Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Closed Topic
 
Topic Tools
  #1  
Old April 12th, 2006, 02:02 PM
DoubleShimmer DoubleShimmer is offline
Member
 
Join Date: Apr 2004
Posts: 41
Desperately seeking help....

Ihave downloaded a horrible something, lol. I don't have a validated version of Windows XP running so I don't have any of the "validated microsoft updates" and can't use them. I have been very ineffectivally trying to remove what ever is in my computer and have failed miserably, lol. The infections just keep piling up in numbers. PLEASE can someone help me remove this pesky little bugger or buggers from my computer.

Thank you tremdously!

Here is my HJT Log:

Logfile of HijackThis v1.99.1
Scan saved at 8:48:38 AM, on 04/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\system32\rundll32.exe
D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
D:\WINDOWS\dHJldm9y\command.exe
D:\Program Files\Network Monitor\netmon.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\cpwvlss.exe
D:\WINDOWS\Explorer.EXE
D:\Program Files\MessengerPlus! 3\MsgPlus.exe
D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
D:\WINDOWS\SYSC00.exe
D:\WINDOWS\ms04545342738.exe
D:\WINDOWS\cpwvlssA.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\WINDOWS\system32\sms_msn40.exe
D:\WINDOWS\system32\sms_msn.exe
C:\windows\mousepad10.exe
D:\Program Files\WinAntiVirus Pro 2006\winav.exe
D:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.e xe
D:\Program Files\Trend Micro\Tmas\Tmas.exe
D:\WINDOWS\system32\ngpw40.exe
D:\Program Files\Common Files\Windows\services32.exe
D:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE
D:\Documents and Settings\trevor\Local Settings\Temp\Temporary Directory 1 for hijackthis[1].zip\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/home.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer presented by Comcast
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: Shell=Explorer.exe, D:\WINDOWS\System32\bwjds.exe
F2 - REG:system.ini: UserInit=D:\WINDOWS\system32\userinit.exe,lrqhdfo. exe
O2 - BHO: ngsh35.clsIS - {279A1B41-6CAC-4ABF-B39C-72C8E489F685} - D:\WINDOWS\system32\ngsh35.dll
O2 - BHO: RieMon Class - {70F6A776-579A-4C95-BA88-134253907752} - D:\WINDOWS\System32\irsmiibx.dll
O2 - BHO: (no name) - {7D9CB362-375B-4FB9-8024-E55079CC69D1}" - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - D:\Program Files\Yahoo!\Companion\Installs\cpn3\ycomp5_6_0_0. dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O3 - Toolbar: Toolbar888 - {77FBF9B8-1D37-4FF2-9CED-192D8E3ABA6F} - D:\Program Files\Toolbar888\ToolBar888.dll
O4 - HKLM\..\Run: [MessengerPlus3] "D:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TheMonitor] D:\WINDOWS\SYSC00.exe
O4 - HKLM\..\Run: [ms04545342738] D:\WINDOWS\ms04545342738.exe
O4 - HKLM\..\Run: [cpwvlssA] D:\WINDOWS\cpwvlssA.exe
O4 - HKLM\..\Run: [w21862f1.dll] RUNDLL32.EXE w21862f1.dll,I2 0003c164021862f1
O4 - HKLM\..\Run: [BrowserUpdateSched] D:\WINDOWS\System32\twinsraf.exe FI002
O4 - HKLM\..\Run: [sms_msn40] D:\WINDOWS\system32\sms_msn40.exe
O4 - HKLM\..\Run: [sms_msn] D:\WINDOWS\system32\sms_msn.exe
O4 - HKLM\..\Run: [keyboard] C:\windows\keyboard10.exe
O4 - HKLM\..\Run: [newname] C:\windows\newname10.exe
O4 - HKLM\..\Run: [mousepad] C:\windows\mousepad10.exe
O4 - HKLM\..\Run: [WinAntiVirusPro2006] D:\Program Files\WinAntiVirus Pro 2006\winav.exe /min
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] D:\PROGRA~1\Comcast\COMCAS~1\data\Xtras\mssysmgr.e xe
O4 - HKCU\..\Run: [gbert] D:\WINDOWS\System32\knsysa.exe reg_run
O4 - HKCU\..\Run: [irssyncd] D:\WINDOWS\System32\irssyncd.exe
O4 - HKCU\..\Run: [iuiz] D:\PROGRA~1\COMMON~1\iuiz\iuizm.exe
O4 - HKCU\..\Run: [SurfSideKick 3] D:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [services32] D:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - Startup: Zeno.lnk = D:\WINDOWS\system32\twinsraf.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = D:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://D:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://D:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download web site with Free Download Manager - file://D:\Program Files\Free Download Manager\dlpage.htm
O8 - Extra context menu item: Download with Free Download Manager - file://D:\Program Files\Free Download Manager\dllink.htm
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - D:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - D:\WINDOWS\System32\dmonwv.dll (file missing)
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: Yahoo! Dominoes - http://download.games.yahoo.com/game...s/y/dot8_x.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
O16 - DPF: {35B9DBE4-5284-46B3-9E0F-919364B22F02} (Test Class) - http://adult.www.worldgroups.com/atlweb1.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.snapfish.com/SnapfishActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {8A0DCBDB-6E20-489C-9041-C1E8A0352E75} (Mirar_Dummy_ATS1 Class) - http://awbeta.net-nucleus.com/FIX/WinATS.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9AC54695-69A4-46F1-BE10-10C74F9520D5} (elitectl.DemoCtl) - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - http://www.disney.go.com/games/downl...ameManager.cab
O16 - DPF: {F229AB32-7BF9-4225-B78F-B4680AE6FC23} (Snapfish File Upload ActiveX Control) - http://www.snapfish.com/SnapfishUpload.cab
O20 - Winlogon Notify: DateTime - D:\WINDOWS\system32\lv6409jqe.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - D:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - D:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Command Service (cmdService) - Unknown owner - D:\WINDOWS\dHJldm9y\command.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Network Monitor - Unknown owner - D:\Program Files\Network Monitor\netmon.exe
O23 - Service: Windows Overlay Components - Unknown owner - D:\WINDOWS\cpwvlss.exe
  #2  
Old April 12th, 2006, 07:13 PM
Acrobaze Acrobaze is offline
Malware Removal Team
 
Join Date: Nov 2003
O/S: Windows 10 Home
Location: France
Posts: 11,994
We help only for the validated version of Windows XP. Topic closed.
Closed Topic

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Desperately Seeking Help LoppyThug Windows Vista 6 February 14th, 2008 05:53 AM
Desperately seeking help :( WinT Windows 98 31 July 6th, 2006 07:12 PM
Please HELP . Desperately seeking help shinkansen Windows XP 1 November 4th, 2004 05:35 PM
Desperately seeking help.... DoubleShimmer Malware Removal 12 August 17th, 2004 09:11 PM
Desperately Seeking . . . Help carlygirl1973 Malware Removal 1 June 27th, 2004 04:13 AM


All times are GMT +1. The time now is 08:08 PM.