atopps Posted December 29, 2005 Report Share Posted December 29, 2005 Hello,Last night, I ventures to a website accidentally which infected my computer with numerous viruses, trojans, works, adware, spyware and just about everything else.Before the infection, I had McAfee On-Access scan, and spy-bot as my anti-virus and spyware protection. I had actually updated both right before it happened.My computer was infected with spy sheriff and various other malware which i proceeded to try and get rid of. Spy-bot was rendered useless. When I tried to open it, I got a german error message.Since, I've ran multiple other anti-spyware and anti-malware programs. Here is exactly what I have scanned with and used:XoftsyAdawareewidoTrend Micro HousecallClean UpCWShredderSome problems were fixed... yet many still persist.I took a hijackthis log, then reran some of the scans and took another log thereafter.Here are the problems I am still having, that I know of.. there may be more:-My on-access virusscan keeps popping up with 2 main viruses/trojans among others: Alt.exe1 in C:\WINNT\explorer.exeand what seems to be a random trojan, adsldpbf.dll1, aslo in the WINNT folder. There are other trojans popping up for firefox.exe as wellMy internet explorer now has 2 google toolbars for some reason, and it often hangs. When I go to close it, I receive an error for googletoolbar2.dll. Actually, I just tried to open IE right now again, and that problem SEEMS to be fixed at this moment.My Task Manager has been "disabled by the administrator" even though I am clearly the admin of my own computer.In addition.. after running housecall, this vulnerability was detected but not fixed: (MS04-041) Vulnerability in WordPad Could Allow Code Execution (885836). I'm not sure how to fix this.Here is the prescan hijackthis log:Logfile of HijackThis v1.99.1Scan saved at 11:21:53 PM, on 12/28/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINNT\system32\spoolsv.exeC:\WINNT\Explorer.EXEC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\WINNT\SM1BG.EXEC:\WINNT\system32\CTHELPER.EXEC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\WINNT\sachostx.exeC:\WINNT\system32\devldr32.exeC:\Program Files\AIM95\aim.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\WINNT\System32\nvsvc32.exeC:\WINNT\System32\tcpsvcs.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\System32\svchost.exeC:\Program Files\iPod\bin\iPodService.exeC:\WINNT\system32\sachosts.exeC:\WINNT\system32\sachostc.exeC:\WINNT\system32\sachosts.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\Documents and Settings\Alex Topiler.ALEX\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.htmlO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dllO2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO3 - Toolbar: (no name) - {C1D794EE-8B19-44EF-B8D5-6A7F34D235B8} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dllO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [sM1BG] C:\WINNT\SM1BG.EXEO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLsO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [HostSrv] C:\WINNT\sachostx.exeO4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\winnt\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exeO9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exeO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dllO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .pdbgz: C:\Program Files\Internet Explorer\PLUGINS\npchime.dllO12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dllO16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cabO16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -O20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dllO20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dllO20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dllO23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeHere is the Post-Scan Hijackthis Log:Logfile of HijackThis v1.99.1Scan saved at 10:59:36 AM, on 12/29/2005Platform: Windows XP SP2 (WinNT 5.01.2600)MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)Running processes:C:\WINNT\System32\smss.exeC:\WINNT\system32\csrss.exeC:\WINNT\system32\winlogon.exeC:\WINNT\system32\services.exeC:\WINNT\system32\lsass.exeC:\WINNT\system32\svchost.exeC:\WINNT\system32\svchost.exeC:\WINNT\System32\svchost.exeC:\Program Files\TGTSoft\StyleXP\StyleXPService.exeC:\WINNT\System32\svchost.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\spoolsv.exeC:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeC:\Program Files\ewido anti-malware\ewidoctrl.exeC:\WINNT\Explorer.EXEC:\Program Files\ewido anti-malware\ewidoguard.exeC:\Program Files\Network Associates\Common Framework\FrameworkService.exeC:\Program Files\Network Associates\VirusScan\VsTskMgr.exeC:\PROGRA~1\NETWOR~1\COMMON~1\naPrdMgr.exeC:\WINNT\System32\nvsvc32.exeC:\WINNT\System32\tcpsvcs.exeC:\Program Files\Analog Devices\SoundMAX\SMAgent.exeC:\WINNT\System32\svchost.exeC:\WINNT\system32\wdfmgr.exeC:\Program Files\Common Files\Real\Update_OB\realsched.exeC:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeC:\WINNT\SM1BG.EXEC:\WINNT\system32\CTHELPER.EXEC:\Program Files\Network Associates\VirusScan\SHSTAT.EXEC:\Program Files\Network Associates\Common Framework\UpdaterUI.exeC:\WINNT\system32\devldr32.exeC:\Program Files\iTunes\iTunesHelper.exeC:\Program Files\QuickTime\qttask.exeC:\Program Files\AIM95\aim.exeC:\Program Files\AWS\WeatherBug\Weather.exeC:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exeC:\Program Files\Logitech\SetPoint\KEM.exeC:\Program Files\Logitech\SetPoint\KHALMNPR.EXEC:\Program Files\iPod\bin\iPodService.exeC:\WINNT\System32\alg.exeC:\PROGRA~1\MOZILL~1\FIREFOX.EXEC:\WINNT\System32\wbem\wmiapsrv.exeC:\Program Files\Network Associates\VirusScan\Mcshield.exeC:\WINNT\Explorer.EXEC:\Documents and Settings\Alex Topiler.ALEX\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp_adb.../search/ie.htmlO2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dllO2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\winnt\googletoolbar2.dllO2 - BHO: CoTGT_BHO Class - {C333CF63-767F-4831-94AC-E683D962C63C} - C:\Program Files\TGTSoft\StyleXP\TGT_BHO.dllO2 - BHO: C:\WINNT\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINNT\adsldpbf.dll (file missing)O3 - Toolbar: (no name) - {C1D794EE-8B19-44EF-B8D5-6A7F34D235B8} - (no file)O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\winnt\googletoolbar2.dllO4 - HKLM\..\Run: [synchronization Manager] mobsync.exe /logonO4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osbootO4 - HKLM\..\Run: [sunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_05\bin\jusched.exeO4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWndO4 - HKLM\..\Run: [sM1BG] C:\WINNT\SM1BG.EXEO4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXEO4 - HKLM\..\Run: [updReg] C:\WINNT\UpdReg.EXEO4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartupO4 - HKLM\..\Run: [nwiz] nwiz.exe /installO4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM95\\DeadAIM.ocm",ExportedCheckODLsO4 - HKLM\..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exeO4 - HKLM\..\Run: [shStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONEO4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKeyO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottimeO4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odlO4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInitO4 - HKCU\..\Run: [sTYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -HideO4 - HKCU\..\Run: [AlexaToolbar] C:\WINNT\alt.exeO4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exeO4 - Global Startup: hp psc 1000 series.lnk = ?O4 - Global Startup: hpoddt01.exe.lnk = ?O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exeO4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXEO8 - Extra context menu item: &Google Search - res://c:\winnt\GoogleToolbar2.dll/cmsearch.htmlO8 - Extra context menu item: &Translate English Word - res://c:\winnt\GoogleToolbar2.dll/cmwordtrans.htmlO8 - Extra context menu item: Backward Links - res://c:\winnt\GoogleToolbar2.dll/cmbacklinks.htmlO8 - Extra context menu item: Cached Snapshot of Page - res://c:\winnt\GoogleToolbar2.dll/cmcache.htmlO8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000O8 - Extra context menu item: Similar Pages - res://c:\winnt\GoogleToolbar2.dll/cmsimilar.htmlO8 - Extra context menu item: Translate Page into English - res://c:\winnt\GoogleToolbar2.dll/cmtrans.htmlO9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dllO9 - Extra button: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exeO9 - Extra 'Tools' menuitem: EmpirePoker - {77E68763-4284-41d6-B7E7-B6E1F053A9E7} - C:\Program Files\EmpirePoker\EmpirePoker.exeO9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exeO9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dllO9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyPoker\IEExtension.dllO9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exeO9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .pdbgz: C:\Program Files\Internet Explorer\PLUGINS\npchime.dllO12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dllO12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dllO12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dllO16 - DPF: {8EDAD21C-3584-4E66-A8AB-EB0E5584767D} - http://toolbar.google.com/data/GoogleActivate.cabO16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_02) -O20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dllO20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dllO20 - Winlogon Notify: WRNotifier - C:\WINNT\SYSTEM32\WRLogonNTF.dllO23 - Service: Autodesk Licensing Service - Unknown owner - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exeO23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exeO23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exeO23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exeO23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exeO23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exeO23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exeO23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exeO23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exeO23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exeI really don't know what is left at this point, but I am desperate. Other viruses keep popping up on ewido and my other scanner. and my virusscan gets disabled by itself for no reason and then i have to restaart. Somebody please help at your earliest convenience!! Thank you SO MUCH!-Alex Link to post Share on other sites
atopps Posted December 31, 2005 Author Report Share Posted December 31, 2005 BUMP. Anyone?!?! cmon, its been like 4 days and no replies. please... PLEASE.. somebody help. Link to post Share on other sites
Dan Posted January 1, 2006 Report Share Posted January 1, 2006 Hi,Sorry for the delay You have a CoolWebSearch infection.Download CWShredder here to its own folder.Update CWShredder * Open CWShredder and click I AGREE * Click Check For Update * Close CWShredderBoot into Safe Mode:Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about. Reboot your computer into normal windows.Open HijackThis, click the "Scan" button, and check the following items:O2 - BHO: C:\WINNT\adsldpbf.dll - {EEE7178C-BBC3-4153-9DDE-CD0E9AB1B5B6} - C:\WINNT\adsldpbf.dll (file missing)O3 - Toolbar: (no name) - {C1D794EE-8B19-44EF-B8D5-6A7F34D235B8} - (no file)O4 - HKCU\..\Run: [AlexaToolbar] C:\WINNT\alt.exeO20 - Winlogon Notify: browsela - C:\WINNT\system32\browsela.dllO20 - Winlogon Notify: msupdate - msupdate32.dll (file missing)Close all windows except HijackThis and click the "Fix Checked" button. Close HijackThis.Locate the following file, and delete it (If Present):C:\WINNT\alt.exe << This FilePlease go HERE to run Panda's ActiveScanOnce you are on the Panda site click the Scan your PC buttonA new window will open...click the Check Now buttonEnter your CountryEnter your State/ProvinceEnter your e-mail address and click sendSelect either Home User or CompanyClick the big Scan Now buttonIf it wants to install an ActiveX component allow itIt will start downloading the files it requires for the scan (Note: It may take a couple of minutes)When download is complete, click on My Computer to start the scanWhen the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report in your next reply.Reboot and post a new HijackThis log as well as the ActiveScan log.Danny Link to post Share on other sites
Marcus Posted January 1, 2006 Report Share Posted January 1, 2006 Ay, thanks for the feedbacks. I will mos def be using this knowledge. Thanks again. Peace. Link to post Share on other sites
Matt Posted January 16, 2006 Report Share Posted January 16, 2006 Inactive topic...If you still need help on this problem, contact me or one of the Moderators to re-open this up.Topic closed. Link to post Share on other sites
Recommended Posts