1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: My log for Movieland... cause i got it too :(

Discussion in 'Virus & Other Malware Removal' started by yasmeen143, Jan 1, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    Please reply me asap thnx in advance


    Logfile of HijackThis v1.99.1
    Scan saved at 8:12:06 PM, on 01/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Quran_AR\Quran_AR.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Media Access\MediaAccK.exe
    C:\Program Files\SurfAccuracy\SAcc.exe
    C:\Program Files\Media Access\MediaAccess.exe
    C:\Program Files\ItBill\itbill.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ssqpm.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Quran_AR] C:\Program Files\Quran_AR\Quran_AR.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKLM\..\Run: [Notification Utility] "C:\Program Files\ItBill\itbill.exe"
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\UWFX5.exe" /scan
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://static.35mb.com/applet/applet_y.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133745951125
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://vchat.evoicechat.com/talk.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Welcome to TSG :)

    Click here to download the trial version of Ewido Security Suite:
    http://www.ewido.net/en/download/

    · Install Ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido.
    · It will prompt you to update click the OK button and it will go to the main screen.
    · On the left side of the main screen click update.
    · Click on Start and let it update.
    · DO NOT run a scan yet.

    Restart your computer into Safe Mode now.
    (Start tapping the F8 key at Startup, before the Windows logo screen).
    Perform the following steps in Safe Mode:

    * Run Ewido:
    Click on scanner
    Click Complete System Scan and the scan will begin.
    During the scan it will prompt you to clean files, click OK.
    When the scan is finished, look at the bottom of the screen and click the Save report button.
    Save the report to your desktop.

    Reboot.

    Post a new Hijack This log and the results of the Ewido scan.
     
  3. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    ok i did everything step until safe mode but in safe mode after i chose it my account was only one it changed into two ok then i chose administrator but after that a black screen came up sayin safe mode in four corners and nothing worked except Ctrl.Alt.Del
    so any ideas what's goin on lol
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    You can run Ewido in Normal Mode.
     
  5. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    ok im scanning but is it suppose to take long time lol sorry for bothering you all the time
     
  6. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    It's ok :) and yes, it can sometimes take a good amount of time to scan.
     
  7. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    ok cool then... im at 98% lol
     
  8. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    k so here is my ewido scan's result....

    do i need to scan hijackthis too?????



    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:29:19 PM, 01/01/2006
    + Report-Checksum: 4AE6CEF1

    + Scan result:

    HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{86227D9C-0EFE-4f8a-AA55-30386A3F5686} -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{8CBA1B49-8144-4721-A7B1-64C578C9EED7} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{A36A5936-CFD9-4B41-86BD-319A1931887F} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccX.Installer -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\MediaAccX.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{58634367-D62B-4C2C-86BE-5AAC45CDB671} -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\WUSN.1 -> Spyware.SaveNow : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Classes\YSBactivex.Installer\CLSID -> Spyware.YourSiteBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\SideFind -> Spyware.SideFind : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1577888624-1144755062-3632159406-1006\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1577888624-1144755062-3632159406-1006\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1577888624-1144755062-3632159406-1006\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1577888624-1144755062-3632159406-1006\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1577888624-1144755062-3632159406-1006\Software\PowerScan -> Spyware.PowerScan : Cleaned with backup
    [1220] C:\Program Files\Media Access\MediaAccK.exe -> Spyware.WinAD : Cleaned with backup
    [1300] C:\Program Files\Media Access\MediaAccess.exe -> Spyware.WinAD : Cleaned with backup
    [1336] C:\Program Files\ItBill\itbill.exe -> Backdoor.Agent.so : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Hotlog : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis ahm[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Revenue : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Spylog : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Trafic : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][2].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Cookies\nargis [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Local Settings\Temp\sidefind.exe -> Downloader.IstBar.jm : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Local Settings\Temp\uninstall.exe -> Downloader.IstBar.gi : Cleaned with backup
    C:\Documents and Settings\Nargis Ahmadi\Local Settings\Temporary Internet Files\Content.IE5\ZRLJZ5OW\mm[1].js -> Spyware.Chitika : Cleaned with backup
    C:\Program Files\ItBill\itbill.exe -> Backdoor.Agent.so : Cleaned with backup
    C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup
    C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup
    C:\Program Files\Media Access\MediaAccC.dll -> Adware.MediaAccess : Cleaned with backup
    C:\Program Files\Media Access\MediaAccess.exe -> Adware.MediaAccess : Cleaned with backup
    C:\Program Files\Media Access\MediaAccK.exe -> Adware.MediaAccess : Cleaned with backup
    C:\Program Files\MediaPipe\insdl.dll -> Spyware.MetaDirect : Cleaned with backup
    C:\Program Files\MediaPipe\ItBill.exe -> Backdoor.Agent.so : Cleaned with backup
    C:\Program Files\MediaPipe\register.dll -> Spyware.MetaDirect : Cleaned with backup
    C:\Program Files\SideFind\sfbho.dll -> Spyware.SideFind : Cleaned with backup
    C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
    C:\Program Files\SurfAccuracy\License.lnk -> Adware.SurfAccuracy : Cleaned with backup
    C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
    C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Cleaned with backup
    C:\Program Files\SurfAccuracy\SAccU.exe -> Adware.SurfAccuracy : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\MediaAccX.dll -> Spyware.WinAD : Cleaned with backup
    C:\WINDOWS\Downloaded Program Files\ysbactivex.dll -> Downloader.IstBar : Cleaned with backup
    C:\WINDOWS\system32\ddayx.dll -> Downloader.Small : Cleaned with backup
    C:\WINDOWS\system32\mljjh.dll -> Downloader.Small : Cleaned with backup
    C:\WINDOWS\system32\mljjk.dll -> Downloader.Small : Cleaned with backup


    ::Report End
     
  9. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Yes please.
     
  10. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    ok sure

    Logfile of HijackThis v1.99.1
    Scan saved at 9:34:44 PM, on 01/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\ACS.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\DVDRAMSV.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Quran_AR\Quran_AR.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\SAVScan.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ssqpm.dll
    O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Quran_AR] C:\Program Files\Quran_AR\Quran_AR.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [MediaPipe P2P Loader] "C:\Program Files\p2pnetworks\mpp2pl.exe" /H
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
    O4 - HKCU\..\Run: [WinFixer2005] "C:\Program Files\WinFixer 2005\UWFX5.exe" /scan
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
    O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.35mb.com/applet/applet_l.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://static.35mb.com/applet/applet_y.cab
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com/PhotoUpload/MsnPUpld.cab?10,0,910,0
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1133745951125
    O16 - DPF: {6924091F-CD97-41E1-B1D4-D9079409D413} (IMCv1 Control) - http://vchat.evoicechat.com/talk.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
    O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll
    O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\ACS.exe
    O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
     
  11. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    * Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

    *
    Click here to download Please download VundoFix.exe.
    • Save the VundoFix.exe file to your desktop.
    • Double-click VundoFix.exe to extract the files.
    • This will create a VundoFix folder on your desktop.
    • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
    • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
    • You will first be presented with a warning that should look like this
    • At this point press the Enter key on your keyboard one time.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\ssqpm.dll
    • Press Enter to continue with the fix.
    • Next you will see:
    • At this point please type the following file path (make sure to enter it exactly as below!):
      • C:\WINDOWS\system32\mpqss.*
    • Press Enter to continue with the fix.

    • If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.

    • The fix will run then HijackThis will open, if it does not open automatically please open it manually.

    • In HiJackThis, please place a check next to the following items and
      click FIX CHECKED:

      • O2 - BHO: ATLDistrib Object - {93C6313C-9DB4-4694-8BD0-E378C573A9AD} - C:\WINDOWS\system32\ssqpm.dll



        [*]O20 - Winlogon Notify: ssqpm - C:\WINDOWS\system32\ssqpm.dll

    • After you have fixed these items, close Hijackthis.

    • Press enter to exit the program then manually reboot your computer.

    • Once your machine reboots please continue with the instructions below.

    *Download Cleanup from Here
    • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
    • Click the Options... button on the right.
    • Move the arrow down to "Custom CleanUp!"
    • Put a check next to the following (Make sure nothing else is checked!):
      • Empty Recycle Bins
      • Delete Cookies
      • Cleanup! All Users
      Click OK
    • Press the CleanUp! button to start the program.
    • It may ask you to reboot at the end, click NO.

    * Run ActiveScan online virus scan here
    • When the scan is finished, anything that it cannot clean have it delete it.
    • Save the results from the scan!
    • Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
     
  12. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    i can't go to safe mode now :((
     
  13. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    Same problem as before?

    If you cannot get into safe mode & get a black screen that says "safe mode" in all 4 corners and no desktop appears then try this.

    It appears that the code in the Vundo trojan is so badly written, that many users cant go into safe mode because "explorer.exe" is occupied trying to execute these codes and occupies 100% of the CPU capacity.

    Try this procedure:

    When you come to the point where the black screen appears and the text "safe mode" is displayed in the corners,open the taskmanager (Ctrl+Alt+Del) and find "explorer.exe . Click on it in the list and click "Terminate". This will probably take several minutes.
    Once Explorer is terminated, navigating with the mouse will be easy, however you will have a desktop without icons.

    Now, remember where you installed the "VundoFix" . Open the taskmanager again, and click "File>Run" in the toolbar. Type in the filepath to the VundoFix in the scrollbar and hit enter.
    The default location of the VundoFix is here :
    C:\Documents and Settings\YOUR USERNAME\Desktop\VundoFix\KillVundo.bat . Replace "your username" with your actual one.
    Then click "ok" and if everything work as planned, you will now be able to run the VundoFix and go on with the procedure I already posted.

    Since you during this operation cant navigate via Explorer, its important that you print those instructions, both the ones here and the entire cleaning procedure for the Vundo.
     
  14. yasmeen143

    yasmeen143 Thread Starter

    Joined:
    Jan 1, 2006
    Messages:
    138
    i think it wasn't extracted so i'll try it again hope it works..
     
  15. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430165

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice