Sign in to follow this  
walleyeguy7

pop ups and other problems

Recommended Posts

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 4:02:42 PM, on 12/26/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Wireless-G USB Network Adapter\WLService.exe

C:\Program Files\Wireless-G USB Network Adapter\WUSB54G.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WUSB54Gv4.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Messenger\Msmsgs.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Sony\VAIO Action Setup\VAServ.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\explorer.exe

C:\WINDOWS\system32\svcd\svchost.exe

C:\WINDOWS\system32\TmpX.exe

C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

C:\Program Files\Lavasoft\Ad-Aware 2007\Ad-Aware2007.exe

 

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1

R3 - URLSearchHook: (no name) - _{00A6FAF6-072E-44cf-8957-5838F569A31D} - (no file)

R3 - URLSearchHook: (no name) - {B4513A02-2947-FD3C-2BB9-152DE9828D74} - ABCXYZ.dll (file missing)

R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)

O1 - Hosts: localhost 127.0.0.1

O2 - BHO: Installer Class - {009506E8-8CAD-4CA9-81D4-D815E7E4330A} - (no file)

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx

O2 - BHO: (no name) - {07006EB1-8AC0-4db0-8604-3207326205D9} - C:\WINDOWS\system32\mabad.dll

O2 - BHO: 0 - {17089170-13E6-49F8-73A5-49D27840A739} - C:\Program Files\ComPlus Applications\rykiwuqig94.dll (file missing)

O2 - BHO: (no name) - {1E01A9A5-7773-469F-A1AE-E8B79EE60B22} - C:\Program Files\Outlook Express\nixydep83122.dll (file missing)

O2 - BHO: (no name) - {1E6188F0-14D9-4898-98B8-FB4282B16A15} - C:\Program Files\Outlook Express\nixydep4444.dll (file missing)

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O2 - BHO: {96d2e3f6-8974-4c98-3764-23b047b2c199} - {991c2b74-0b32-4673-89c4-47986f3e2d69} - C:\WINDOWS\system32\iavtbajs.dll (file missing)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\wdjeuode.dll (file missing)

O2 - BHO: (no name) - {BBB05D9E-0297-404D-A6BF-D8F2876B84A6} - C:\WINDOWS\system32\nnnnllk.dll (file missing)

O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll (file missing)

O2 - BHO: (no name) - {D05B775A-85AB-432D-BC82-CD93FD5EAD2A} - C:\WINDOWS\system32\geeba.dll (file missing)

O2 - BHO: SuperSecretServer.Shhh - {FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63} - C:\WINDOWS\system32\{FB0FDDBA-27C2-441E-A4A6-7EC0E9F60E63}.dll (file missing)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\system32\wdjeuode.dll (file missing)

O4 - HKLM\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKLM\..\RunServices: [iESet] IExplorer.dll .dbt

O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart

O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\Msmsgs.exe" /background

O4 - HKCU\..\Run: [boundRec] mozilla-text.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [iESet] IExplorer.dll .dbt

O4 - HKCU\..\Run: [main] C:\WINDOWS\System32\drivers\win32.exe

O4 - HKCU\..\Run: [default] C:\Documents and Settings\LocalService\desktop.exe

O4 - HKCU\..\RunOnce: [sysinit] C:\WINDOWS\System32\drivers\win32.exe

O4 - HKCU\..\RunOnce: [ati] C:\Documents and Settings\LocalService\desktop.exe

O4 - HKUS\S-1-5-18\..\Run: [iESet] IExplorer.dll .dbt (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [iESet] IExplorer.dll .dbt (User 'Default user')

O4 - Global Startup: VAIO Action Setup (Server).lnk = ?

O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: &Search - http://bar.mywebsearch.com/menusearch.html?p=ZCYYYYYYYYUS

O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm

O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm

O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL

O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe

O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople

O17 - HKLM\System\CCS\Services\Tcpip\..\{4A1C06C7-7986-4640-80F4-FFEE241B8BF6}: NameServer = 85.255.115.42,85.255.112.170

O17 - HKLM\System\CCS\Services\Tcpip\..\{4D9AF1D5-58A2-4F33-B98C-E163C3AC5C83}: NameServer = 85.255.115.42,85.255.112.170

O17 - HKLM\System\CCS\Services\Tcpip\..\{F46B6BF2-1260-40A1-A2DF-8C32159B03CC}: NameServer = 85.255.115.42,85.255.112.170

O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.115.42 85.255.112.170

O20 - AppInit_DLLs: bbbnnija.dll

O20 - Winlogon Notify: nnnnllk - nnnnllk.dll (file missing)

O20 - Winlogon Notify: wdjeuode - wdjeuode.dll (file missing)

O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe

O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\vbwdliii.exe (file missing)

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Security Service (MLQE) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

O23 - Service: WUSB54GSVC - GEMTEKS - C:\Program Files\Wireless-G USB Network Adapter\WLService.exe

O23 - Service: WUSB54Gv4SVC - GEMTEKS - C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe

O24 - Desktop Component 0: (no name) - http://www.runescape.com/img/title/wrslogo.gif

 

--

End of file - 8724 bytes

 

ad aware (400 some entrys so only copied this section):

 

Cleaned Infections

===========================

Root: HKLM Path: software\clickspring, Belonging to ClickSpring

File: C:\Documents and Settings\Owner\Local Settings\Temp\cmdinst.exe, Belonging to CmdServices

File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1016\A0197148.dll, Belonging to CmdServices

File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP996\A0193841.EXE, Belonging to CmdServices

File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1016\A0197143.dll, Belonging to Win32.TrojanClicker

File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP1016\A0197265.exe, Belonging to Hacktool.Netmon

Root: HKLM Path: software\ugcw, Belonging to AntivirusPCSuite

File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP994\A0193762.exe, Belonging to AntivirusPCSuite

File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP994\A0193768.old, Belonging to AntivirusPCSuite

File: C:\System Volume Information\_restore{8357CB77-1DBD-43BC-B2F8-E849AAB0887F}\RP994\A0193770.old, Belonging to AntivirusPCSuite

Folder: c:\UGA6P, Belonging to AntivirusPCSuite

 

End of Cleaned Infections

===========================

Share this post


Link to post
Share on other sites

help please, ie pop ups are keylogging me and then feeding me pop ups about what i typed and my pc has slowed considerably, i cant get rid of it with spy sweeper, kaspersky, spybot, avg, or ad aware. i have manually cleaned out several program files that turned out to be spyware such as 'command' but newer ones seem to keep bugging me. yahooo is the most recent, although false spyware removal programs and internet speed moniter were the most prominent. my running processes are sometimes odd, such as displaying 2-5 'explorer.exe'. can someone help me?

Share this post


Link to post
Share on other sites

Hello.walleyeguy7 & Welcome

 

Please download FixWareout from here

 

* Save it to your desktop and run it

* Click Next, then Install. Make sure "Run fixit" is checked and click Finish

* The fix will begin. Please follow the prompts

* If your firewall gives an alert (because this tool will download an additional file from the internet) please don't let your firewall block it, but allow it instead.

* Then you will be asked to reboot your computer. Please do so.

 

Your system may take longer than usual to load .... this is normal.

 

Once the desktop loads, please post the text that will open (report.txt) and a new Hijackthis log.

 

 

Gogo :)

Share this post


Link to post
Share on other sites

thank you, heres the text

 

 

Username "Owner" - 12/28/2007 17:49:55 [Fixwareout edited 9/01/2007]

 

~~~~~ Prerun check

HKLM\SOFTWARE\~\Winlogon\ "System"="kdwed.exe"

 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

"nameserver"="85.255.115.42 85.255.112.170" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4A1C06C7-7986-4640-80F4-FFEE241B8BF6}

"nameserver"="85.255.115.42,85.255.112.170" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{4D9AF1D5-58A2-4F33-B98C-E163C3AC5C83}

"nameserver"="85.255.115.42,85.255.112.170" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F46B6BF2-1260-40A1-A2DF-8C32159B03CC}

"nameserver"="85.255.115.42,85.255.112.170" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{0A89AF12-67AB-45B0-856D-C166FC75D94D}

"DhcpNameServer"="85.255.115.42,85.255.112.170" <Value cleared.

HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\interfaces\{F46B6BF2-1260-40A1-A2DF-8C32159B03CC}

"DhcpNameServer"="85.255.115.42,85.255.112.170" <Value cleared.

 

Successfully flushed the DNS Resolver Cache.

 

 

System was rebooted successfully.

 

~~~~~ Postrun check

HKLM\SOFTWARE\~\Winlogon\ "system"=""

....

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "xllsc" Value deleted

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion "ufasc" Value deleted

HKCR\CLSID\{B8C5F29F-CBE1-481B-88FC-A13D910CF660}\_h\4 Deleted.

HKCR\CLSID\{D880F750-1552-4994-95B0-7F53EEB6A523}\_h\4 Deleted.

....

~~~~~ Misc files.

C:\Documents and Settings\Owner\Application Data\kc.tmp Deleted

C:\WINDOWS\BALLOON.WAV Deleted

C:\WINDOWS\RDT.INI Deleted

C:\WINDOWS\System32\kilacln.exe Deleted

C:\Documents and Settings\Owner\Start Menu\Programs\VideoAccess Deleted

C:\WINDOWS\system32\{8A00055D-EF71-4BA4-AE82-27A6FEB1DE95}.exe Deleted

C:\WINDOWS\system32\{E0B7C85C-AD6D-428D-8A3A-B3BF605B7E8A}.exe Deleted

C:\WINDOWS\system32\{981C8E0F-4380-4CAE-A63C-EF4A7DF83CF5}.exe Deleted

C:\WINDOWS\system32\{596B225E-9340-43EA-988E-4FAB0A1D34EF}.exe Deleted

C:\WINDOWS\system32\{C8807FEF-914F-476F-A841-F03EF2FF3C66}.exe Deleted

C:\WINDOWS\system32\{DE9AE916-CD72-40F9-B7A7-041A6ED94FAF}.exe Deleted

C:\WINDOWS\system32\{0B5101C2-152E-43C5-AFF7-AB0FB6A20E9A}.exe Deleted

C:\WINDOWS\system32\{74FD5964-1892-419D-979D-72601AD8B9A6}.exe Deleted

C:\WINDOWS\system32\{3579642B-83CC-4D4F-A207-5AAE15220586}.exe Deleted

C:\WINDOWS\system32\{E85D3A5D-CFF4-4F52-865F-D39D7F8567F3}.exe Deleted

C:\WINDOWS\system32\{893428BB-10BE-47F5-82FA-14E381F5BFCB}.exe Deleted

C:\WINDOWS\system32\{B3828F2F-D54E-4BDA-AAD3-AC7E308AE420}.exe Deleted

C:\WINDOWS\system32\{2ADC2C09-0639-4426-82C9-4EF14F760EDC}.exe Deleted

C:\WINDOWS\system32\{BEBC69D1-B4FA-46D8-8325-35FA2EF88A9E}.exe Deleted

C:\WINDOWS\system32\{66D1E792-5DC1-4B4F-AB74-D3943BDC7757}.exe Deleted

C:\WINDOWS\system32\{5FBC14B2-55CF-4093-B22E-85BC59010EE5}.exe Deleted

C:\WINDOWS\system32\{793B7C7F-E6D8-498F-9C23-F153D4EFABF9}.exe Deleted

C:\WINDOWS\system32\{D58C7B02-F9E7-4622-9032-5FBFC0F0CC66}.exe Deleted

C:\WINDOWS\system32\{3FEAF93F-F7AD-475E-A599-F50567C3D137}.exe Deleted

C:\WINDOWS\system32\{DDC21519-E6C5-4B3B-A7F6-8E4293A25484}.exe Deleted

C:\WINDOWS\system32\{DDD5431C-A40E-4059-8024-B5A8E1D07696}.exe Deleted

C:\WINDOWS\system32\{5AA91A40-0EE0-4E8B-B531-7297E21B0BDF}.exe Deleted

C:\WINDOWS\system32\{F185A3AE-B5B8-4405-AB61-3C9852A2ABB3}.exe Deleted

C:\WINDOWS\system32\{C24B4C63-40B1-4205-8783-5F3C7AE72BD3}.exe Deleted

C:\WINDOWS\system32\{1F75BE62-AC54-452C-AEF4-4F4447D3BD79}.exe Deleted

C:\WINDOWS\system32\{5AFDAF4A-6D72-44A8-B318-3E38775EB856}.exe Deleted

C:\WINDOWS\system32\{6EDFF887-D64C-409D-B1CF-ADC4CECB1189}.exe Deleted

C:\WINDOWS\system32\{2B822183-1153-401F-8858-A62AF8B3C85B}.exe Deleted

C:\WINDOWS\system32\{8B5D078E-04BF-43D8-8DFA-E09A15725BC1}.exe Deleted

C:\WINDOWS\system32\{A8133B73-AF4C-447A-BD82-C8AFEAC8797E}.exe Deleted

C:\WINDOWS\system32\{7906D256-4FB6-46A5-8066-D25D2B0836D2}.exe Deleted

C:\WINDOWS\system32\{B1B75A5C-97E5-4B19-8B10-15029F575B3F}.exe Deleted

C:\WINDOWS\system32\{CFE6BD5E-C103-4083-ABE5-186BDE7D36F0}.exe Deleted

C:\WINDOWS\system32\{3BB6EA10-627B-40E9-9785-A03454515304}.exe Deleted

C:\WINDOWS\system32\{DB5BB1D2-A5E2-43A6-ABD0-2453A8AC21F0}.exe Deleted

C:\WINDOWS\system32\{AD2D0D98-0072-4056-8903-D8C1C06DDA1B}.exe Deleted

C:\WINDOWS\system32\{DEECD4A7-2BD5-45F2-ACFD-AC32B6BCF3FD}.exe Deleted

C:\WINDOWS\system32\{341BC782-00B2-4D0D-AF77-0400C51898CE}.exe Deleted

C:\WINDOWS\system32\{082064D1-E7DA-47A0-9E08-34B1F9FEC789}.exe Deleted

C:\WINDOWS\system32\{220ED789-53CD-4031-92F1-3835BD6CA4B6}.exe Deleted

C:\WINDOWS\system32\{6E49694A-9D5B-46CF-9A5B-9EAF3AE3B43E}.exe Deleted

C:\WINDOWS\system32\{6191311B-F908-400C-A507-1AE117DF7FB4}.exe Deleted

C:\WINDOWS\system32\{F66A4C5C-AFD3-40D1-8C39-966158924D7E}.exe Deleted

C:\WINDOWS\system32\{9BD9EE7B-2499-4C32-A054-4917EFD51C8F}.exe Deleted

C:\WINDOWS\system32\{B3C3FAD7-4DCF-4CE7-BE15-895A47FAC0B0}.exe Deleted

C:\WINDOWS\system32\{FBB3E46C-C1DF-438E-95DC-839BF1AB925B}.exe Deleted

C:\WINDOWS\system32\{D6DD5864-2E04-41E7-B586-7FEEF4B8CA78}.exe Deleted

C:\WINDOWS\system32\{54AC5396-E4F8-41FD-889A-EB57E8B53200}.exe Deleted

C:\WINDOWS\system32\{DE43B7A5-50BF-45EF-BBF5-9FA02DDBA493}.exe Deleted

C:\WINDOWS\system32\{AF1F5A86-C3E8-442F-B958-619C7DB0F9D0}.exe Deleted

C:\WINDOWS\system32\{4C90C8B6-931B-40EA-9AE6-B53C5AE82F33}.exe Deleted

C:\WINDOWS\system32\{EE082149-3A5C-4B2D-A18A-CC4FA6B3D65F}.exe Deleted

C:\WINDOWS\system32\{DA623ECA-1A01-4878-919B-B2360A32EE63}.exe Deleted

C:\WINDOWS\system32\{C5A6BFD4-706E-402F-9EF0-1C7CEC709C42}.exe Deleted

C:\WINDOWS\system32\{E8A78AC3-742D-4D9C-BCAE-6BE4AE7A5747}.exe Deleted

C:\WINDOWS\system32\{D16B2E36-1D69-4B88-B834-421F4B613BF6}.exe Deleted

C:\WINDOWS\system32\{813BF177-DEF9-4E11-A1F0-C20C315454E7}.exe Deleted

C:\WINDOWS\system32\{5C0F728B-D576-4691-B22F-C67819EF14B3}.exe Deleted

C:\WINDOWS\system32\{A6CB3644-047E-4397-A80B-F992C7546CB9}.exe Deleted

C:\WINDOWS\system32\{FDEE08B5-56E1-4822-B556-38082A3204F1}.exe Deleted

C:\WINDOWS\system32\{B9ABB3AC-5B01-4C90-87DB-5919CC03D21E}.exe Deleted

C:\WINDOWS\system32\{9C36B850-125A-4073-8986-940FE40DDE04}.exe Deleted

C:\WINDOWS\system32\{3B25C067-7B7E-4058-BEC9-33F766228130}.exe Deleted

C:\WINDOWS\system32\{848400A0-A6C6-4F81-8B4B-EBC1C43A83B5}.exe Deleted

C:\WINDOWS\system32\{58B3368E-6243-4D49-A046-29AA30A723DE}.exe Deleted

C:\WINDOWS\system32\{04E43A34-7F4F-42A2-8EBA-7CD617D3B42A}.exe Deleted

C:\WINDOWS\system32\{C232C903-B196-428D-8197-92EE2BB41650}.exe Deleted

C:\WINDOWS\system32\{2BD9F7AF-F6F2-4332-9655-958433BAA8F9}.exe Deleted

C:\WINDOWS\system32\{EEC1E184-634B-481C-8FE1-F81E98E66FBE}.exe Deleted

C:\WINDOWS\system32\{FD3C26CD-9491-4133-B723-950174C82771}.exe Deleted

C:\WINDOWS\system32\{CA7FE764-A854-495D-8C45-2DDCD78519D6}.exe Deleted

C:\WINDOWS\system32\{38E83633-92AC-4676-9992-BF42B0D93E8A}.exe Deleted

C:\WINDOWS\system32\{F92CF130-E96B-4CA5-8A56-04A815353314}.exe Deleted

C:\WINDOWS\system32\{D08FCA84-1D2C-4C82-A7F1-9F64C9208B89}.exe Deleted

C:\WINDOWS\system32\{953C1FBB-9224-4AA0-92A7-3749C0C66B9D}.exe Deleted

C:\WINDOWS\system32\{71068A6D-1F4D-4F0B-A04A-49DDA307E060}.exe Deleted

C:\WINDOWS\system32\{4FD9FCA6-A746-44BD-9E9B-6D55E3BC6953}.exe Deleted

C:\WINDOWS\system32\{CEC06686-664D-4E6E-A1FA-9F3F5724036E}.exe Deleted

C:\WINDOWS\system32\{3B67D721-ABBE-43D8-A98D-0A28E762A644}.exe Deleted

C:\WINDOWS\system32\{AD110C1A-C2C0-4517-A2DD-F6F22E95ECDE}.exe Deleted

C:\WINDOWS\system32\{0DFF4D16-6075-46AD-A5EF-85AFDD482D08}.exe Deleted

C:\WINDOWS\system32\{D7111C64-8E12-4976-B170-229BFBDE548C}.exe Deleted

C:\WINDOWS\system32\{A4306DDA-7EFA-414D-B7E8-2ECCA2D2328B}.exe Deleted

C:\WINDOWS\system32\{E8BAAA88-03D3-4000-8FAD-1EAC0E933C06}.exe Deleted

C:\WINDOWS\system32\{F86EEB15-CD2F-4851-9910-A75CCC4203F2}.exe Deleted

C:\WINDOWS\system32\{A4B62367-8B29-4D96-99A2-CA85F5F3E74A}.exe Deleted

C:\WINDOWS\system32\{33891314-B32B-42D7-9A1A-24DA26B75ECE}.dll Deleted

C:\WINDOWS\system32\{F69C6065-0ED6-42DB-83C7-99BB4DBA5592}.dll Deleted

C:\WINDOWS\system32\{AFCB9D89-3DDF-4F06-B49D-BE21D5DB6E83}.dll Deleted

C:\WINDOWS\system32\{923144BB-A674-4208-824C-7D7DA706E23E}.dll Deleted

C:\WINDOWS\system32\{6D8CC21A-EE91-4967-AA99-012A3053061C}.dll Deleted

C:\WINDOWS\system32\{1056FBF5-B104-45AF-A807-0E4A175B87D7}.dll Deleted

C:\WINDOWS\system32\{1B5A4015-E4EF-4082-BA88-2EED76662064}.dll Deleted

C:\WINDOWS\system32\{767E5A87-5F91-4D62-AF88-0B422680D19C}.dll Deleted

C:\WINDOWS\system32\{47B8AC61-D418-42B7-B2CE-39BC5FD84D74}.dll Deleted

C:\WINDOWS\system32\{C3FD2478-5003-41EB-B17C-F523D3135E42}.dll Deleted

C:\WINDOWS\system32\{871098CB-201D-4321-BA1F-118965140FB0}.dll Deleted

C:\WINDOWS\system32\{D4ED38E4-F5B7-40E9-8DAE-72F586C54170}.dll Deleted

C:\WINDOWS\system32\{BC56E1F7-B415-4C52-AAEA-7DBFA63A19F9}.dll Deleted

C:\WINDOWS\system32\{0B5655D4-A9B9-4DCD-823A-68DB5D132C47}.dll Deleted

C:\WINDOWS\system32\{7D99E1FA-EDF6-428A-A12A-B5BD5CAAF2EE}.dll Deleted

C:\WINDOWS\system32\{C93E315C-41C9-480B-AED0-106E08EB248F}.dll Deleted

C:\WINDOWS\system32\{173AAC4E-5CDC-4224-BEF9-E0520463FC80}.dll Deleted

C:\WINDOWS\system32\{3370158B-D209-48B6-818F-8C324F09C2AD}.dll Deleted

C:\WINDOWS\system32\{16B3DBA3-AFCF-4B09-BBDF-EEBEFF265A7D}.dll Deleted

....

~~~~~ Checking for older varients.

....

 

~~~~~ Current runs (hklm hkcu "run" Keys Only)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IESet"="IExplorer.dll .dbt"

 

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\" /WinStart"

"MSMSGS"="\"C:\\Program Files\\Messenger\\Msmsgs.exe\" /background"

"BoundRec"="mozilla-text.exe"

"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

"main"="C:\\WINDOWS\\System32\\drivers\\win32.exe"

"default"="C:\\Documents and Settings\\LocalService\\desktop.exe"

"IESet"="IExplorer.dll .dbt"

....

Hosts file was reset, If you use a custom hosts file please replace it...

~~~~~ End report ~~~~~

Share this post


Link to post
Share on other sites
Sign in to follow this