Results 1 to 6 of 6

Thread: Help w/removing Pipas.A please.

  1. #1
    Junior Member
    Join Date
    Jul 2006
    Posts
    4

    Default Help w/removing Pipas.A please.

    I have been hijacked and I have an item to remove but I don't know what I am doing. Pipas.A.......what do I do?

  2. #2
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,475

    Default

    Hello.

    Please follow the instructions in this sticky topic:
    BEFORE you post and who will advise you. Preliminary Steps
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

  3. #3
    Junior Member
    Join Date
    Jul 2006
    Posts
    4

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 11:34:13 AM, on 7/29/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\WINDOWS\system32\wfxsnt40.exe
    C:\Program Files\Iomega HotBurn\Autolaunch.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\ATI Multimedia\main\ATISched.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\wdfmgr.exe
    C:\WINDOWS\System32\WFXSVC.EXE
    C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\ACT\SideACT.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\WINDOWS\System32\alg.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\hijackthis\hijackthis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/index2.psp
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.netscape.com/index2.psp
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: (no name) - {59027A5D-92D1-4C83-57AB-48E3A320A021} - hyandex.dll (file missing)
    O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
    O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\sisUSBrg.exe
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
    O4 - HKLM\..\Run: [Drag'n'Drop_Autolaunch] "C:\Program Files\Iomega HotBurn\Autolaunch.exe"
    O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
    O4 - HKLM\..\Run: [zzzHPSETUP] E:\Setup.exe
    O4 - HKLM\..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE /P30 "EPSON Stylus Photo R200 Series" /O6 "USB001" /M "Stylus Photo R200"
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
    O4 - HKLM\..\Run: [3DZoneMaster] C:\3DZMSTR\CONTROL\ZONEPNL.EXE
    O4 - HKLM\..\Run: [ZoneRemote] C:\3DZMSTR\REMOTE\REMOTE.EXE
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2006\pccguide.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [MNTP] SAPSTR.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
    O4 - HKLM\..\Run: [dmwcs.exe] C:\WINDOWS\system32\dmwcs.exe
    O4 - HKLM\..\Run: [mmkfd.exe] C:\WINDOWS\system32\mmkfd.exe
    O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
    O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
    O4 - HKCU\..\Run: [ATI Scheduler] C:\Program Files\ATI Multimedia\main\ATISched.EXE
    O4 - HKCU\..\Run: [StatusCheck] newbreed.exe
    O4 - HKCU\..\Run: [WTFCTF] DCC_send.exe
    O4 - HKCU\..\Run: [Bogobot] ActionScr.exe
    O4 - Startup: ACT! Speed Loader.lnk = C:\ACT\ACTLDR.EXE
    O4 - Startup: Internet Call Manager.LNK = C:\Program Files\Internet Call Manager\ICM.EXE
    O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Controller.LNK = C:\Program Files\Symantec\WinFax\WFXCTL32.EXE
    O4 - Global Startup: Exif Launcher.lnk = ?
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
    O4 - Global Startup: SideACT!.lnk = C:\ACT\SideACT.exe
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
    O8 - Extra context menu item: Download using Download &Express - file://C:\WINDOWS\System32\MetaProducts\Add_Url.htm
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
    O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL
    O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {51045741-8C4E-4EAC-8F03-08E43A6FBB29} - http://aft.ancestry.com/aftfiles/fil...FamilyTree.cab
    O16 - DPF: {5445BE81-B796-11D2-B931-002018654E2E} (MeadCo Security Manager) - http://wcs00180.egain.net/wcsapp/web.../ie/SecMgr.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1124301385033
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {75565ED2-1560-4F15-B841-20358DE6A0D1} (ImageControl Class) - http://content.ancestry.com/asfiles/...l/MFImgVwr.cab
    O16 - DPF: {8D83D301-E841-11D1-B155-00600823BCF9} (WebLine Browser Integration Classes) - http://live.landsend.com/webline/applets/msie40x.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://64.203.128.3/axiscam/Codebase/AxisCamControl.ocx
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll
    O17 - HKLM\System\CCS\Services\Tcpip\..\{0D7C6D80-D1D2-4D27-9F57-23CD0E551D05}: NameServer = 85.255.116.153,85.255.112.12
    O17 - HKLM\System\CCS\Services\Tcpip\..\{79B67207-3481-404B-8649-22F3393D98A4}: NameServer = 85.255.116.153,85.255.112.12
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A8DD5EDA-3BB6-42EF-9E45-61A8BBE5B9ED}: NameServer = 85.255.116.153,85.255.112.12
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.116.153 85.255.112.12
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 85.255.116.153 85.255.112.12
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.116.153 85.255.112.12
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
    O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
    O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
    O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe

  4. #4
    Junior Member
    Join Date
    Jul 2006
    Posts
    4

    Default BitDefender report

    BitDefender Online Scanner



    Scan report generated at: Sat, Jul 29, 2006 - 12:34:13





    Scan path: A:\;C:\;D:\;E:\;F:\;G:\;







    Statistics

    Time
    00:52:53

    Files
    252320

    Folders
    4156

    Boot Sectors
    2

    Archives
    9739

    Packed Files
    27534




    Results

    Identified Viruses
    3

    Infected Files
    7

    Suspect Files
    2

    Warnings
    0

    Disinfected
    0

    Deleted Files
    9




    Engines Info

    Virus Definitions
    417891

    Engine build
    AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    5

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0049846.exe
    Infected with: Trojan.Downloader.Mohbpork.A

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0049846.exe
    Disinfection failed

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0049846.exe
    Deleted

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050349.exe
    Infected with: MemScan:Trojan.Agent.QB

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050349.exe
    Disinfection failed

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050349.exe
    Deleted

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050358.exe
    Infected with: MemScan:Trojan.Downloader.Agent.ACH

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050358.exe
    Disinfection failed

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050358.exe
    Deleted

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050370.exe
    Infected with: MemScan:Trojan.Agent.QB

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050370.exe
    Disinfection failed

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050370.exe
    Deleted

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050372.exe
    Infected with: MemScan:Trojan.Downloader.Agent.ACH

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050372.exe
    Disinfection failed

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050372.exe
    Deleted

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050389.exe
    Infected with: MemScan:Trojan.Agent.QB

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050389.exe
    Disinfection failed

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050389.exe
    Deleted

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050391.exe
    Infected with: MemScan:Trojan.Downloader.Agent.ACH

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050391.exe
    Disinfection failed

    C:\System Volume Information\_restore{97D12301-B504-4479-B520-2F347DB7FA9D}\RP618\A0050391.exe
    Deleted

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html=>(JAVASCRIPT 2)
    Suspected of: Trojan.Startpage.HR

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html=>(JAVASCRIPT 2)
    Disinfection failed

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html=>(JAVASCRIPT 2)
    Deleted

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html
    Update failed

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html=>(JAVASCRIPT 14)
    Suspected of: Trojan.Startpage.HR

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html=>(JAVASCRIPT 14)
    Disinfection failed

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html=>(JAVASCRIPT 14)
    Deleted

    C:\WINDOWS\system32\MS03i048s824145xPrivacyAPI32.html
    Update failed

  5. #5
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Hello

    Start Hijackthis and place a check next to these items If there.
    R1 - HKCU\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = res://C:\WINDOWS\system32\shdocpe.dll/asst.html
    R3 - URLSearchHook: (no name) - {59027A5D-92D1-4C83-57AB-48E3A320A021} - hyandex.dll (file missing)
    O4 - HKLM\..\Run: [MNTP] SAPSTR.exe
    O4 - HKLM\..\Run: [dmwcs.exe] C:\WINDOWS\system32\dmwcs.exe
    O4 - HKLM\..\Run: [mmkfd.exe] C:\WINDOWS\system32\mmkfd.exe
    O4 - HKCU\..\Run: [StatusCheck] newbreed.exe
    O4 - HKCU\..\Run: [WTFCTF] DCC_send.exe
    O4 - HKCU\..\Run: [Bogobot] ActionScr.exe
    ====================================
    Hit fix checked and close Hijackthis.

    Please download FixWareout from one of these sites:
    http://downloads.subratam.org/Fixwareout.exe
    http://www.bleepingcomputer.com/file...Fixwareout.exe
    Save it to your desktop and run it. Click Next, then Install, make sure "Run fixit" is checked and click Finish.
    The fix will begin; follow the prompts.
    You will be asked to reboot your computer; please do so.
    Your system may take longer than usual to load; this is normal.
    Once the desktop loads post the text that will open (report.txt)

    Trend Micro, Panda, avast! and avg
    Please uninstall all but one antiviru program

    Afterwards post a new Hijackthis log .
    ~~~~~~~~~~~~~~~~~~~~~~~
    Microsoft MVP Windows-Security 2006

  6. #6
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,475

    Default

    This topic has been closed to prevent others with similar issues posting in it.
    If you need it re-opened please send me or your helper a pm and provide a link to the thread.

    Applies only to the original topic starter.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •