|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
March 2nd, 2005, 03:25 AM
|
|||
|
|||
|
Computer slow and lots of pop ups
Ran Ad-Aware and spybot in safe mode and deleted everything they found. Ran Hijackthis in safe mode here are the results:
Logfile of HijackThis v1.99.1 Scan saved at 5:52:43 PM, on 3/1/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\PROGRA~1\Toolbar\TBPS.exe C:\PROGRA~1\Toolbar\PIB.exe c:\PROGRA~1\Toolbar\radio.exe C:\WINDOWS\system\abr.exe C:\windows\system\hpsysdrv.exe C:\WINDOWS\System32\hkcmd.exe C:\WINDOWS\system32\dla\tfswctrl.exe C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe C:\PROGRA~1\mcafee.com\agent\McUpdate.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\WINDOWS\System32\Ectexu.exe C:\WINDOWS\System32\Bzvgxf.exe C:\Program Files\mup5be26\mup5be26.exe C:\WINDOWS\System32\ap9h4qmo.exe C:\WINDOWS\System32\rcitpki.exe C:\WINDOWS\system\klwox.exe C:\WINDOWS\System32\sysmonnt.exe C:\WINDOWS\System32\pywrt4.exe C:\Program Files\AIM\aim.exe C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE C:\program files\internet explorer\iexplore.exe C:\Compaq\EAKDRV\EAUSBKBD.EXE C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe C:\WINDOWS\System32\PackethSvc.exe C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe C:\WINDOWS\wanmpsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\Program Files\iPod\bin\iPodService.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\System32\wuauclt.exe C:\program files\internet explorer\iexplore.exe C:\Program Files\mup5be26\mup5be261\mup5be261.exe C:\Program Files\HiJackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50220 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.42.87.219/sidesearch.html R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.suscombroadband.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://store.presario.net/scripts/re...c=2c02&lc=0409 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yessen.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50220 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yessen...search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://store.presario.net/scripts/re...c=1c02&lc=0409 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50220 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Compaq R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {075E302E-7600-4222-A4BE-6BD28E402EF9} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {11258B92-13F8-40CB-A2AB-32FE069DD4D3} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {14EDA226-0C48-433A-84BF-4230920AF8E3} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: SDWin32 Class - {16307DF7-1476-41A9-85D7-2BB1B26F7AAF} - C:\WINDOWS\System32\likqw.dll O2 - BHO: (no name) - {1D9E33DA-EB90-4EE2-969C-65CE49DEC109} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\Owner\LOCALS~1\Temp\bdelo.dat (file missing) O2 - BHO: (no name) - {32D513EA-20EB-4411-BF3D-08BAFB88EED1} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll O2 - BHO: (no name) - {57ECEF4A-3F53-41FB-A65B-A77037048F33} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll O2 - BHO: (no name) - {70C2A170-7B8A-467E-9125-15EE0ED51992} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {749AF18C-E98C-4876-B49D-1AC0A9547EFA} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {7A64B71A-B088-476C-BF02-CC828E5E9853} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {7D5D51C6-D61B-483A-8DFB-3D466C53FB34} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: CATLEvents Object - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\Owner\LOCALS~1\Temp\rba.dat O2 - BHO: (no name) - {A18795AC-E259-43B6-AA52-2BA20922C831} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: (no name) - {B9E7CAC8-F4D9-45C2-90B6-8119051D3CC5} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {BC7AC5A8-3692-480A-B79D-998270985312} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {BE9DDB08-4360-4837-852B-2EC409299A3A} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325} - C:\Documents and Settings\All Users\Application Data\linkbho\LinkBHO.dll O2 - BHO: (no name) - {D3F9DABC-3AC4-4597-9582-F9A4E454CC4B} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\Owner\LOCALS~1\Temp\litupxe.dat (file missing) O2 - BHO: (no name) - {D6C0A4E2-49F8-49FE-A975-66DCA1AA8D0A} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: SDWin32 Class - {DE1B1360-CB1A-43A6-BD29-554244180768} - C:\WINDOWS\System32\fldbj.dll O2 - BHO: (no name) - {E1E551FC-566E-4F2A-8368-95059D833A1B} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {E73678BD-5530-4B08-B0F9-EBE5952B4EB9} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {E7EB94EC-7223-455B-935F-84D4FE098916} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) O2 - BHO: (no name) - {EF15F9CF-A8AB-4A04-9B6F-89EC4BBBD5C5} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {F0D79C02-2764-4BAA-AE45-09B5E244BB06} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {F1895A8E-15D4-4E50-96C1-93FF61D493EC} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {FBDB6FC1-C7C7-4837-9029-EC6ABFD4D86E} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\Owner\LOCALS~1\Temp\lldksat.dat O2 - BHO: SST - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\Program Files\Lycos\sst.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O3 - Toolbar: AIM Search - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\Update Manager\sgtray.exe" /r O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE O4 - HKLM\..\Run: [WCOLOREAL] "C:\Program Files\COMPAQ\Coloreal\coloreal.exe" O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe O4 - HKLM\..\Run: [AGNTEK] C:\WINDOWS\AGNTEK.exe O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe O4 - HKLM\..\Run: [*java] C:\WINDOWS\java\Packages\java.exe O4 - HKLM\..\Run: [*drvexp] C:\WINDOWS\repair\drvexp.exe O4 - HKLM\..\Run: [*javams] C:\WINDOWS\javams.exe O4 - HKLM\..\Run: [*syswave] C:\WINDOWS\system32\dllcache\syswave.exe O4 - HKLM\..\Run: [*mscom] C:\WINDOWS\system32\npp\mscom.exe O4 - HKLM\..\Run: [*accdvd] C:\WINDOWS\java\Packages\accdvd.exe O4 - HKLM\..\Run: [*runcat] C:\WINDOWS\Fonts\runcat.exe O4 - HKLM\..\Run: [*odbcmc] C:\WINDOWS\Cursors\odbcmc.exe O4 - HKLM\..\Run: [*vgatapi] C:\WINDOWS\system\vgatapi.exe O4 - HKLM\..\Run: [*abrsys] C:\WINDOWS\abrsys.exe O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe O4 - HKLM\..\Run: [likqwc] C:\WINDOWS\System32\likqwc.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ectexu.exe O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Bzvgxf.exe O4 - HKLM\..\Run: [mup5be26] C:\Program Files\mup5be26\mup5be26.exe O4 - HKLM\..\Run: [fldbjc] C:\WINDOWS\System32\fldbjc.exe O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe O4 - HKLM\..\Run: [q73P36e] rcitpki.exe O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O4 - HKLM\..\RunOnce: [*abr] C:\WINDOWS\system\abr.exe rerun O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt O4 - HKCU\..\Run: [bwsFRWKpj] pywrt4.exe O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000 O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://store.presario.net/scripts/redirectors/presario/storeredir2.dll?s=consumerfav&c=2c02&lc=0409 O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.av.aol.com/molbin/sh...7/mcinsctl.cab O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.av.aol.com/molbin/sh...18/mcgdmgr.cab O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll O20 - Winlogon Notify: abr - C:\DOCUME~1\Owner\LOCALS~1\Temp\rba.dat O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe O23 - Service: Compaq Advisor (Compaq_RBA) - NeoPlanet - C:\Program Files\compaq\Compaq Advisor\bin\compaq-rba.exe O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe O23 - Service: Virtual NIC Service (PackethSvc) - America Online, Inc. - C:\WINDOWS\System32\PackethSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe Thanks alot!! 
|
|
#2
March 4th, 2005, 08:21 AM
|
|||
|
|||
|
Hi JP_17315
A bit of work to do, but print this out or save to notepad and follow the steps and you should be OK. Uninstall the following via the Add/Remove Programs ,if they exist: MySearch / MyWay Viewpoint WeatherBug 2. Close ALL Internet Explorer Windows, only have HijackThis running. Open HijackThis, and tick the boxes for the below entries, then click on "Fix checked" R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://69.42.87.219/sidesearch.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.websearch.com/ie.aspx?tb_id=50220 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://69.42.87.219/sidesearch.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://rd.yahoo.com/customize/yesse...//www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50220 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://rd.yahoo.com/customize/yesse.../search/ie.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.websearch.com/ie.aspx?tb_id=50220 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\PROGRA~1\Toolbar\toolbar.dll/sa R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: (no name) - {017C20C1-F86F-11D8-9B25-000ACD002AE3} - C:\WINDOWS\Helper101.dll O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O2 - BHO: (no name) - {075E302E-7600-4222-A4BE-6BD28E402EF9} - C:\Program Files\CSBB\CSBB.dll (file missing) O2 - BHO: (no name) - {11258B92-13F8-40CB-A2AB-32FE069DD4D3} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {14EDA226-0C48-433A-84BF-4230920AF8E3} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: SDWin32 Class - {16307DF7-1476-41A9-85D7-2BB1B26F7AAF} - C:\WINDOWS\System32\likqw.dll O2 - BHO: (no name) - {1D9E33DA-EB90-4EE2-969C-65CE49DEC109} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: CATLEvents Object - {2527BEEF-1B3C-4D3B-98F0-7F3C1EB910A0} - C:\DOCUME~1\Owner\LOCALS~1\Temp\bdelo.dat (file missing) O2 - BHO: (no name) - {32D513EA-20EB-4411-BF3D-08BAFB88EED1} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: MSW.cIExplorer - {4B57B77A-B130-4EB8-8CFB-42B880F6D311} - C:\Documents and Settings\All Users\Application Data\msw\MSW.dll O2 - BHO: (no name) - {57ECEF4A-3F53-41FB-A65B-A77037048F33} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: CAUN Object - {59F12660-2B92-4554-98F9-87295AD8A0CE} - C:\WINDOWS\System32\AUNBHO.dll O2 - BHO: (no name) - {70C2A170-7B8A-467E-9125-15EE0ED51992} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {749AF18C-E98C-4876-B49D-1AC0A9547EFA} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {7A64B71A-B088-476C-BF02-CC828E5E9853} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {7D5D51C6-D61B-483A-8DFB-3D466C53FB34} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {8952A998-1E7E-4716-B23D-3DBE03910972} - C:\PROGRA~1\Toolbar\toolbar.dll O2 - BHO: CATLEvents Object - {98BC949B-3D81-4750-836F-4BC57BD032EE} - C:\DOCUME~1\Owner\LOCALS~1\Temp\rba.dat O2 - BHO: (no name) - {A18795AC-E259-43B6-AA52-2BA20922C831} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: (no name) - {B9E7CAC8-F4D9-45C2-90B6-8119051D3CC5} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {BC7AC5A8-3692-480A-B79D-998270985312} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {BE9DDB08-4360-4837-852B-2EC409299A3A} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: LinkBHO.cIExplorer - {CC924BD1-7382-4619-A706-070CB00F2325} - C:\Documents and Settings\All Users\Application Data\linkbho\LinkBHO.dll O2 - BHO: (no name) - {D3F9DABC-3AC4-4597-9582-F9A4E454CC4B} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: CATLEvents Object - {D487068E-9B04-4FE5-8A83-08344F800BF5} - C:\DOCUME~1\Owner\LOCALS~1\Temp\litupxe.dat (file missing) O2 - BHO: (no name) - {D6C0A4E2-49F8-49FE-A975-66DCA1AA8D0A} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: SDWin32 Class - {DE1B1360-CB1A-43A6-BD29-554244180768} - C:\WINDOWS\System32\fldbj.dll O2 - BHO: (no name) - {E1E551FC-566E-4F2A-8368-95059D833A1B} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {E73678BD-5530-4B08-B0F9-EBE5952B4EB9} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {E7EB94EC-7223-455B-935F-84D4FE098916} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {ED103D9F-3070-4580-AB1E-E5C179C1AE41} - (no file) O2 - BHO: (no name) - {EF15F9CF-A8AB-4A04-9B6F-89EC4BBBD5C5} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {F0D79C02-2764-4BAA-AE45-09B5E244BB06} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {F1895A8E-15D4-4E50-96C1-93FF61D493EC} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: (no name) - {FBDB6FC1-C7C7-4837-9029-EC6ABFD4D86E} - C:\Program Files\mup5be26\mup5be26.dll O2 - BHO: CATLEvents Object - {FF4D5071-EE0E-4DCA-BC1C-D776B0F2276E} - C:\DOCUME~1\Owner\LOCALS~1\Temp\lldksat.dat O2 - BHO: SST - {FFFFDA2C-A0D5-4D60-8EE1-1B7F8929E24D} - C:\Program Files\Lycos\sst.dll O3 - Toolbar: &SearchBar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll O3 - Toolbar: &Search Toolbar - {339BB23F-A864-48C0-A59F-29EA915965EC} - C:\PROGRA~1\Toolbar\toolbar.dll O4 - HKLM\..\Run: [AGNTEK] C:\WINDOWS\AGNTEK.exe O4 - HKLM\..\Run: [*java] C:\WINDOWS\java\Packages\java.exe O4 - HKLM\..\Run: [*drvexp] C:\WINDOWS\repair\drvexp.exe O4 - HKLM\..\Run: [*javams] C:\WINDOWS\javams.exe O4 - HKLM\..\Run: [*syswave] C:\WINDOWS\system32\dllcache\syswave.exe O4 - HKLM\..\Run: [*mscom] C:\WINDOWS\system32\npp\mscom.exe O4 - HKLM\..\Run: [*accdvd] C:\WINDOWS\java\Packages\accdvd.exe O4 - HKLM\..\Run: [*runcat] C:\WINDOWS\Fonts\runcat.exe O4 - HKLM\..\Run: [*odbcmc] C:\WINDOWS\Cursors\odbcmc.exe O4 - HKLM\..\Run: [*vgatapi] C:\WINDOWS\system\vgatapi.exe O4 - HKLM\..\Run: [*abrsys] C:\WINDOWS\abrsys.exe O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [winupdtl] C:\WINDOWS\System32\winupdt.exe O4 - HKLM\..\Run: [likqwc] C:\WINDOWS\System32\likqwc.exe O4 - HKLM\..\Run: [version] C:\WINDOWS\System32\Ectexu.exe O4 - HKLM\..\Run: [secure] C:\WINDOWS\System32\Bzvgxf.exe O4 - HKLM\..\Run: [mup5be26] C:\Program Files\mup5be26\mup5be26.exe O4 - HKLM\..\Run: [fldbjc] C:\WINDOWS\System32\fldbjc.exe O4 - HKLM\..\Run: [ap9h4qmo] C:\WINDOWS\System32\ap9h4qmo.exe O4 - HKLM\..\Run: [q73P36e] rcitpki.exe O4 - HKLM\..\Run: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe O4 - HKLM\..\RunOnce: [*abr] C:\WINDOWS\system\abr.exe rerun O4 - HKLM\..\RunOnce: [TBPS] C:\PROGRA~1\Toolbar\TBPS.exe /boot O4 - HKCU\..\Run: [sysmonnt] C:\WINDOWS\System32\sysmonnt O4 - HKCU\..\Run: [bwsFRWKpj] pywrt4.exe O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU) O18 - Protocol: tpro - {FF76A5DA-6158-4439-99FF-EDC1B3FE100C} - C:\PROGRA~1\Toolbar\toolbar.dll O20 - Winlogon Notify: abr - C:\DOCUME~1\Owner\LOCALS~1\Temp\rba.dat Close HijackThis. Re-open HijackThis, re-scan, and double-check that the problem entries are gone. 3. REBOOT INTO SAFE MODE...--> How to reboot to Safe Mode -->(reboot and tap F8 immediately after BIOS screen....choose Safe mode from menu) MAKE SURE YOU CAN SEE HIDDEN FILES and FOLDERS --> How to show Hidden Files and Folders Open HijackThis --> "Config" --> "Misc Tools" --> "Open Process Manager" Look for the file paths in bold below in Process Manager. C:\WINDOWS\java\Packages\java.exe C:\WINDOWS\system\abr.exe C:\WINDOWS\repair\drvexp.exe C:\WINDOWS\javams.exe C:\WINDOWS\system32\dllcache\syswave.exe C:\WINDOWS\system32\npp\mscom.exe C:\WINDOWS\java\Packages\accdvd.exe C:\WINDOWS\Fonts\runcat.exe C:\WINDOWS\Cursors\odbcmc.exe C:\WINDOWS\system\vgatapi.exe C:\WINDOWS\abrsys.exe Highlight each file path in Process Manager, then click "Kill Process" 4. Then delete the below files and folders: C:\PROGRA~1\AWS <--- delete the AWS folder in Safe Mode C:\Program Files\Viewpoint <--- delete the Viewpoint folder in Safe Mode C:\Program Files\MyWay<--- delete the MyWay folder in Safe Mode C:\Program Files\mup5be26 <--- delete the mup5be26 folder in Safe Mode C:\WINDOWS\java\Packages\java.exe <--- delete the file in Safe Mode C:\WINDOWS\system\abr.exe rerun<--- delete the file in Safe Mode C:\WINDOWS\repair\drvexp.exe<--- delete the file in Safe Mode C:\WINDOWS\javams.exe<--- delete the file in Safe Mode C:\WINDOWS\system32\dllcache\syswave.exe<--- delete the file in Safe Mode C:\WINDOWS\system32\npp\mscom.exe<--- delete the file in Safe Mode C:\WINDOWS\java\Packages\accdvd.exe<--- delete the file in Safe Mode C:\WINDOWS\Fonts\runcat.exe<--- delete the file in Safe Mode C:\WINDOWS\Cursors\odbcmc.exe<--- delete the file in Safe Mode C:\WINDOWS\system\vgatapi.exe<--- delete the file in Safe Mode C:\WINDOWS\abrsys.exe<--- delete the file in Safe Mode C:\WINDOWS\AGNTEK.exe<--- delete the file in Safe Mode C:\WINDOWS\System32\winupdt.exe<--- delete the file in Safe Mode C:\WINDOWS\System32\likqwc.exe<--- delete the file in Safe Mode C:\WINDOWS\System32\Ectexu.exe<--- delete the file in Safe Mode C:\WINDOWS\System32\Bzvgxf.exe<--- delete the file in Safe Mode C:\WINDOWS\System32\fldbjc.exe<--- delete the file in Safe Mode C:\WINDOWS\System32\ap9h4qmo.exe<--- delete the file in Safe Mode C:\WINDOWS\System32\rcitpki.exe <--- delete the file in Safe Mode C:\PROGRAM FILES\Toolbar<--- delete the Toolbar folder in Safe Mode C:\WINDOWS\System32\sysmonnt<--- delete the file in Safe Mode C:\WINDOWS\System32\pywrt4.exe <--- delete the file in Safe Mode C:\WINDOWS\system\klwox.exe<--- delete the file in Safe Mode While still in Safe Mode, Remove all the files and sub-folders from the below TEMP Folders: ( do not delete the TEMP folder itself) ( do this regularly for all users) C:\documents and settings\<your Logged-in User name>\local settings\temp C:\temp ( if present ) C:\windows\temp The TIF ( Temporary Internet Files) can also be emptied regularly, via: Control Panel--Internet Options--General tab--"Delete Files", Also tick the "delete all offline content" box . Empty Recycle Bin Reboot computer and post back a new HJT log to this thread, please. Cheers.
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| Slow computer, no task manager, lots of malware and trojans, etc... Help please? | LittleElf | Malware Removal | 36 | October 9th, 2011 11:33 PM |
| Very slow computer and lots of popups | pioneer | Malware Removal | 42 | August 18th, 2007 02:56 PM |
| computer very slow an lots of pops!!!!! | munaim1 | Malware Removal | 3 | May 28th, 2007 01:52 AM |
| Computer Slow with lots of adware and spyware | JP_17315 | Malware Removal | 9 | November 20th, 2006 07:04 PM |
| Slow computer/lots of pop ups/paging constantly/freezing | johnnyboy42 | Malware Removal | 14 | April 8th, 2006 12:48 PM |
All times are GMT +1. The time now is 08:38 PM.