1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: Panda won't run - am I clean yet

Discussion in 'Virus & Other Malware Removal' started by thfixit, Jun 25, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. thfixit

    thfixit Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    60
    Help Help I am still eaten up with viruses and spyware!! (added 10:30 6/25)

    I am working on a friends computer. He was eaten up with viruses and spyware. Mostly clean now. AVG, AD Aware and spybot s&d look good. Superanitspyware found some things last scan and (supposedly) fixed them. I just ran HJT and would like an expert to review. Panda scan gets to the point where you click MY COMPUTER to scan and hangs when scanning processes in memory. At the bottom of the little window it says errors on page. The first time I ran Panda, it found 77 viruses and cured 75 of them but the activex controles appeared to be in spanish? I went into IE 7 and deleted one and disabled the rest of Panda's activex controls and tried it again but no help. I am going to reboot in safe mode and try Panda again because I think the first time I did it, it was in safe mode and it worked. Thanks for any and all help.

    Logfile of HijackThis v1.99.1
    Scan saved at 13:17, on 2007-06-25
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\WINDOWS\system32\bgsvcgen.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Antivirus\hijackthis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.weather.com/weather/local/30720?lswe=30720&lwsa=WeatherLocalUndeclared&from=whatwhere
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=desktop
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:8182
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {31DEF1D6-BF10-463D-87B3-E161A9410335} - C:\WINDOWS\system32\gspsapmc.dll (file missing)
    O2 - BHO: (no name) - {41717dc3-e725-40d8-9472-5365fc390f87} - C:\WINDOWS\system32\ahui386.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {639EAE30-6D82-1E03-A74D-6AE34FEFF29B} - C:\WINDOWS\system32\dtobqb.dll (file missing)
    O2 - BHO: (no name) - {6A96A037-3CD0-1C56-A34D-6AE34FEEAD91} - C:\WINDOWS\system32\eggys.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {C558FDEA-5AFB-4821-9EF3-2D10469FDE9e} - C:\WINDOWS\system32\gspsapmc.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - Global Startup: Exif Launcher 2.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182641244281
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F79037FB-5833-46E9-BF3B-0BE356C2E1D4}: NameServer = 194.54.90.226
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ahui386 - ahui386.dll (file missing)
    O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
    O20 - Winlogon Notify: xxyxvvv - xxyxvvv.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rlnnxpke.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
     
  2. thfixit

    thfixit Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    60
    I am currently running Panda in safe mode. So far detected and disinfected 1 virus. Also found 6 instances of spyware and 3 hacking tools and rootkits. I will post results as soon as they are available

    thanks
     
  3. thfixit

    thfixit Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    60
    Okay. Panda is done and it looks like I still have a few problems. Here is the report


    Incident Status Location

    Adware:adware/tubby Not disinfected c:\windows\system32\WER8274.DLL
    Adware:adware/ncase Not disinfected c:\windows\didduid.ini
    Adware:adware/twain-tech Not disinfected c:\windows\satmat.exe
    Adware:adware/topconvert Not disinfected c:\windows\updatetc.exe
    Adware:adware/sqwire Not disinfected Windows Registry
    Adware:adware/ucmore Not disinfected Windows Registry
    Potentially unwanted tool:Application/Processor Not disinfected C:\Antivirus\SmitfraudFix\SmitfraudFix\Process.exe
    Virus:Trj/Shutdown.Z Disinfected C:\Antivirus\SmitfraudFix\SmitfraudFix\restart.exe
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator.OFFICE\Desktop\ComboFix.exe[nircmd.exe]
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc124.txt
    Spyware:Cookie/did-it Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc147.txt
    Spyware:Cookie/Go Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc180.txt
    Spyware:Cookie/Target Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc336.txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc494.zip[SmitfraudFix/Process.exe]
    Virus:Trj/Shutdown.Z Disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc494.zip[SmitfraudFix/restart.exe]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc1.txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc10.txt
    Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc2.txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc3.txt
    Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc4.txt
    Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc5.txt
    Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc6.txt
    Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc7.txt
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc8.txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc9.txt
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\cxaevkeq.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\dhddvmvj.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\frggmmah.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\geedc.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\gsxaafvx.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hrkcabcy.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\hxykpysb.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\inpnusdr.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\jovojvns.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\mxikvmlv.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\ncwmulke.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\oulvyllj.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\qauqljkc.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\rffenkhx.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\sfvgkvme.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\srpswprg.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\topeiier.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\uxoxewog.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vcowisvv.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vjmktgjn.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vsvgjjfj.dll.bad
    Spyware:Spyware/Virtumonde Not disinfected C:\VundoFix Backups\vwwcciun.dll.bad
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
    Virus:Generic Trojan Not disinfected C:\WINDOWS\system32\cafes.exe[sammy3.exe]
    Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\system32\cafes.exe[stub_track3.exe]
    Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\cafez.exe[TISKY006.exe]
    Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\system32\cafez.exe[stub_track3.exe]
    Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\newcafe2.exe[TISKY004.exe]
    Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\system32\newcafe2.exe[stub_track2.exe]


    Help Help!!
     
  4. thfixit

    thfixit Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    60
    bump with latest info

    panda scan results


    Incident Status Location

    Adware:adware/tubby Not disinfected c:\windows\system32\WER8274.DLL
    Adware:adware/ncase Not disinfected c:\windows\didduid.ini
    Adware:adware/twain-tech Not disinfected c:\windows\satmat.exe
    Adware:adware/topconvert Not disinfected c:\windows\updatetc.exe
    Adware:adware/sqwire Not disinfected Windows Registry
    Adware:adware/ucmore Not disinfected Windows Registry
    Potentially unwanted tool:Application/Processor Not disinfected C:\Antivirus\SmitfraudFix\SmitfraudFix\Process.exe
    Virus:Trj/Shutdown.Z Disinfected C:\Antivirus\SmitfraudFix\SmitfraudFix\restart.exe
    Potentially unwanted tool:Application/Processor Not disinfected C:\Antivirus\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Virus:Trj/Shutdown.Z Disinfected C:\Antivirus\SmitfraudFix.zip[SmitfraudFix/restart.exe]
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\Documents and Settings\Administrator.OFFICE\Desktop\ComboFix.exe[nircmd.exe]
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\hp\bin\KillIt.exe
    Spyware:Cookie/Com.com Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc124.txt
    Spyware:Cookie/did-it Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc147.txt
    Spyware:Cookie/Go Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc180.txt
    Spyware:Cookie/Target Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc336.txt
    Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1838491132-677898891-4031639963-1009\Dc494.zip[SmitfraudFix/Process.exe]
    Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc1.txt
    Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc10.txt
    Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc2.txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc3.txt
    Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc4.txt
    Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc5.txt
    Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc6.txt
    Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc7.txt
    Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc8.txt
    Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\S-1-5-21-3831189101-1303341227-1758168141-500\Dc9.txt
    Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\nircmd.exe
    Virus:Generic Trojan Not disinfected C:\WINDOWS\system32\cafes.exe[sammy3.exe]
    Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\system32\cafes.exe[stub_track3.exe]
    Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\cafez.exe[TISKY006.exe]
    Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\system32\cafez.exe[stub_track3.exe]
    Virus:Trj/Downloader.PCQ Disinfected C:\WINDOWS\system32\ktlnqffr.exe
    Adware:Adware/Zenosearch Not disinfected C:\WINDOWS\system32\newcafe2.exe[TISKY004.exe]
    Adware:Adware/BookedSpace Not disinfected C:\WINDOWS\system32\newcafe2.exe[stub_track2.exe]
    Potentially unwanted tool:Application/Processor Not disinfected E:\SmitfraudFix.zip[SmitfraudFix/Process.exe]
    Virus:Trj/Shutdown.Z Not disinfected E:\SmitfraudFix.zip[SmitfraudFix/restart.exe]
    HJT scan results

    Logfile of HijackThis v1.99.1
    Scan saved at 11:21:11 PM, on 6/26/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.6000.16473)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\internet explorer\iexplore.exe
    C:\Antivirus\hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://ie.redirect.hp.com/svs/rdr?T...=Q305&bd=presario&pf=desktop&parm1=seconduser
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {31DEF1D6-BF10-463D-87B3-E161A9410335} - C:\WINDOWS\system32\gspsapmc.dll (file missing)
    O2 - BHO: (no name) - {41717dc3-e725-40d8-9472-5365fc390f87} - C:\WINDOWS\system32\ahui386.dll (file missing)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {639EAE30-6D82-1E03-A74D-6AE34FEFF29B} - C:\WINDOWS\system32\dtobqb.dll (file missing)
    O2 - BHO: (no name) - {6A96A037-3CD0-1C56-A34D-6AE34FEEAD91} - C:\WINDOWS\system32\eggys.dll (file missing)
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
    O2 - BHO: (no name) - {C558FDEA-5AFB-4821-9EF3-2D10469FDE9e} - C:\WINDOWS\system32\gspsapmc.dll (file missing)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [Trend Micro AntiVirus 2007] C:\Program Files\Trend Micro\AntiVirus 2007\tavui.exe -1 --delay 15
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [Srro] "C:\PROGRA~1\RACLE~1\iexplore.exe" -vt yazb
    O4 - HKCU\..\Run: [Aienu] C:\WINDOWS\system32\?icrosoft\j?vaw.exe
    O4 - HKCU\..\Run: [uimf] C:\PROGRA~1\COMMON~1\uimf\uimfm.exe
    O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
    O4 - HKCU\..\Run: [DDC] C:\WINDOWS\system32\rlnnxpke.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    O4 - Global Startup: Exif Launcher 2.lnk = ?
    O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\npjpi150_11.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MI1933~1\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O9 - Extra 'Tools' menuitem: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\tmlsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1182641244281
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{F79037FB-5833-46E9-BF3B-0BE356C2E1D4}: NameServer = 194.54.90.226
    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
    O20 - Winlogon Notify: ahui386 - ahui386.dll (file missing)
    O20 - Winlogon Notify: ssqrp - C:\WINDOWS\system32\ssqrp.dll (file missing)
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: winhoq32 - winhoq32.dll (file missing)
    O20 - Winlogon Notify: xxyxvvv - xxyxvvv.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: B's Recorder GOLD Library General Service (bgsvcgen) - B.H.A Corporation - C:\WINDOWS\system32\bgsvcgen.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\rlnnxpke.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Trend Micro AntiVirus Protection Service (tavsvc) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\tavsvc.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\AntiVirus 2007\Components\tmproxy.exe
     
  5. thfixit

    thfixit Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    60
  6. thfixit

    thfixit Thread Starter

    Joined:
    Jan 23, 2007
    Messages:
    60
    I have researched this all about the web and have extracted almost everything piece by piece. So I am going to mark it solved and start a new post with the two pieces of spyware that are left that I cannot seem to get rid of.
     
  7. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/588349

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice