Solved: My Neices Computer

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Spinner221

Thread Starter
Joined
Dec 28, 2005
Messages
5
Hi All, Happy New Year Allmost,

I gave my neice a computer last year and at Christmas this year I was informed that her anti virus hadn't been working since march. I did all the usual clean up. Browser was hijacked so I removed Internet Explorer through windows add remove programs, windows componants. I installed firefox then Installed Trend Micro pc-cillin, removed temp files, removed all of what I could remove of spyware and adware uninstalled suspicious programs (some wouldn't uninstall). I went to msconfig and unchecked suspicious programs that were starting. After running anti virus full system scan it found 1300+ instances of suspected problems (has to be a record :confused: ). (most were tracking cookies) 6 Trojens, 4 were quarentiened. I just did Trend Micro's house call and it said the system was clean but I don't beleive it.

I'm having trouble getting the rest of the machine cleaned up.

I truly appreiciate any help with this Hijack This Log. :)

Logfile of HijackThis v1.99.1
Scan saved at 9:09:58 PM, on 12/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\rq8sccxw\rq8sccxw.exe
C:\DOCUMENTS AND SETTINGS\ALL USERS\START MENU\PROGRAMS\STARTUP\OWGW.EXE
C:\Program Files\rq8sccxw\23321844.exe
C:\Program Files\rq8sccxw\rq8sccxw.exe
C:\WINDOWS\system32\PackethSvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\DOCUME~1\Ellie\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.passthison.com/r4/?s43
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {38C456D2-6A18-4D02-8288-972F41AA048C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {406D386B-BD8E-439F-B2DF-CBCE1B0DD6C8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {66BAF67B-0C5A-4B08-A732-4429A1DA2EFD} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {74B8EE65-CA7D-45CA-B47C-95BD4666B807} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {87CF6972-30C4-40A5-B886-021F9BDA1D43} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AAB86E08-40F6-4216-8BCC-8C43A66E377D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C2487315-0B60-4EE1-9554-1F4CC5E28AF3} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D54386C5-5175-400C-8EC5-C00F800E9F59} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DB1F1A6C-5379-B17A-3D73-B5D3A194D9D4} - C:\WINDOWS\Cyteuhki.dll
O2 - BHO: (no name) - {E8FD6B14-9820-4DC1-B74F-F2D451E242D4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EB7F9CE7-1D4E-48E6-9C80-A58B42CFFC29} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: CATLEvents Object - {ED5ABC42-8E4F-4C39-9972-F0CF619D672F} - C:\DOCUME~1\Ellie\LOCALS~1\Temp\lldbil.dat (file missing)
O2 - BHO: (no name) - {F0FFE509-6E7F-423F-B122-736FD0B40DFC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F28D08C8-C436-46E2-9DD3-3BF99B2B49CE} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F899687D-CA4F-4400-9981-1BC5535AA3AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: Search - {3A6BD87E-7C2D-2227-83BD-878CCE844D76} - C:\WINDOWS\Cyteuhki.dll
O4 - HKLM\..\Run: [*libdll] C:\WINDOWS\Fonts\libdll.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [rq8sccxw] C:\Program Files\rq8sccxw\rq8sccxw.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pqrqiy.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - Global Startup: owgw.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDTInc/ie/bridge-c441.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {486E48B5-ABF2-42BB-A327-2679DF3FB822} - http://akamai.downloadv3.com/binaries/IA/ia_XP.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {94742E3F-D9A1-4780-9A87-2FFA43655DA2} - http://akamai.downloadv3.com/binaries/DialHTML/EGDHTML_US_pack_XP.cab
O16 - DPF: {B8AB2281-447F-482B-86E9-1F0ED5973637} - http://www.isurfplus.com/sure.cab
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Welcome to TSG :)

Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

Spinner221

Thread Starter
Joined
Dec 28, 2005
Messages
5
Cheeseball81,

Thanks for the WELCOME and for the advice and instructions. I followed them to the T, the Ewido scan in safe mode took about 5 hrs and found 263 infected objects.

As requested here are the Ewido scan results and the Hijack This log file.

Should I instruct Hijack This to fix anything? The system is running much better now. (y) Is there a risk of these coming back?

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 11:51:53 AM, 12/29/2005
+ Report-Checksum: 9AB7722D

+ Scan result:

HKLM\SOFTWARE\180solutions -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\180solutions -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00041A26-7033-432C-94C7-6371DE343822} -> Spyware.SearchEnhancement : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0019C3E2-DD48-4A6D-ABCD-8D32436323D9} -> Spyware.BookedSpace : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00320615-B6C2-40A6-8F99-F1C52D674FAD} -> Spyware.Transponder : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{01F44A8A-8C97-4325-A378-76E68DC4AB2E} -> Spyware.IEPlugin : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{270B845C-712C-4773-BEE0-AE2D2001CD0F} -> Spyware.EZCybersearch : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3EC8E271-FAB9-418A-8A8E-65AEB4029E64} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5F1ABCDB-A875-46C1-8345-B72A4567E486} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{965E6B07-6832-4738-BDBE-25F226BA2AB0} -> Spyware.AdultLinks : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.Mirar : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AEECBFDA-12FA-4881-BDCE-8C3E1CE4B344} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{ED5ABC42-8E4F-4C39-9972-F0CF619D672F} -> Spyware.VirtuMonde : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\msbb -> Spyware.180Solutions : Cleaned with backup
HKU\S-1-5-21-1292428093-1677128483-1060284298-1004\Software\Updater -> Spyware.KeenValue : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.27:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Ellie\Application Data\Mozilla\Firefox\Profiles\ba8ktyrv.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Ellie\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\marla\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\marla\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\marla\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\marla\Cookies\[email protected][1].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\marla\Cookies\[email protected][2].txt -> Spyware.Cookie.Specificpop : Cleaned with backup
C:\Documents and Settings\marla\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\marla\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\marla\Local Settings\Temp\Patch281.exe -> Dropper.Agent.aa : Cleaned with backup
C:\Program Files\n-CASE -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\n-CASE\cards16.ico -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\n-CASE\cards32.ico -> Spyware.180Solutions : Cleaned with backup
C:\Program Files\rq8sccxw\kks2m9ii.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\rq8sccxw\rq8sccxw.exe -> Backdoor.Ruledor.g : Cleaned with backup
C:\Program Files\rq8sccxw\rq8sccxw1\rq8sccxw1.dll -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\rq8sccxw\rq8sccxw1\rq8sccxw1.exe -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\rq8sccxw\yslhvc3d.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\sacc.cfg.2bd846374c9e80ebf237f1fa14e20a1f -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\sacc.cfg.3984f99798270a6e79a75f1286ae46ee -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\sacc.cfg.cc69e3d6208b8f2af61fd4db9cb4d40d -> Adware.SurfAccuracy : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADBN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADBN3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADTMI1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVC3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ADVCTX2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI50.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIB9894.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIC29667.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASID12180.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIE17070.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEZ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIF29819.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIF4502.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIFA15376.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIFWH29233.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIG21943.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIGT10102.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIH21180.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIH7853.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIHD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASII21469.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIKAB.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIKAB2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIL18549.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASILS29399.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIM4381.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIM9740.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIMBC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIOG19375.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIOT25456.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIPF1965.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIR21184.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRCP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRCPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRE20082.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIS24110.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIS31590.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISS2RE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISSRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIT17011.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIT26116.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIW11211.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIWS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIWS3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\AUTOS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\AUTOS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BID1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\BingoRoom1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\bspace.html -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARD2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CARS3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CASH2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CCS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\CW2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DATE3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DATE4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DEBT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\DENT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EDU1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EML1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FAST1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FINC1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FINC3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FINC5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FLWR1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\FMND1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HEAL5.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HEBE3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HERBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\HOGAR3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INK1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INSUR1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\INSUR4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\JOBS4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\KanFinance3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MORT1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MORT4.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MOVS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\MOVS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\NEWS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\NEWS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\OPPR2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\OPPR3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\OPPS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SHOP1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SHOP2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPEC1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TECH2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMP1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMP3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPET.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPF.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFAM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFI.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFIN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPG.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPHL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPJ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPMTV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSHOP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPW.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TRVL6.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TV1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TVMX.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\UTONE2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\UTONE3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\VENUE1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WEBS2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WOMEN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WOMEN2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\WWW3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\XTFL2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ZNETGP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\Cyteuhki.dll -> Adware.BookedSpace : Cleaned with backup
C:\WINDOWS\mezdraym.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\mnopytre.exe -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\rpmgkw.exe -> Downloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\system32\cdmagent\qevbdcfoap.dll -> Spyware.SmartPops : Cleaned with backup
C:\WINDOWS\system32\ffkfjdg.dll -> Downloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\system32\iltdhya.exe -> Downloader.Agent.ae : Cleaned with backup
C:\WINDOWS\system32\ispsoqa.dll -> Downloader.Qoologic.az : Cleaned with backup
C:\WINDOWS\system32\jvdvskc.exe -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\kqrqe.dll -> Downloader.Small : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Spyware.RK : Cleaned with backup
C:\WINDOWS\system32\surebar.dll -> Spyware.SureBar : Cleaned with backup
C:\WINDOWS\urswr.exe -> Downloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\wt\wtvh.dll -> Spyware.WildTangent : Cleaned with backup


::Report End

---------------------------------------------------------
Hijack This LOG:
---------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 11:59:59 AM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\PROGRAM FILES\TREND MICRO\TMAS\TMAS.EXE
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Documents and Settings\Ellie\Desktop\HijackThis.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.passthison.com/r4/?s43
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {38C456D2-6A18-4D02-8288-972F41AA048C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {406D386B-BD8E-439F-B2DF-CBCE1B0DD6C8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {66BAF67B-0C5A-4B08-A732-4429A1DA2EFD} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {74B8EE65-CA7D-45CA-B47C-95BD4666B807} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {87CF6972-30C4-40A5-B886-021F9BDA1D43} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AAB86E08-40F6-4216-8BCC-8C43A66E377D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C2487315-0B60-4EE1-9554-1F4CC5E28AF3} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D54386C5-5175-400C-8EC5-C00F800E9F59} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DB1F1A6C-5379-B17A-3D73-B5D3A194D9D4} - C:\WINDOWS\Cyteuhki.dll (file missing)
O2 - BHO: (no name) - {E8FD6B14-9820-4DC1-B74F-F2D451E242D4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EB7F9CE7-1D4E-48E6-9C80-A58B42CFFC29} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F0FFE509-6E7F-423F-B122-736FD0B40DFC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F28D08C8-C436-46E2-9DD3-3BF99B2B49CE} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F899687D-CA4F-4400-9981-1BC5535AA3AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: Search - {3A6BD87E-7C2D-2227-83BD-878CCE844D76} - C:\WINDOWS\Cyteuhki.dll (file missing)
O4 - HKLM\..\Run: [*libdll] C:\WINDOWS\Fonts\libdll.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [rq8sccxw] C:\Program Files\rq8sccxw\rq8sccxw.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pqrqiy.exe reg_run
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Thanks for your help!!!! :D

Spinner221
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Download KillBox here: http://www.downloads.subratam.org/KillBox.zip
Save it to your desktop.
DO NOT run it yet.

Rescan with Hijack This.
Close all browser windows except Hijack This.
Put a check mark beside these entries and click "Fix Checked".

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.iquicksearch.net/search.htm
O2 - BHO: (no name) - SOFTWARE - (no file)
O2 - BHO: (no name) - {38C456D2-6A18-4D02-8288-972F41AA048C} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {406D386B-BD8E-439F-B2DF-CBCE1B0DD6C8} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {66BAF67B-0C5A-4B08-A732-4429A1DA2EFD} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {74B8EE65-CA7D-45CA-B47C-95BD4666B807} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {87CF6972-30C4-40A5-B886-021F9BDA1D43} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {AAB86E08-40F6-4216-8BCC-8C43A66E377D} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {C2487315-0B60-4EE1-9554-1F4CC5E28AF3} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {D54386C5-5175-400C-8EC5-C00F800E9F59} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {DB1F1A6C-5379-B17A-3D73-B5D3A194D9D4} - C:\WINDOWS\Cyteuhki.dll (file missing)
O2 - BHO: (no name) - {E8FD6B14-9820-4DC1-B74F-F2D451E242D4} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {EB7F9CE7-1D4E-48E6-9C80-A58B42CFFC29} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F0FFE509-6E7F-423F-B122-736FD0B40DFC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F28D08C8-C436-46E2-9DD3-3BF99B2B49CE} - C:\Program Files\CSBB\CSBB.dll (file missing)
O2 - BHO: (no name) - {F899687D-CA4F-4400-9981-1BC5535AA3AC} - C:\Program Files\CSBB\CSBB.dll (file missing)
O3 - Toolbar: Search - {3A6BD87E-7C2D-2227-83BD-878CCE844D76} - C:\WINDOWS\Cyteuhki.dll (file missing)
O4 - HKLM\..\Run: [*libdll] C:\WINDOWS\Fonts\libdll.exe
O4 - HKLM\..\Run: [rq8sccxw] C:\Program Files\rq8sccxw\rq8sccxw.exe
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\system32\pqrqiy.exe reg_run
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab


Boot into Safe Mode.

Double-click on Killbox.exe to run it.
Now put a tick by Standard File Kill.
In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file.
It will ask for confimation to delete the file.
Click Yes.
Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\Fonts\libdll.exe
C:\Program Files\rq8sccxw\rq8sccxw.exe
C:\WINDOWS\system32\pqrqiy.exe


Note: It is possible that Killbox will tell you that one or more files do not exist.
If that happens, just continue on with all the files. Be sure you don't miss any.

Exit the KillBox.

Find and delete this folder: C:\Program Files\rq8sccxw

Also in Safe Mode navigate to the C:\Windows\Temp folder.
Open the Temp folder and go to Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

Go to Start > Run and type %temp% in the Run box.
The Temp folder will open. Click Edit > Select All then Edit > Delete to delete the entire contents of the Temp folder.

It's normal if some files don't delete!

Finally go to Control Panel > Internet Options.
On the General tab under "Temporary Internet Files" Click "Delete Files".
Put a check by "Delete Offline Content" and click OK.
Click on the Programs tab then click the "Reset Web Settings" button.
Click Apply then OK.

Empty the Recycle Bin.

Reboot, post a new log.
 

Spinner221

Thread Starter
Joined
Dec 28, 2005
Messages
5
Cheeseball81,

Wow it's comming along. Did the Hijack "Fix Selected" as recommended, booted to safe mode and followed your recommendations. the 3 files that I was suposed to use KillBox to delete were not found.. (normal I guess?)

I did the rest of the deleteing, reboot to windows, I should note, when I was booting to windows I received an error message "Stuck Key" I selected Esc to continue.

Here is the Hijack This Log File;

Logfile of HijackThis v1.99.1
Scan saved at 4:27:49 PM, on 12/29/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\SYSTEM32\SVCHOST.EXE
C:\WINDOWS\SYSTEM32\SPOOLSV.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe
C:\Program Files\Java\jre1.5.0\bin\jusched.exe
C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE
C:\PROGRAM FILES\TREND MICRO\TMAS\TMAS.EXE
C:\WINDOWS\system32\PackethSvc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PCCTLCOM.EXE
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TMPFW.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TSC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Ellie\Desktop\HijackThis.exe
\?\C:\WINDOWS\system32\WBEM\WMIADAP.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.passthison.com/r4/?s43
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0\bin\jusched.exe
O4 - HKLM\..\Run: [QveCtl2Tray] C:\Program Files\Philips\PSA2\skin\QveCplSk.EXE C:\Program Files\Philips\PSA2\skin
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O4 - Global Startup: Wal-Mart Connect Tray Icon.lnk = C:\Program Files\wmconnect\wmtray.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\system32\PackethSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
 

Spinner221

Thread Starter
Joined
Dec 28, 2005
Messages
5
Spinner221: Oh my god Cheeseball81, there's a WindoOOOows OS on this computer. It's working properly, 'Oooooo.'
Cheeseball81: Spinner221, Run every anti spyware program and scan your computer 20 times a day in and out of safe mode and it may stay that way for a week.:D


Cheeseball81, You Did It, Thank you, Thank you, Thank you!

I made a donation to TSG. Everyone should donate $$$, you guys are the best. (y)

Spinner221
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
LOL you're welcome :)

Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.

You can mark your thread "Solved" from the Thread Tools drop down menu.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top