Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Hijackthis Log
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
Page 1 of 2 1 2
 
LinkBack Thread Tools
Old 10-06-2005, 04:30 PM   #1 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Hijackthis Log
I just wanted to see if my hijackthis log is clean, something seems to be slowing down my comp, even after virus scans.

Logfile of HijackThis v1.99.1
Scan saved at 6:28:22 PM, on 10/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\Jason's Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuup.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4DDDDCEB-A4B9-543C-93B4-40A2A863AF46} - C:\WINDOWS\system32\FYI\wcwerdetme.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Steam\Steam.exe -silent
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\QLink 1.0\devmonit.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...16/mcgdmgr.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{808D8F99-A5A4-4423-B616-09FEA1CDB580}: NameServer = 206.47.244.59 206.47.244.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

Thanks!
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 10-06-2005, 06:11 PM   #2 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Sorry just wanted to add, my computer has 2 second freezes very often on msn, for example when I leave a conversation. Other than that, it just reacts really slowly. Im not sure what the problem is, but I dont think its RAM because ive got 512 mb of that.
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-07-2005, 01:10 AM   #3 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Hi Zaise,

It could be junk left over. Please do the following:

Please download CleanUp! (Alternate Link if main link don't work - http://www.greyknight17.com/spy/CleanUp.exe ) and install it. Do not run it yet!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Reboot/logoff when prompted.

WARNING - CleanUp! will delete all files and folders contained within Temporary Directories. If you knowingly have items you would like to keep stored in these locations, Move them now!!!

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click "Start Scan"
  • After it's done scanning, click "Scan Results"
  • Make sure all items found have a check next to them, then click "Clean Threats Now".
  • Click Exit.
Reboot your computer. In place of the TrendMicro icon will be a text file called "Antispyware.log", please double-click that log and copy the entire contents and paste them in your next post.
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-08-2005, 07:49 PM   #4 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Thanks, but my computer still seems to be running slow. Heres the log.

Started Scanning
Internet Cookies
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'Software\Kazaa'
Found '' in 'Software\Kazaa\Settings'
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'Software\Kazaa\InstantMessaging'
Found '' in 'Software\Kazaa\LocalContent'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found '' in 'Software\PowerScan'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Found 'IgnoreAll' in 'Software\Kazaa\InstantMessaging'
Found 'DisableListFiles' in 'Software\Kazaa\LocalContent'
Found '' in 'SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}'
Found '' in 'SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{339D8AFF-0B42-4260-AD82-78CE605A9543}\TypeLib'
Found '' in 'SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}'
Found '' in 'SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}\ProxyStubClsid'
Found '' in 'SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}\ProxyStubClsid32'
Found '' in 'SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F}\TypeLib'
Found '' in 'Software\Dynamic Toolbar'
Found '' in 'SOFTWARE\Classes\CLSID\{3646C2BD-3554-49CA-8125-44DEEFB881DE}'
Found 'conc' in 'Software\Microsoft\Internet Explorer\Main'
Found 'PluginLevel' in 'SYSTEM\CurrentControlSet\Control\Session Manager'
Found '' in 'SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\Common Files\updater'
Found '' in 'C:\Program Files\WinMX'
Found 'alchem.inf' in 'C:\WINDOWS\INF'
Found 'Belt.inf' in 'C:\WINDOWS\INF'
Found 'biini.inf' in 'C:\WINDOWS\INF'
Found 'multimpp.inf' in 'C:\WINDOWS\INF'
Found 'disk 1.bmp' in 'C:\WINDOWS\SYSTEM32\b2s_cache'
Found 'mail unreaded.bmp' in 'C:\WINDOWS\SYSTEM32\b2s_cache'
Found 'peoples 1.bmp' in 'C:\WINDOWS\SYSTEM32\b2s_cache'
Found 'search find 2.bmp' in 'C:\WINDOWS\SYSTEM32\b2s_cache'
Found 'web.bmp' in 'C:\WINDOWS\SYSTEM32\b2s_cache'
Found 'yellow folder closed.bmp' in 'C:\WINDOWS\SYSTEM32\b2s_cache'
Found 'creditcard12.ico' in 'C:\WINDOWS\SYSTEM32'
Found '' in 'C:\WINDOWS\SYSTEM32\FLEOK'
Found 'moviesgreen.ico' in 'C:\WINDOWS\SYSTEM32'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\Common Files\updater' in shortcut areas.
Checking for 'C:\Program Files\Common Files\updater' in startup areas.
Cleaning 'C:\Program Files\Common Files\updater'
Checking for 'C:\Program Files\WinMX' in shortcut areas.
Checking for 'C:\Program Files\WinMX' in startup areas.
Cleaning 'C:\Program Files\WinMX'
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in shortcut areas.
Checking for 'C:\Program Files\WinMX\wpnpchannelcmds.txt' in startup areas.
Cleaning 'C:\Program Files\WinMX\wpnpchannelcmds.txt'
Checking for 'C:\WINDOWS\INF\alchem.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\alchem.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\alchem.inf'
Checking for 'C:\WINDOWS\INF\Belt.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\Belt.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\Belt.inf'
Checking for 'C:\WINDOWS\INF\biini.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\biini.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\biini.inf'
Checking for 'C:\WINDOWS\INF\multimpp.inf' in shortcut areas.
Checking for 'C:\WINDOWS\INF\multimpp.inf' in startup areas.
Cleaning 'C:\WINDOWS\INF\multimpp.inf'
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\disk 1.bmp' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\disk 1.bmp' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\b2s_cache\disk 1.bmp'
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\mail unreaded.bmp' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\mail unreaded.bmp' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\b2s_cache\mail unreaded.bmp'
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\peoples 1.bmp' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\peoples 1.bmp' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\b2s_cache\peoples 1.bmp'
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\search find 2.bmp' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\search find 2.bmp' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\b2s_cache\search find 2.bmp'
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\web.bmp' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\web.bmp' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\b2s_cache\web.bmp'
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\yellow folder closed.bmp' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\b2s_cache\yellow folder closed.bmp' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\b2s_cache\yellow folder closed.bmp'
Checking for 'C:\WINDOWS\SYSTEM32\creditcard12.ico' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\creditcard12.ico' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\creditcard12.ico'
Checking for 'C:\WINDOWS\SYSTEM32\FLEOK' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\FLEOK' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\FLEOK'
Checking for 'C:\WINDOWS\SYSTEM32\moviesgreen.ico' in shortcut areas.
Checking for 'C:\WINDOWS\SYSTEM32\moviesgreen.ico' in startup areas.
Cleaning 'C:\WINDOWS\SYSTEM32\moviesgreen.ico'
Finished Cleaning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2005, 05:58 AM   #5 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Perform an online scan in Internet Explorer with Panda ActiveScan
  1. Click on the Scan your PC button & a 'pop up' window shall appear. * ensure that your pop up blocker doesn't block it
  2. Click On 'Scan Now'
  3. Enter your e-mail address & click 'Scan Now' ...begins downloading Panda's ActiveX controls.- 8MB
  4. Begin the scan by selecting My Computer
    * You needn't remain online while it's doing the scan but you have to re-connect after it has finished to see the report.
  5. If it finds any malware, it will offer you a report. Click on see report
  6. Then click Save report
  7. Post the contents of the report in your next reply
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2005, 09:25 AM   #6 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Okay Ive finished the scan, here are the results:


Incident Status Location

Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Spyware:spyware/betterinet No disinfected C:\WINDOWS\SYSTEM32\in10b6s.dll
Adware:adware/topconvert No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\mp3.ocx
Adware:adware/toprebates No disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
Spyware:spyware/surfsidekick No disinfected C:\Documents and Settings\Jason\Application Data\Sskknwrd.dll
Adware:adware/ipinsight No disinfected C:\WINDOWS\INF\polall1r.inf
Adware:adware/spysheriff No disinfected C:\winstall.exe
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/ucmore No disinfected C:\WINDOWS\ucmoreiex.exe
Adware:adware/weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Adware:adware/lop No disinfected C:\PROGRAM FILES\C2Media
Adware:adware/winad No disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/beginto No disinfected C:\WINDOWS\SYSTEM32\b2s_cache
Adware:adware/blazefind No disinfected Windows Registry
Adware:Adware/PurityScan No disinfected C:\Documents and Settings\Jason\Application Data\eetu.exe
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1aa5b3cc-17335280.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1aa5b3cc-17335280.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1aa5b3cc-17335280.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-1aa5b3cc-17335280.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-28e5ee40-2b1be5dc.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-28e5ee40-2b1be5dc.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-28e5ee40-2b1be5dc.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-28e5ee40-2b1be5dc.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3deb54ed-6fd15b65.zip[A.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3deb54ed-6fd15b65.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4843d4a3-36d6697d.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4843d4a3-36d6697d.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4843d4a3-36d6697d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4843d4a3-36d6697d.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b9471d1-5f7f05a9.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b9471d1-5f7f05a9.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b9471d1-5f7f05a9.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-4b9471d1-5f7f05a9.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-688da1ba-2acdc524.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-688da1ba-2acdc524.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-688da1ba-2acdc524.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-688da1ba-2acdc524.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7c98052-5f456a5e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7c98052-5f456a5e.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7c98052-5f456a5e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-7c98052-5f456a5e.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-abb13dd-4e48867e.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-abb13dd-4e48867e.zip[VB.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-abb13dd-4e48867e.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-abb13dd-4e48867e.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-67d5ec72.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-67d5ec72.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-67d5ec72.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-11faa9ed-67d5ec72.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-4bd49737.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-4bd49737.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-4bd49737.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1f5b6b54-4bd49737.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5079bffa-4cb1ed21.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5079bffa-4cb1ed21.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5079bffa-4cb1ed21.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-5079bffa-4cb1ed21.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7c332598-4166394f.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7c332598-4166394f.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7c332598-4166394f.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7c332598-4166394f.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7eb4d059-1e76ced4.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7eb4d059-1e76ced4.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7eb4d059-1e76ced4.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-7eb4d059-1e76ced4.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111c-30a3bfd1.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111c-30a3bfd1.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111c-30a3bfd1.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-d35111c-30a3bfd1.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-64df55a9-2a060924.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-64df55a9-2a060924.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-64df55a9-2a060924.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-64df55a9-2a060924.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count1.jar-5e2dffa0-44e98170.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-30f1f1ac-70b86cd8.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-30f1f1ac-70b86cd8.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-30f1f1ac-70b86cd8.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\demo.jar-30f1f1ac-70b86cd8.zip[Dummy.class]
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-31f06070-7f344604.zip[InstallerApplet.class]
Adware:Adware/IST.ISTBar No disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-7bae8561.zip[InstallerApplet.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-1818f7fb-7d9135c5.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-1818f7fb-7d9135c5.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-1818f7fb-7d9135c5.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv410.jar-1818f7fb-7d9135c5.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv420.jar-19cdd09a-16844dfa.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv420.jar-19cdd09a-16844dfa.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv420.jar-19cdd09a-16844dfa.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv420.jar-19cdd09a-16844dfa.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv645.jar-750ad2bf-17c9cacb.zip[Matrix.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv645.jar-750ad2bf-17c9cacb.zip[Counter.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv645.jar-750ad2bf-17c9cacb.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\loaderadv645.jar-750ad2bf-17c9cacb.zip[Parser.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-7fffc1d1.zip[GetAccess.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-7fffc1d1.zip[InsecureClassLoader.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-7fffc1d1.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\msjld.jar-6ecc4ec7-7fffc1d1.zip[Installer.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_v1ro.jar-6d9b3a0b-4f50a2f7.zip[Bubble.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_v1ro.jar-6d9b3a0b-4f50a2f7.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\playup_v1ro.jar-6d9b3a0b-4f50a2f7.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-e821fb4-599adb79.zip[Jvb.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\proc.jar-e821fb4-599adb79.zip[MainApp.class]
Virus:Trj/Downloader.YD Disinfected C:\Documents and Settings\Jason\Desktop\Jason's Stuff\Adobe_Photoshop_CS_and_ImageReady_CS_Activation\aer.exe
Dialer:Dialer.B No disinfected C:\Program Files\Access_Control\instant access.exe
Adware:Adware/Lop No disinfected C:\Program Files\C2Media\Setup.exe
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-09-2005, 02:12 PM   #7 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Download KillBox http://www.greyknight17.com/spy/KillBox.exe.

Run KillBox and check the box that says 'End Explorer Shell While Killing File'. Next click on 'Delete on Reboot'. For each of the following files below, check the box that says 'Unregister .dll Before Deleting' if it's not grayed out. Copy and paste each of the following into KillBox (hitting the X button for each file - Choose YES when informs you the file will be deleted on Reboot. Choose NO when it asks if you want to reboot):

C:\Documents and Settings\Jason\Desktop\Jason's Stuff\Adobe_Photoshop_CS_and_ImageReady_CS_Activat ion\aer.exe
C:\Program Files\Access_Control\instant access.exe
C:\WINDOWS\SYSTEM32\fiz1
C:\WINDOWS\SYSTEM32\in10b6s.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\mp3.ocx
C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
C:\Documents and Settings\Jason\Application Data\Sskknwrd.dll
C:\WINDOWS\INF\polall1r.inf
C:\winstall.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\ucmoreiex.exe
C:\PROGRAM FILES\C2Media
C:\PROGRAM FILES\Winad Client
C:\WINDOWS\SYSTEM32\b2s_cache
C:\Documents and Settings\Jason\Application Data\eetu.exe

Follow the instructions outlined here to clear Sun Java's cache.

Run TMAS and HJT again please, and return the logs in your next post.
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-15-2005, 10:54 AM   #8 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


I dont think this is helping, my system still acts really slowly:

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 11:22:50 AM, on 10/15/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Jason\Desktop\Jason's Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuup.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4DDDDCEB-A4B9-543C-93B4-40A2A863AF46} - C:\WINDOWS\system32\FYI\wcwerdetme.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\QLink 1.0\devmonit.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...16/mcgdmgr.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{808D8F99-A5A4-4423-B616-09FEA1CDB580}: NameServer = 206.47.244.59 206.47.244.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe

TMAS Log:

Started Scanning
Internet Cookies
Found 'servedby.advertising.com' in 'Internet Explorer Cache'
Found 'burstnet.com' in 'Internet Explorer Cache'
Found 'fastclick.net' in 'Internet Explorer Cache'
Found 'dist.belnk.com' in 'Internet Explorer Cache'
Found 'as-us.falkag.net' in 'Internet Explorer Cache'
Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Found 'advertising.com' in 'Internet Explorer Cache'
Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Found 'belnk.com' in 'Internet Explorer Cache'
Found 'revenue.net' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'atdmt.com' in 'Internet Explorer Cache'
Found 'adknowledge.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'realmedia.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found '' in 'SOFTWARE\Classes\ed2k'
Found '' in 'SOFTWARE\Classes\ed2k\DefaultIcon'
Found '' in 'SOFTWARE\Classes\ed2k\shell\open\command'
Found '' in 'SOFTWARE\Magnet'
Found '' in 'SOFTWARE\Classes\magnet'
Found '' in 'SOFTWARE\Classes\magnet\shell\open\command'
Found 'URL Protocol' in 'SOFTWARE\Classes\magnet'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-17-2005, 06:47 PM   #9 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Is it possible that my settings are messed up?
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-18-2005, 01:03 AM   #10 (permalink)
Moderator, Microsoft Support
 
POADB's Avatar
 
Join Date: Jul 2004
Location: United Kingdom
Posts: 6,482
OS: XP SP2


Can you confirm these files were deleted?? I forgot to tell you to reoot after using KillBox.

Run Killbox again as a safety measure, using the same setttings as before:

C:\Documents and Settings\Jason\Desktop\Jason's Stuff\Adobe_Photoshop_CS_and_ImageReady_CS_Activat ion\aer.exe
C:\Program Files\Access_Control\instant access.exe
C:\WINDOWS\SYSTEM32\fiz1
C:\WINDOWS\SYSTEM32\in10b6s.dll
C:\WINDOWS\DOWNLOADED PROGRAM FILES\mp3.ocx
C:\WINDOWS\DOWNLOADED PROGRAM FILES\WinadX.inf
C:\Documents and Settings\Jason\Application Data\Sskknwrd.dll
C:\WINDOWS\INF\polall1r.inf
C:\winstall.exe
C:\WINDOWS\smdat32a.sys
C:\WINDOWS\ucmoreiex.exe
C:\PROGRAM FILES\C2Media
C:\PROGRAM FILES\Winad Client
C:\WINDOWS\SYSTEM32\b2s_cache
C:\Documents and Settings\Jason\Application Data\eetu.exe

Now reboot your computer.

Return to windows and do an online virus scan at Panda Software so we can see if there are anymore infected files.
__________________
POADB is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-24-2005, 06:40 PM   #11 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Alright here is my log after running pandascan:

Incident Status Location

Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\kyf.dat
Adware:adware/ipinsight No disinfected C:\WINDOWS\alchem.ini
Adware:adware/twain-tech No disinfected C:\WINDOWS\smdat32m.sys
Spyware:spyware/surfsidekick No disinfected C:\WINDOWS\SSK3_B5.exe
Adware:adware/weirdontheweb No disinfected C:\WINDOWS\weirdontheweb_topc.exe
Adware:adware/ucmore No disinfected C:\PROGRAM FILES\TheSearchAccelerator
Adware:adware/winad No disinfected C:\PROGRAM FILES\Winad Client
Adware:adware/beginto No disinfected C:\WINDOWS\SYSTEM32\b2s_cache
Adware:adware/blazefind No disinfected Windows Registry
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-21ea2c3d.zip[Beyond.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-21ea2c3d.zip[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-21ea2c3d.zip[NudeBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-21ea2c3d.zip[VerifierBug.class]
Virus:Trj/Downloader.EAA Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-2075dd4b-21ea2c3d.zip[bot.exe]

Im starting to think its not the spyware that causes so much delay in between windows. Can it be options?
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-25-2005, 09:15 AM   #12 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,934
OS: WinXP and Vista


Hello Zaise,

Let's finish clearing out the malware and if you still have problems with slow loading we'll look at other possible causes.

Reboot into Safe Mode.

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\WINDOWS\SYSTEM32\kyf.dat
C:\WINDOWS\alchem.ini
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\SSK3_B5.exe
C:\WINDOWS\weirdontheweb_topc.exe
C:\WINDOWS\SYSTEM32\b2s_cache

Start KillBox.
Go to the File menu, and choose Paste from Clipboard.
*Verify that you've done this properly by clicking the dropdown-arrow next to the Full Path of File to Delete field. The filenames you pasted will be found in there.

Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click [Yes] at the 'Delete on Reboot' prompt. Click [No] at the Pending Operations prompt.

Uninstall the following via the Add/Remove Panel (Start->(Settings)->Control Panel->Add/Remove Programs) if they exist:

TheSearchAccelerator
Winad Client
C2Media --If it's still present

Delete the following folders:

C:\PROGRAM FILES\TheSearchAccelerator
C:\PROGRAM FILES\Winad Client
C:\PROGRAM FILES\C2Media

Clear the Sun Java Cache once more.

Reboot into Normal Mode. run another scan with Panda and post the results here along with a new HijackThis log.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-25-2005, 03:24 PM   #13 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Thanks a lot for helping me to this point.

After doing everything told, there still seems to be no change on my computer's speed. My menus lag, as well as all the windows.
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-26-2005, 11:54 AM   #14 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,934
OS: WinXP and Vista


Please post another Panda scan and HijackThis log please.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-27-2005, 03:33 PM   #15 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Here are my Pandascan results. It seems that I have not fully deleted some spyware. Sorry about that

Incident Status Location

Adware:adware/blazefind No disinfected Windows Registry
Adware:Adware/Weirdontheweb No disinfected C:\!Submit\A0011756.exe
Adware:Adware/WUpd No disinfected C:\!Submit\A0011955.exe
Adware:Adware/SAHAgent No disinfected C:\!Submit\bi5.inf
Adware:Adware/WUpd No disinfected C:\!Submit\BridgeX.inf
Dialer:Dialer.B No disinfected C:\!Submit\ExeDialer.exe
Dialer:Dialer.B No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0011956.exe
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0011957.inf
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM32\BO2802040128.exe
Dialer:dialer.b No disinfected C:\WINDOWS\tmlpcert2005
Hijackthis Log

Logfile of HijackThis v1.99.1
Scan saved at 5:32:31 PM, on 10/27/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpCtr.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe
C:\Documents and Settings\Jason\Desktop\Jason's Stuff\HijackThis.exe
C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpHost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuup.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {4DDDDCEB-A4B9-543C-93B4-40A2A863AF46} - C:\WINDOWS\system32\FYI\wcwerdetme.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Monitor.lnk = C:\Program Files\QLink 1.0\devmonit.exe
O4 - Global Startup: SmartUI.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...16/mcgdmgr.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{808D8F99-A5A4-4423-B616-09FEA1CDB580}: NameServer = 206.47.244.59 206.47.244.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 10-29-2005, 09:45 PM   #16 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,934
OS: WinXP and Vista


You did just fine Zaise, what you are seeing is the backup of the files you just 'killed' with Killbox. There are, however, 2 new ones.

Reboot into Safe Mode.

Copy the file names below to the clipboard by highlighting them and pressing Ctrl-C:

C:\WINDOWS\SYSTEM32\BO2802040128.exe
C:\WINDOWS\system32\FYI\wcwerdetme.dll

Start KillBox.
Go to the File menu, and choose Paste from Clipboard.
*Verify that you've done this properly by clicking the dropdown-arrow next to the Full Path of File to Delete field. The filenames you pasted will be found in there.

Select/tick the following:
* Delete on Reboot
* End Explorer Shell While Killing File
* Unregister.dll Before Deleting" if it's not grayed out.
Click the RED X button.

Click [Yes] at the 'Delete on Reboot' prompt. Click [No] at the Pending Operations prompt.

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: (no name) - {4DDDDCEB-A4B9-543C-93B4-40A2A863AF46} - C:\WINDOWS\system32\FYI\wcwerdetme.dll (file missing)

Delete the following Folders:

C:\WINDOWS\tmlpcert2005
C:\WINDOWS\system32\FYI

Reboot into Normal Mode. Another scan with Panda and post the results here once again, along with a new HijackThis log.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2005, 03:29 PM   #17 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Logfile of HijackThis v1.99.1
Scan saved at 5:27:38 PM, on 11/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Jason\Desktop\Jason's Stuff\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuup.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\ssqpm.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...16/mcgdmgr.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{808D8F99-A5A4-4423-B616-09FEA1CDB580}: NameServer = 206.47.244.59 206.47.244.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Incident Status Location

Adware:adware/blazefind No disinfected Windows Registry
Adware:Adware/Weirdontheweb No disinfected C:\!Submit\A0011756.exe
Adware:Adware/WUpd No disinfected C:\!Submit\A0011955.exe
Adware:Adware/SAHAgent No disinfected C:\!Submit\bi5.inf
Adware:Adware/WUpd No disinfected C:\!Submit\BridgeX.inf
Dialer:Dialer.B No disinfected C:\!Submit\ExeDialer.exe
Spyware:Spyware/Virtumonde No disinfected C:\asdf.exe
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3e1063ea-669934cc.zip[A.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Jason\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\archive.jar-3e1063ea-669934cc.zip[BlackBox.class]
Dialer:Dialer.B No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0011956.exe
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0011957.inf
Adware:Adware/VirtualBouncer No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP68\A0012138.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\pmnnm.dll
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2005, 05:26 PM   #18 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


Im also constantly receiving popups about a program called "WindFixer", anyone know how to get rid of that?
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-01-2005, 06:04 PM   #19 (permalink)
Assistant Manager, TSF Academy; Moderator/Analyst Security Team
 
Ried's Avatar
 
Join Date: Jan 2005
Location: Ohio
Posts: 26,934
OS: WinXP and Vista


Hi Zaise,

Download this tool and save it to your desktop. Then double click the tool and follow the instructions.

VirtumundoBeGone.exe

When its done, reboot. We will need the log that is created on your desktop called VBG.TXT in your next reply.

Open HijackThis>Config>Misc Tools>Delete a File on Reboot and copy/paste this entry into the box: Do NOT allow a reboot yet.

C:\asdf.exe

Run a scan in HijackThis. Check each of the following and hit 'Fix checked' (after checking them) if they still exist (make sure not to miss any):

O2 - BHO: MSEvents Object - {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - C:\WINDOWS\system32\ssqpm.dll
O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll

Clear your java cache once again.

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Standard CleanUp!"
*Uncheck the following:
-Delete Newsgroup cache
-Delete Newsgroup Subscriptions
-Scan local drives for temporary files
Click OK
Press the CleanUp! button to start the program. Do NOT reboot/logoff when prompted.

Run another scan at Panda and post the results here along with a new HijackThis log and the VBG.TXT.
__________________

Member of ASAP since 2005
Member of UNITE since 2006

"It is one life whether we spend it laughing or weeping." "Take the time to laugh--it is the music of the soul."
Ried is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2005, 08:23 AM   #20 (permalink)
Registered User
 
Join Date: Jun 2005
Posts: 27
OS: Windows XP


I have followed what you have told me, yet the lag is still there.

HJT

Logfile of HijackThis v1.99.1
Scan saved at 10:21:04 AM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\BRMFRSMG.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Jason\Desktop\Jason's Stuff\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zuup.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\Scansoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE ZSMC USB PC Camera
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/sh...6/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://pcpitstop.com/mhLbl.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...16/mcgdmgr.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://pcpitstop.com/antivirus/PitPav.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{808D8F99-A5A4-4423-B616-09FEA1CDB580}: NameServer = 206.47.244.59 206.47.244.87
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe


VGB


[11/02/2005, 9:24:37] - Starting Process...
[11/02/2005, 9:24:37] - Looking for Browser Helper Object [MSEvents Object]
[11/02/2005, 9:24:37] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/02/2005, 9:24:37] - 2: {FC148228-87E1-4D00-AC06-58DCAA52A4D1} - MSEvents Object
[11/02/2005, 9:24:37] - Found MSEvents Object!
[11/02/2005, 9:24:37] - File location: C:\WINDOWS\system32\ssqpm.dll
[11/02/2005, 9:24:37] - Attempting to kill C:\WINDOWS\system32\ssqpm.dll
[11/02/2005, 9:24:37] - Terminating Process: RUNDLL32.EXE
[11/02/2005, 9:24:38] - Terminating Process: IEXPLORE.EXE
[11/02/2005, 9:24:38] - Disabling Automatic Shell Restart
[11/02/2005, 9:24:38] - Terminating Process: EXPLORER.EXE
[11/02/2005, 9:24:38] - Suspending the NT Session Manager System Service
[11/02/2005, 9:24:39] - Terminating Windows NT Logon/Logoff Manager
[11/02/2005, 9:24:39] - Re-enabling Automatic Shell Restart
[11/02/2005, 9:24:39] - Renaming C:\WINDOWS\system32\ssqpm.dll -> C:\WINDOWS\system32\ssqpm.dll.vir
[11/02/2005, 9:24:40] - File successfully renamed!
[11/02/2005, 9:24:40] - Removing Registry references to {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/02/2005, 9:24:40] - Adding Internet Explorer Protection (Kill ActiveX) for {FC148228-87E1-4D00-AC06-58DCAA52A4D1}
[11/02/2005, 9:24:40] - Removing Winlogon Notify Entry: ssqpm
[11/02/2005, 9:24:40] - BHO list has been changed! Starting over...
[11/02/2005, 9:24:40] - 1: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - AcroIEHlprObj Class
[11/02/2005, 9:24:40] - Finished searching for [MSEvents Object]
[11/02/2005, 9:24:40] - Finishing up...
[11/02/2005, 9:24:40] - Enabling Automatic Reboot on STOP Error.
[11/02/2005, 9:24:40] - Attempting to Restart via STOP error (Blue Screen!)


ActiveScan


Incident Status Location

Adware:adware/blazefind No disinfected Windows Registry
Adware:Adware/Weirdontheweb No disinfected C:\!Submit\A0011756.exe
Adware:Adware/WUpd No disinfected C:\!Submit\A0011955.exe
Adware:Adware/SAHAgent No disinfected C:\!Submit\bi5.inf
Adware:Adware/WUpd No disinfected C:\!Submit\BridgeX.inf
Dialer:Dialer.B No disinfected C:\!Submit\ExeDialer.exe
Spyware:Spyware/Virtumonde No disinfected C:\asdf.exe
Dialer:Dialer.B No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0011956.exe
Adware:Adware/SAHAgent No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP67\A0011957.inf
Adware:Adware/VirtualBouncer No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP68\A0012138.exe
Spyware:Spyware/Virtumonde No disinfected C:\WINDOWS\SYSTEM32\pmnnm.dll
Zaise is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 
Page 1 of 2 1 2

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 09:15 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85