx

CODEBASE = http://mirror.worldwinner.com/games/v41/wo...be/wordcube.cab

 

[WONWebLauncher Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx

CODEBASE = http://www.virtualvegas.com/cab/WONWebLauncherControl.cab

 

[YAddBook Class]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\yaddbook.dll

CODEBASE = http://download.yahoo.com/dl/mail/autocomplete.cab

 

[shockwave Flash Object]

InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx

CODEBASE = http://download.macromedia.com/pub/shockwa...ash/swflash.cab

 

[PopCapLoader Object]

InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll

CODEBASE = http://download.games.yahoo.com/games/popc...aploader_v5.cab

 

--------------------------------------------------

 

Enumerating ShellServiceObjectDelayLoad items:

 

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll

CDBurn: C:\WINDOWS\system32\SHELL32.dll

WebCheck: C:\WINDOWS\System32\webcheck.dll

SysTray: C:\WINDOWS\System32\stobject.dll

 

--------------------------------------------------

End of report, 9,958 bytes

Report generated in 0.328 seconds

 

Command line options:

/verbose - to add additional info on each section

/complete - to include empty sections and unsuspicious data

/full - to include several rarely-important sections

/force9x - to include Win9x-only startups even if running on WinNT

/forcent - to include WinNT-only startups even if running on Win9x

/forceall - to include all Win9x and WinNT startups, regardless of platform

/history - to list version history only

Share this post


Link to post
Share on other sites

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

 

Reboot to SAFE mode to run CWShredder

 

How to start computer in safe mode

 

Then these 2 programs .

Ad-Aware and Spybot

 

Download the latest version of Ad-Aware at ADAWARE

 

Setup Ad-Aware .

After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

 

Launch the program, and click on the Gear at the top of the start screen.

 

Click the "Scanning" button.

Under Drives & Folders, select "Scan within Archives".

Click "Click here to select Drives + folders" and select your installed hard drives.

 

Under Memory & Registry, select all options.

Click the "Advanced" button.

Under "Log-file detail", select all options.

Click the "Tweaks" button.

 

Under "Scanning Engine", select the following:

"Include additional Ad-aware settings in logfile" and

"Unload recognized processes during scanning."

Under "Cleaning Engine", select the following:

"Let Windows remove files in use after reboot."

Click on 'Proceed' to save these Preferences.

Please make sure that you activate IN-DEPTH scanning before you proceed

.................................................

Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in.

Close Ad-Aware 6.

Download the free VX2 Cleaner here.

Install the VX2 Cleaner.

Start Ad-Aware and click on "Plug-ins".

Select the VX2 Cleaner plug-in and click "Run Plugin".

If your computer isn’t infected, click "Close".

If your computer is infected:

Select "Clean System".

Reboot your computer.

Scan your computer with Ad-Aware.

Remove any VX2 objects detected.

Reboot your computer again.

Run a second scan to make sure the files have been removed from your computer.

.................................................................

Download SPYBOT

 

After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it finds

 

How to setup Ad-Aware and Spy-Bot S&D Check my signature for details

 

And after that, please do the following:

 

reboot computer and post a new log

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0