PDA

View Full Version : dxclib303562752.dll LIMEWIRE+ADS kept POPOUT



angel84cecil
2007-04-02, 19:35
Logfile of HijackThis v1.99.1
Scan saved at 12:16:17 AM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchosts.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\Common Files\{2017B4F0-0AE7-1033-1202-030512200001}\Update.exe
C:\Program Files\Ipwindows\ipwins.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\LimeWire\LimeWire.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O2 - BHO: 0 - {4A0C66AE-CF03-4881-0CA6-C95D0E0F2E10} - C:\Program Files\MSN\vijica.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKLM\..\RunOnce: [AAW] "C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe" "+b1"
O4 - HKCU\..\Run: [DeluxeCommunications] C:\Program Files\DeluxeCommunications\Dxc.exe
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Client IP-IPX - Unknown owner - C:\WINDOWS\system32\svchosts.exe" -e mc-110-12-0000137 (file missing)
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

angel84cecil
2007-04-02, 19:51
Running Online Scanning @ PandaSoftware.com now :red:

angel84cecil
2007-04-03, 01:36
Incident Status Location

Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\DxcCore.dll
Adware:Adware/TTC Not disinfected C:\Program Files\MSN\vijica.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Ipwindows\ipwins.dll
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Ipwindows\ipwins.exe
Virus:Trj/Gaodrop.A Disinfected Operating system
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\DxcBho.dll
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\dxclib303562752.dll
Virus:trj/ldpinch.im Disinfected Operating system
Spyware:spyware/new.net Not disinfected c:\windows\NDNuninstall6_38.exe
Adware:adware/ucmore Not disinfected Windows Registry
Adware:adware/zango Not disinfected Windows Registry
Adware:adware/wupd Not disinfected Windows Registry
Adware:adware/ist.istbar Not disinfected Windows Registry
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\- Select one -.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\10 jpg.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2006 dvdrip.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2007 dvdrip.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2007 WRC Portugal Day 3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2007-03-30-O&A-CF64k mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2007-03-30-Ron and Fez -XM-CF64k mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2007-03-31-Lazlow Show-CF64k mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\2007-03-31-RazzleDazzleVarietyHour-CF64k mp3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\300 avi.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\300 DVDsl { www IPTorrents com }.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\300 the movie { www IPTorrents com }.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\40 Decent Wallpapers (most hi-res).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\About CNET Networks.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Active Webcam 8 4 zip.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\ADSL Speed Hack.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Advanced search.zip[Setup.exe]

angel84cecil
2007-04-03, 01:37
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Air America Radio - The Sam Seder Show 03 29 07.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\All RSS feeds.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\All Software.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\American Dad S03E15 PDTV XviD-LOL [eztv].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\american dad.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Angels - Aliens - Fallen Angels - Chuck Missler - Return Of The Nephilim.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Anthony Hamilton - Southern Comfort (Retail) (2007) (Malcko The Infamous).zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Apr01 JoJohot Chinese Scanslation Naruto 348, Bleach 269, One Piece 450, Eyeshield21 227.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Astrology eBook - Mohan Koparkar - Lunar Nodes [PDF].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\B,N.P News March 2007 - Britain's ONLY politically incorrect newspaper! pdf.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\battlestar galactica.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\beyonce bday (deluxe edition) 2007.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Black Sabbath - The Dio Years - Retail - 2007.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Blades Of Glory CAM XviD-CAMERA-www toxic 3652909 TPB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\blades of glory.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Bleach Manga ch 001-269.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Brothers and Sisters S01E17 HDTV XviD-XOR [eztv].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Browse categories.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Building Your Business Idea One Step at A Time eBooK.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Bus Driver + Crack by FuZzI-[MadJunkies.com].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\C&C Command and Conquer 3 (1.2) - Key and Crack.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Chris Knight - Enough Rope [2006].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\CNET TV.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Cold Case 4x20 (HDTV-XOR)[VTV].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\command and conquer 3.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\company of heroes.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Compare Prices.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Copyright policy.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Dan B Allender - How Children Raise Parents.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Desktop Wallpaper (BMW Z4) 2 Resolutions -OBB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Desktop Wallpaper (Lamorghini Gallardo) 2 Resolutions -OBB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Desktop Wallpaper (Orange Chaos) 2 Resolutions -OBB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Desktop Wallpaper (Splash) 2 Resolutions -OBB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Desktop Wallpaper (Traffic Lights) 2 Resolutions -OBB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Desktop Wallpaper For Vista (Vista Metal Blue) 4 Resolutions -OBB.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\desperate housewives.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Diario De Un Escandalo [DVDScreener][Spanish][2007][www newpct com].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Discovery Channel Worlds Biggest Airliner S01E01 PDTV XviD-FTP [eztv].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Discovery Channel Worlds Biggest Airliner S01E02 PDTV XviD-FTP [eztv].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Discovery Channel Worlds Biggest Airliner S01E03 PDTV XviD-FTP [eztv].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Doctor Who - Dr Who S1E03 - Smith and Jones.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Doctor Who 2005 3x01 Smith And Jones PROPER WS PDTV XviD-FoV [eztv].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Doctor Who 3x01 (PDTV-BLNT)[VTV].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Doctor Who 3x01 (PDTV-FoV-PROPER)[VTV].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Doctor Who Confidential S03E01 Meet Martha Jones [MM].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Doctor Who S03E01 Smith and Jones [MM].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\dvdrip french.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Earth - Hibernaculum [2007].zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\El Show de Benny Hill [DVDRIP] Cap 10-11-12.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Emmylou Harris - Blue Kentucky Girl 1979.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Epic Movie DVDSCR XviD NEPTUNE(NO RARS) { www IPTorrents com }.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Documents and Settings\Owner\Complete\Epic Movie DVDSCR XviD NEPTUNE.zip[Setup.exe]

angel84cecil
2007-04-03, 01:38
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[2].txt
Spyware:Cookie/888 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@888[3].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.sensismediasmart.com[1].txt
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager[1].txt
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adopt.hbmediapro[2].txt
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Owner\Cookies\owner@adtech[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Owner\Cookies\owner@atwola[2].txt
Spyware:Cookie/Azjmp Not disinfected C:\Documents and Settings\Owner\Cookies\owner@azjmp[2].txt
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Owner\Cookies\owner@burstnet[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Owner\Cookies\owner@casalemedia[1].txt
Spyware:Cookie/Cassava Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cassava[1].txt
Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[1].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Owner\Cookies\owner@com[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
Spyware:Cookie/Go Not disinfected C:\Documents and Settings\Owner\Cookies\owner@go[2].txt
Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\Owner\Cookies\owner@i.screensavers[2].txt
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
Spyware:Cookie/Rn11 Not disinfected C:\Documents and Settings\Owner\Cookies\owner@rn11[2].txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Owner\Cookies\owner@statse.webtrendslive[1].txt
Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xiti[1].txt
Spyware:Cookie/Xmts Not disinfected C:\Documents and Settings\Owner\Cookies\owner@xmts[1].txt
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Owner\Cookies\owner@yadro[2].txt
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Owner\Cookies\owner@zedo[1].txt
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\b122.exe
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\b133.exe[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\b133.exe[whiehlpr.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\b133.exe[whAgent.exe]
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temp\b133.exe[²ÜÇ\Services.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EB4J2LS3\133[1].net[webhdll.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EB4J2LS3\133[1].net[whiehlpr.dll]
Adware:Adware/WebHancer Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EB4J2LS3\133[1].net[whAgent.exe]
Adware:Adware/ActiveSearch Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\EB4J2LS3\133[1].net[²ÜÇ\Services.dll]
Adware:Adware/TTC Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\M8ITF9G4\hGFdeYYm64pUIdwQ[1].exe
Adware:Adware/Maxifiles Not disinfected C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\X4LDRDLJ\122[1].net
Adware:Adware/DeluxeComunications Not disinfected C:\Program Files\DeluxeCommunications\Dxc.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Ipwindows\UnInstall.exe
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\p.zip[Setup.exe]
Virus:Trj/Gaodrop.A Disinfected C:\Program Files\outlook\v.tmp
Virus:W32/Alcan.A.worm Disinfected C:\Program Files\winupdates\a.tmp
Virus:W32/Alcan.A.worm Disinfected C:\Program Files\winupdates\a.zip[Setup.exe]
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall7_48.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\system32\bund1\ClientBundle1.exe[a1.exe]
Adware:Adware/WebBuying Not disinfected C:\WINDOWS\system32\bund1\ClientBundle1.exe[web2.exe]
Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\bund1\ClientBundle1.exe[a3.exe]
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\bund1\ClientBundle1.exe[a4.exe]
Adware:Adware/Ucmore Not disinfected C:\WINDOWS\system32\bund1\ClientBundle1.exe[a6.exe]
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\system32\micro1\a1.exe
Adware:Adware/TTC Not disinfected C:\WINDOWS\system32\micro1\a3.exe
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\micro1\a4.exe
Virus:W32/Gaobot.MFM.worm Disinfected C:\WINDOWS\system32\winlog.exe

angel84cecil
2007-04-03, 14:44
win32.p2p-worm-alcan <<<--- was causing all this problem matter in fact is from Limewire

angel84cecil
2007-04-03, 15:21
This is what i got after running ComboFix....Please HELP.....

"Owner" - 07-04-03 20:14:49 Service Pack 2
ComboFix 07-03-27.4.2 - Running from: "C:\Documents and Settings\Owner\My Documents\Downloads"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\NDNuninstall6_38.exe
C:\WINDOWS\NDNuninstall7_48.exe
C:\DOCUME~1\Owner\APPLIC~1\Dxcdmns.dll
C:\DOCUME~1\Owner\APPLIC~1\Dxcknwrd.dll
C:\DOCUME~1\Owner\APPLIC~1\Dxcuknwrd.dll
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\Program Files\ipwindows\UnInstall.exe
C:\Program Files\outlook\p.zip
C:\Program Files\winupdates\a.zip
C:\WINDOWS\system32\bund1\ClientBundle1.exe
C:\WINDOWS\system32\bund1\temp.txt
C:\Program Files\Common Files\{2017B~2\Update.exe
C:\Program Files\Common Files\{3017B~1\Bar888.dll
C:\Program Files\Common Files\{3017B~1\UnInstall.exe
C:\DOCUME~1\Owner\Desktop\internet.lnk
C:\Program Files\ipwindows\ipwins.dll
C:\Program Files\ipwindows\ipwins.exe
C:\WINDOWS\system32\unsvchosts.exe
C:\Program Files\inetget2
C:\Program Files\ipwindows
C:\Program Files\outlook
C:\Program Files\winupdates
C:\WINDOWS\system32\bund1
C:\Program Files\Common Files\{2017B~2
C:\Program Files\Common Files\{3017B~1
C:\Program Files\deluxecommunications\Dxc.exe
C:\Program Files\deluxecommunications\DxcBho.dll
C:\Program Files\deluxecommunications\DxcCore.dll
C:\Program Files\Common Files\{2017B~1\Update.exe
C:\WINDOWS\system32\dxclib~1.dll
C:\Program Files\deluxecommunications
C:\Program Files\Common Files\{2017B~1


((((((((((((((((((((((((((((((( Files Created from 2007-03-03 to 2007-04-03 ))))))))))))))))))))))))))))))))))


2007-04-03 19:24 59,032 --a------ C:\WINDOWS\VTTC.exe
2007-04-03 00:32 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2007-04-01 20:45 8,464 --a------ C:\WINDOWS\system32\sporder.dll
2007-04-01 20:45 <DIR> d-------- C:\WINDOWS\system32\micro1
2007-04-01 20:44 <DIR> d--hs---- C:\DOCUME~1\Owner\Complete
2007-03-11 20:13 <DIR> d-------- C:\Program Files\Triggersoft
2007-03-08 21:39 <DIR> d-------- C:\Program Files\QuickPar


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-04-03 01:09 -------- d-------- C:\Program Files\msn messenger
2007-04-03 01:08 -------- d-------- C:\Program Files\limewire
2007-04-02 23:53 -------- d-------- C:\Program Files\online services
2007-03-31 20:40 152833 --a------ C:\WINDOWS\system32\drivers\dump_wmimmc.sys
2007-03-08 21:27 -------- d--h----- C:\Program Files\installshield installation information
2007-02-14 22:55 -------- d-------- C:\Program Files\java
2007-01-19 12:53 51056 --a------ C:\WINDOWS\system32\sirenacm.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"IpWins"="C:\\Program Files\\Ipwindows\\ipwins.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"PCMService"="\"C:\\Program Files\\Dell\\Media Experience\\PCMService.exe\""
"IgfxTray"="C:\\WINDOWS\\system32\\igfxtray.exe"
"HotKeysCmds"="C:\\WINDOWS\\system32\\hkcmd.exe"
"NeroFilterCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"InCD"="C:\\Program Files\\Ahead\\InCD\\InCD.exe"
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre1.5.0_11\\bin\\jusched.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"WPDShServiceObj"="{AAA288BA-9A4C-45B0-95D7-94D524869DB5}"
"UPnPMonitor"="{e57ce738-33e8-4c51-8354-bb4de9d215d1}"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
Source REG_SZ C:\Program Files\MSN\zyroqy.html

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
WudfServiceGroup REG_MULTI_SZ WUDFSvc\0\0



********************************************************************

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-04-03 20:18:33

angel84cecil
2007-04-03, 16:10
this the OUTCOME from Hijack after ComboFix + Adaware...

Logfile of HijackThis v1.99.1
Scan saved at 9:03:51 PM, on 4/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Dell\Media Experience\PCMService.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: 0 - {4A0C66AE-CF03-4881-0CA6-C95D0E0F2E10} - C:\Program Files\MSN\vijica.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKCU\..\Run: [IpWins] C:\Program Files\Ipwindows\ipwins.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games.com.my/com/EGamesPlugin.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

Shaba
2007-04-03, 20:03
Hi angel84cecil

I see no antivirus or firewall on your log, so we start by installing them.

Looking over your log, it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect, cleanse, and erase harmful virus files on a computer, Web server, or network. Unchecked, virus files can unintentionally be forwarded to others, including trading partners and thereby spreading infection. Because new viruses regularly emerge, anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present, and will clean, delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

1) Antivir PersonalEdition Classic (http://www.free-av.com/)- Free anti-virus software for Windows. Detects and removes more than 50,000 viruses. Free support.
2) avast! 4 Home Edition (http://www.avast.com/eng/avast_4_home.html) - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
3) AVG Anti-Virus Free Edition (http://free.grisoft.com/doc/1) - Free edition of the AVG anti-virus program for Windows.

It is strongly recommended that you run only one antivirus program at a time. Having more than one antivirus program active in memory uses additional resources and can result in program conflicts and false virus alerts. If you choose to install more than one antivirus program on your computer, then only one of them should be active in memory at a time.

Looking over your log, it seems you don't have any evidence of a third party firewall.

As the term conveys, a firewall is an extra layer of security installed onto computers, which restricts access to systems from the outside world. Firewalls protect against hackers and malicious intruders. I want you to download a free firewall NOW from one of these excellent vendors:

1) ZoneAlarm (http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?dc=12bms&ctry=US&lang=en&lid=nav_za)
2) Agnitum (http://www.agnitum.com/products/outpostfree/download.php)
3) Sunbelt/Kerio (http://www.sunbelt-software.com/Kerio-Download.cfm)
4) Comodo (http://www.personalfirewall.comodo.com/)

If you are using the built-in Windows XP firewall, it is not recommended as it does not block outgoing connections. This means that any malware on your computer is free to "phone home" for more instructions. Simply put, Windows XP contains a mediocre firewall. This firewall is NO replacement for a dedicated software solution. Remember to use only one firewall at the same time.

After those steps, please post a fresh HijackThis log :)

angel84cecil
2007-04-04, 03:47
I din download any antivirus is because I scared of some of the anitivirus software or Spyware Doctor will create own virus or worms instead.... my computer is running fine all this while without having an antivirus.... =)

Shaba
2007-04-04, 09:16
Hi

Well the case is this: we won't continue before you install an antivirus, but absolutely your choice :) Antivirus prevents viruses from coming, I think it may have prevented your infection, too. Spyware Doctor has false positives, but it's not an antivirus, it's anti-spyware.

Shaba
2007-04-12, 20:23
Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.