Jump to content


Photo

Help with Downloader Trojan


  • Please log in to reply
2 replies to this topic

#1 presleygirl

presleygirl

    Member

  • New Member
  • Pip
  • 3 posts

Posted 24 July 2004 - 03:45 PM

I need help getting rid of downloader trojan. I have many pop-ups, my homepages changes and new programs install themselves, sometimes requiring passwords to uninstall. Here is my Hijack This log and Startup List Log. Please help!

Logfile of HijackThis v1.97.7
Scan saved at 3:36:41 PM, on 7/24/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\documents and settings\rhonda\local settings\temp\9Vt.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\PROGRA~1\INTERN~3\inetmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
C:\PROGRA~1\INTERN~3\inetsvc.exe
C:\WINDOWS\System32\mmscoi05.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\d1ccp32k.exe
C:\WINDOWS\System32\NTCACHEF.exe
C:\WINDOWS\System32\IPARSEP.exe
C:\WINDOWS\System32\nmiqxjd.exe
C:\WINDOWS\System32\mob3dv2.exe
C:\Program Files\MSAC-FD1\MSstat.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\dhbrwsr.exe
C:\WINDOWS\mwsvm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rhonda\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://default-homep...rt.cgi?new-hklm
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.seekseek.....asp?keyphrase=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://default-homep...rt.cgi?new-hkcu
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,Shellnext = http://rd.yahoo.com/...?.redir=ymmapi9
R3 - URLSearchHook: (no name) - {20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - C:\Program Files\TV Media\TvmBho.dll
O1 - Hosts file is located at: C:\WINDOWS\System32\drivers\etc\hosts
O2 - BHO: (no name) - {0000607D-D204-42C7-8E46-216055BF9918} - C:\WINDOWS\mxTarget.dll (file missing)
O2 - BHO: (no name) - {046D6EA4-15E3-4b27-8010-45BD78A9219E} - C:\PROGRA~1\INTERN~3\inetkw.dll
O2 - BHO: (no name) - {0982868C-47F0-4EFB-A664-C7B0B1015808} - C:\WINDOWS\System32\mskhhe.dll
O2 - BHO: (no name) - {0BA1C6EB-D062-4E37-9DB5-B07743276324} - C:\WINDOWS\System32\msglji.gif
O2 - BHO: (no name) - {25F7FA20-3FC3-11D7-B487-00D05990014C} - C:\WINDOWS\System32\mseggo.gif
O2 - BHO: NavErrRedir Class - {4FC95EDD-4796-4966-9049-29649C80111D} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NavErrRedir Class - {5D60FF48-95BE-4956-B4C6-6BB168A70310} - C:\PROGRA~1\INCRED~2\BHO\INCFIN~2.DLL
O2 - BHO: (no name) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll
O2 - BHO: (no name) - {94927A13-4AAA-476A-989D-392456427688} - C:\WINDOWS\System32\msjfbl.dll
O2 - BHO: (no name) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O2 - BHO: (no name) - {CC916B4B-BE44-4026-A19D-8C74BBD23361} - C:\WINDOWS\System32\msfaol.dll
O2 - BHO: WinPage Affiliate - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841} - C:\Documents and Settings\Rhonda\Local Settings\Temp\7Zn.dll
O2 - BHO: (no name) - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB} - C:\WINDOWS\System32\msnkmi.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Band Class - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94} - C:\Program Files\SEP\sep.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll
O3 - Toolbar: (no name) - {D848A3CA-0BFB-4DE0-BA9E-A57F0CCA1C13} - (no file)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [DellTouch] C:\WINDOWS\DELLMMKB.EXE
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [vhttayw] C:\WINDOWS\System32\dnmiqxj.exe
O4 - HKLM\..\Run: [9Vt] C:\documents and settings\rhonda\local settings\temp\9Vt.exe
O4 - HKLM\..\Run: [Bakra] C:\WINDOWS\System32\IEHost.exe
O4 - HKLM\..\Run: [Pcsv] C:\WINDOWS\system32\pcs\pcsvc.exe
O4 - HKLM\..\Run: [Dpi] C:\Program Files\Common Files\Dpi\dpi.exe
O4 - HKLM\..\Run: [tgrinqb] C:\WINDOWS\tgrinqb.exe
O4 - HKLM\..\Run: [inetmgr] C:\PROGRA~1\INTERN~3\inetmgr.exe
O4 - HKLM\..\Run: [aqadcup] C:\WINDOWS\aqadcup.exe
O4 - HKLM\..\Run: [Adstartup] C:\WINDOWS\System32\automove.exe
O4 - HKLM\..\Run: [stcinstaller] c:\installer\id53.exe
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
O4 - HKLM\..\Run: [pFFf38h] mmscoi05.exe
O4 - HKLM\..\Run: [csmhc9h1Q] C:\documents and settings\rhonda\local settings\temp\csmhc9h1Q.exe
O4 - HKLM\..\Run: [d1ccp32k] C:\WINDOWS\System32\d1ccp32k.exe
O4 - HKLM\..\Run: [NTCACHEF] C:\WINDOWS\System32\NTCACHEF.exe
O4 - HKLM\..\Run: [IPARSEP] C:\WINDOWS\System32\IPARSEP.exe
O4 - HKLM\..\Run: [nmiqxjd] C:\WINDOWS\System32\nmiqxjd.exe
O4 - HKLM\..\Run: [slmss] C:\Program Files\Common Files\slmss\slmss.exe
O4 - HKLM\..\Run: [mwsvm] C:\WINDOWS\mwsvm.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ClockSync] C:\PROGRA~1\CLOCKS~1\Sync.exe /q
O4 - HKCU\..\Run: [YowpRUN8j] mob3dv2.exe
O4 - HKCU\..\Run: [msmc] C:\WINDOWS\System32\msmc.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MyDailyHoroscope] C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE
O4 - HKLM\..\RunOnce: [TV Media] C:\Program Files\TV Media\Tvm.exe
O4 - Global Startup: Billminder.lnk = C:\Program Files\Quicken\billmind.exe
O4 - Global Startup: Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
O4 - Global Startup: Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - C:\PROGRA~1\INCRED~1\bin\WebMenuImg.htm
O8 - Extra context menu item: Web Rebates - file://C:\Program Files\Web_Rebates\Sy1150\Tp1150\scri1150a.htm
O8 - Extra context menu item: Web Savings - file://C:\Program Files\WebSavingsfromEbates\System\Temp\ebws400_script0.htm
O9 - Extra 'Tools' menuitem: Sun Java Console (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O9 - Extra button: Messenger (HKLM)
O9 - Extra 'Tools' menuitem: Messenger (HKLM)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grs0_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/pot0_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.yaho...nts/y/ws1_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://download.yaho...talls/yinst.cab
O16 - DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} (Blockwerx Control) - http://mirror.worldw...x/blockwerx.cab
O16 - DPF: {6F6DBC29-7A0C-4AC0-A42D-10EC70678526} (Word Cubes Control) - http://mirror.worldw...be/wordcube.cab
O16 - DPF: {A031D222-B496-11D2-9CC8-00105A10AAF6} (WONWebLauncher Class) - http://www.virtualve...cherControl.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://download.yaho...utocomplete.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macr...ash/swflash.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v5.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{33E378D9-5643-41DC-BB37-273349A218DE}: NameServer = 63.245.131.21 151.164.1.8





StartupList report, 7/24/2004, 3:44:47 PM
StartupList version: 1.52
Started from : C:\Documents and Settings\Rhonda\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.EXE
Detected: Windows XP SP1 (WinNT 5.01.2600)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Nhksrv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\xl.exe
C:\WINDOWS\DELLMMKB.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
C:\documents and settings\rhonda\local settings\temp\9Vt.exe
C:\WINDOWS\System32\IEHost.exe
C:\WINDOWS\system32\pcs\pcsvc.exe
C:\Program Files\Common Files\Dpi\dpi.exe
C:\PROGRA~1\INTERN~3\inetmgr.exe
C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe
C:\PROGRA~1\INTERN~3\inetsvc.exe
C:\WINDOWS\System32\mmscoi05.exe
C:\Program Files\Netropa\OSD.exe
C:\WINDOWS\System32\d1ccp32k.exe
C:\WINDOWS\System32\NTCACHEF.exe
C:\WINDOWS\System32\IPARSEP.exe
C:\WINDOWS\System32\nmiqxjd.exe
C:\WINDOWS\System32\mob3dv2.exe
C:\Program Files\MSAC-FD1\MSstat.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\dhbrwsr.exe
C:\WINDOWS\mwsvm.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\Rhonda\Local Settings\Temp\Temporary Directory 3 for hijackthis.zip\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Messenger\msmsgs.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Start Menu\Programs\Startup]
Billminder.lnk = C:\Program Files\Quicken\billmind.exe
Memory Stick Monitor.lnk = C:\Program Files\MSAC-FD1\MSstat.exe
Microsoft Works Calendar Reminders.lnk = ?
Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe
Quicken Startup.lnk = C:\Program Files\Quicken\QWDLLS.EXE

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
DellTouch = C:\WINDOWS\DELLMMKB.EXE
EM_EXEC = C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
HPDJ Taskbar Utility = C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
AdaptecDirectCD = "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
ccRegVfy = "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
mmtask = C:\Program Files\MusicMatch\MusicMatch Jukebox\mmtask.exe
QuickTime Task = "C:\Program Files\QuickTime\qttask.exe" -atboottime
vhttayw = C:\WINDOWS\System32\dnmiqxj.exe
9Vt = C:\documents and settings\rhonda\local settings\temp\9Vt.exe
Bakra = C:\WINDOWS\System32\IEHost.exe
Pcsv = C:\WINDOWS\system32\pcs\pcsvc.exe
Dpi = C:\Program Files\Common Files\Dpi\dpi.exe
tgrinqb = C:\WINDOWS\tgrinqb.exe
inetmgr = C:\PROGRA~1\INTERN~3\inetmgr.exe
aqadcup = C:\WINDOWS\aqadcup.exe
Adstartup = C:\WINDOWS\System32\automove.exe
stcinstaller = c:\installer\id53.exe
msnappau = "C:\Program Files\MSN Apps\Updater\01.02.0001.1004\en-us\msnappau.exe"
THGuard = "C:\Program Files\TrojanHunter 3.9\THGuard.exe"
pFFf38h = mmscoi05.exe
csmhc9h1Q = C:\documents and settings\rhonda\local settings\temp\csmhc9h1Q.exe
d1ccp32k = C:\WINDOWS\System32\d1ccp32k.exe
NTCACHEF = C:\WINDOWS\System32\NTCACHEF.exe
IPARSEP = C:\WINDOWS\System32\IPARSEP.exe
nmiqxjd = C:\WINDOWS\System32\nmiqxjd.exe
slmss = C:\Program Files\Common Files\slmss\slmss.exe
mwsvm = C:\WINDOWS\mwsvm.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

TV Media = C:\Program Files\TV Media\Tvm.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
ClockSync = C:\PROGRA~1\CLOCKS~1\Sync.exe /q
YowpRUN8j = mob3dv2.exe
msmc = C:\WINDOWS\System32\msmc.exe
Microsoft Works Update Detection = C:\Program Files\Microsoft Works\WkDetect.exe
MyDailyHoroscope = C:\PROGRA~1\MYDAIL~1\MYDAIL~1.EXE

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry key not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\mxTarget.dll (file missing) - {0000607D-D204-42C7-8E46-216055BF9918}
(no name) - C:\PROGRA~1\INTERN~3\inetkw.dll - {046D6EA4-15E3-4b27-8010-45BD78A9219E}
(no name) - C:\WINDOWS\System32\mskhhe.dll - {0982868C-47F0-4EFB-A664-C7B0B1015808}
(no name) - C:\WINDOWS\System32\msglji.gif - {0BA1C6EB-D062-4E37-9DB5-B07743276324}
(no name) - C:\WINDOWS\System32\mseggo.gif - {25F7FA20-3FC3-11D7-B487-00D05990014C}
NavErrRedir Class - C:\PROGRA~1\INCRED~2\BHO\INCFIN~1.DLL - {4FC95EDD-4796-4966-9049-29649C80111D}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
NavErrRedir Class - C:\PROGRA~1\INCRED~2\BHO\INCFIN~2.DLL - {5D60FF48-95BE-4956-B4C6-6BB168A70310}
(no name) - C:\Program Files\MSN Apps\ST\01.02.0001.1004\en-xu\stmain.dll - {9394EDE7-C8B5-483E-8773-474BF36AF6E4}
(no name) - C:\WINDOWS\System32\msjfbl.dll - {94927A13-4AAA-476A-989D-392456427688}
(no name) - C:\Program Files\MSN Apps\MSN Toolbar\01.02.0001.1004\en-us\msntb.dll - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
NAV Helper - C:\Program Files\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\Program Files\SEP\sep.dll - {C5183ABC-EB6E-4E05-B8C9-500A16B6CF94}
(no name) - C:\WINDOWS\System32\msfaol.dll - {CC916B4B-BE44-4026-A19D-8C74BBD23361}
WinPage Affiliate - C:\Documents and Settings\Rhonda\Local Settings\Temp\7Zn.dll - {E8EAEB34-F7B5-4C55-87FF-720FAF53D841}
(no name) - C:\WINDOWS\System32\msnkmi.dll - {FCADDC14-BD46-408A-9842-CDBE1C6D37EB}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer.job
Symantec NetDetect.job
{332EA3A6-025D-4F84-AB79-601E1816A0BD}_DGPHQ511_Rhonda.job
{775AF42D-6204-4B59-95EB-42218DED707C}_DGPHQ511_Harold.job

--------------------------------------------------

Enumerating Download Program Files:

[YInstStarter Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yinsthelper.dll
CODEBASE = http://download.yaho...talls/yinst.cab

[Blockwerx Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\BLOCKW~1.OCX
CODEBASE = http://mirror.worldw...x/blockwerx.cab

[Word Cubes Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\wordcube.ocx
CODEBASE = http://mirror.worldw...be/wordcube.cab

[WONWebLauncher Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\WONWebLauncherControl.ocx
CODEBASE = http://www.virtualve...cherControl.cab

[YAddBook Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\yaddbook.dll
CODEBASE = http://download.yaho...utocomplete.cab

[Shockwave Flash Object]
InProcServer32 = C:\WINDOWS\System32\macromed\flash\Flash.ocx
CODEBASE = http://download.macr...ash/swflash.cab

[PopCapLoader Object]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\popcaploader.dll
CODEBASE = http://download.game...aploader_v5.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 9,958 bytes
Report generated in 0.328 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#2 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 25 July 2004 - 05:50 AM

Please Download CWShredder from HERE and run the Program in safe mode . Press the "Fix Button" Let it fix all variants. Next, Close the program and all windows and IE windows and run hijackthis and Post a Fresh log.

Reboot to SAFE mode to run CWShredder

How to start computer in safe mode

Then these 2 programs .
Ad-Aware and Spybot

Download the latest version of Ad-Aware at ADAWARE

Setup Ad-Aware .
After installing AAW, and before running the program, update reference files by using the bottom right button in the program, labeled "Check for Updates."

Launch the program, and click on the Gear at the top of the start screen.

Click the "Scanning" button.
Under Drives & Folders, select "Scan within Archives".
Click "Click here to select Drives + folders" and select your installed hard drives.

Under Memory & Registry, select all options.
Click the "Advanced" button.
Under "Log-file detail", select all options.
Click the "Tweaks" button.

Under "Scanning Engine", select the following:
"Include additional Ad-aware settings in logfile" and
"Unload recognized processes during scanning."
Under "Cleaning Engine", select the following:
"Let Windows remove files in use after reboot."
Click on 'Proceed' to save these Preferences.
Please make sure that you activate IN-DEPTH scanning before you proceed
.................................................
Increase the strength of Ad-Aware by installing the VX2 Cleaner plug-in.
Close Ad-Aware 6.
Download the free VX2 Cleaner here.
Install the VX2 Cleaner.
Start Ad-Aware and click on "Plug-ins".
Select the VX2 Cleaner plug-in and click "Run Plugin".
If your computer isnít infected, click "Close".
If your computer is infected:
Select "Clean System".
Reboot your computer.
Scan your computer with Ad-Aware.
Remove any VX2 objects detected.
Reboot your computer again.
Run a second scan to make sure the files have been removed from your computer.
.................................................................
Download SPYBOT

After installing Spybot S&D, update it by using the "Update" button on the left panel of the program. Search for updates and download anything it finds

How to setup Ad-Aware and Spy-Bot S&D Check my signature for details

And after that, please do the following:

reboot computer and post a new log

#3 billiebob

billiebob

    Caperjack

  • Retired Staff - Helper
  • PipPipPip
  • 248 posts

Posted 25 July 2004 - 05:51 AM

Also download ,install and run this fully working 30 day trial trojanhunter .
http://www.misec.net...nter/?aff=12129




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button