slowed down pc & some popup probs

[Ste]

go on what?

Should be on normal startup so hijackthis and all other programs we told you to use will see everything.

 

[MicroBell]

No....

This entry...

O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto

tells me you have disable something in msconfig. CLick Start>>RUN>>Type in msconfig. Once it loads make sure the button at the top is checked that says Normal Startup-load all device drivers and services.

If it is checked...click on the "Startup Tab" and make sure each box is checkmarked.

Click OK. You will need to reboot bofore the setting takes effect. Go ahead and run the fix as I stated..but make sure you do the msconfig step before scanning and posting your next hijackthis log.

 

[BRlAN]

Also make sure you are using the the latest version (1.99.1) of HijackThis and it's installed in it's own folder on the root drive. (C:\HJT)

Download and install Cleanup but DO NOT run it yet!



those are next steps but was i supposed 2 run spybot, adaware & cw shredder yet cuz i redled spybot & adaware & i dled cwshredder & updated for adaware & spybot but it didnt mention to run them after & the root drive thing im unsure how to check to see if thats in its own folder

 

[MicroBell]

Yes..run those first.

Make a folder on C:\...name it HJT and move the program into it. At present...your running it from a TEMP folder....

C:\DOCUME~1\BRIAN~1.YOU\LOCALS~1\Temp[b/]\Rar$EX00.692\HijackThis.exe

 

[BRlAN]

ok while runnin those, ad-aware i ran til it cleaned,
spybot since december 5 until now still wont get rid of Pipas.A, it says it does but everytime u run it again it's back & the cwshredder wont get rid of CWS.Msconfd either so do i go on or need to do something else instead?

& i deleted Hijackthis & redled it so i can make a folder & redl to it

 

[BRlAN]

so what do i do?

 

[MicroBell]

Run the fix I posted and post the logs requested.

 

[BRlAN]

ok i did everything in your directions here is your logs
gotta be more to do cuz it doesnt seem any better

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 4:19:43 AM, 12/19/2005
+ Report-Checksum: BC8FC101

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\WhenUSave -> Spyware.SaveNow : Cleaned with backup
[168] VM_00D60000 -> Downloader.Agent.uj : Error during cleaning
[192] VM_00BF0000 -> Downloader.Agent.uj : Error during cleaning
[752] VM_009D0000 -> Downloader.Agent.uj : Error during cleaning
[840] VM_008B0000 -> Downloader.Agent.uj : Error during cleaning
C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\system32\dmmey.exe -> Downloader.Small.byj : Cleaned with backup
C:\WINDOWS\prflbmsgp32.dll -> Downloader.Delf.yb : Cleaned with backup
C:\Documents and Settings\BRIAN\Start Menu\Programs\WhenU -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\BRIAN\Start Menu\Programs\WhenU\Learn More About WhenU Save.url -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\BRIAN\Start Menu\Programs\WhenU\Learn More About WhenU SaveNow.url -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\BRIAN\Start Menu\Programs\WhenU\WhenU.com Website.url -> Spyware.SaveNow : Cleaned with backup
C:\Documents and Settings\BRIAN.YOUR-1A8EB98045\Local Settings\Temp\Rar$EX00.857\backups\backup-20051219-032727-121.dll -> Downloader.Delf.h : Cleaned with backup
C:\Documents and Settings\BRIAN.YOUR-1A8EB98045\Local Settings\Temp\Rar$EX00.857\backups\backup-20051219-032727-101.dll -> Downloader.Delf.lh : Cleaned with backup
C:\Documents and Settings\BRIAN.YOUR-1A8EB98045\Local Settings\Temp\Rar$EX00.857\backups\backup-20051219-032727-328.dll -> Downloader.Delf.yb : Cleaned with backup
C:\Documents and Settings\BRIAN.YOUR-1A8EB98045\Cookies\brian@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP11\A0005999.exe -> Adware.SaveNow : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006142.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006143.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006150.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006152.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006177.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006181.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006282.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006285.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006289.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP14\A0006292.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP15\A0006301.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP15\A0006304.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP16\A0006320.EXE -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP16\A0006321.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP16\A0007317.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP16\A0007321.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP16\A0007326.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP16\A0007330.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0007339.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0007343.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0007380.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0007384.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0007389.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0007393.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0008389.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0008393.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0009389.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0009393.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0009400.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0009403.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0009410.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP17\A0009413.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP18\A0009423.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP18\A0009426.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP20\A0009466.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP20\A0009469.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP20\A0009475.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP20\A0009479.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP20\A0009487.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP20\A0009490.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP21\A0009496.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP21\A0009501.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP21\A0009505.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP21\A0009541.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP21\A0009545.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP21\A0009554.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP21\A0009555.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009567.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009570.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009575.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009579.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009617.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009621.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009630.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP22\A0009634.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0009650.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0009651.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0009654.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0009657.dll -> Downloader.Delf.zu : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0009662.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0009666.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0010662.EXE -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP23\A0010666.EXE -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0011662.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0011666.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0011678.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0011682.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012678.EXE -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012682.EXE -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012686.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012690.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012705.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012708.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012723.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP24\A0012727.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0012787.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0012791.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0012800.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0012804.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0012810.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0012814.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013810.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013814.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013817.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013821.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013829.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013833.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013837.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP25\A0013841.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP26\A0013850.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP26\A0013854.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0014850.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0014854.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015850.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015854.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015862.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015866.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015875.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015879.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015904.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0015908.exe -> Downloader.Small.byj : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0016377.exe -> Downloader.Small : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0016381.dll -> Downloader.Delf.lh : Cleaned with backup
C:\System Volume Information\_restore{739F2DD4-D998-492C-BCD1-38ADEF8A8E6A}\RP28\A0016383.exe -> Downloader.Small : Cleaned with backup
C:\!KillBox\st3.dll -> Downloader.Delf.h : Cleaned with backup
C:\!KillBox\prflbmsgp32.dll -> Downloader.Delf.yb : Cleaned with backup


::Report End




Incident Status Location

Adware:Adware/IdeskBar Not disinfected C:\WINDOWS\SYSTEM32\IDEMLOG.EXE
Adware:adware/ideskbar Not disinfected C:\WINDOWS\SYSTEM32\idesk.conf
Adware:adware/sbsoft Not disinfected Windows Registry
Adware:Adware/Miamore Not disinfected C:\WINDOWS\system32\__delete_on_reboot__st3.dll
Adware:Adware/SearchNo Not disinfected C:\WINDOWS\__delete_on_reboot__prflbmsgp32.dll
Hacktool:HackTool/EvID Not disinfected C:\Documents and Settings\BRIAN.YOUR-1A8EB98045\Desktop\Programs\EvID4226Patch.exe
Logfile of HijackThis v1.99.1
Scan saved at 4:56:21 AM, on 12/19/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\DOCUME~1\BRIAN~1.YOU\LOCALS~1\Temp\Rar$EX00.828\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: (no name) - {77BDFA3B-DFF7-AB49-AFCD-1067C7AC63DB} - NopeZ.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll (file missing)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [TrackPointSrv] tp4mon.exe
O4 - HKLM\..\Run: [TpHotkey] C:\PROGRA~1\ThinkPad\UTILIT~1\tphkmgr.exe
O4 - HKLM\..\Run: [Uint32] install2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ms-its] MON76234.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BearShare] "C:\DOCUME~1\BRIAN~1.YOU\LOCALS~1\Temp\Rar$EX01.159\BearShare_Pro_v5.0.2.5\Crack\BearShare.exe" /pause
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [SysSupport] TRPT.exe
O4 - HKCU\..\Run: [dialer423] mozilla-text.exe
O4 - HKCU\..\Run: [AppMasterCenter] stuffmon.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O9 - Extra 'Tools' menuitem: Scan and protect your PC - {BF69DF00-4734-477F-8257-27CD04F88779} - C:\WINDOWS\system32\shdocvw.dll (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe

 

[MicroBell]

It seams you have trouble following directions. I've asked you twice now to move hijackthis to it's own folder and yet you still have it in TEMP folder.

Please download FixWareout from one of these sites:
http://downloads.subratam.org/Fixwareout.exe
http://swandog46.geekstogo.com/Fixwareout.exe

Save it to your desktop and run it. Click Next, then Install, then make sure "Run fixit" is checked and click Finish. The fix will begin; follow the prompts. You will be asked to reboot your computer; please do so. Your system may take longer than usual to load; this is NORMAL.

When your system reboots, follow the prompts. Afterwards, HijackThis will launch. Please click Scan, and check the following items:


R3 - URLSearchHook: (no name) - {77BDFA3B-DFF7-AB49-AFCD-1067C7AC63DB} - NopeZ.dll (file missing)
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll (file missing)
O2 - BHO: (no name) - {C7CF1142-0785-4B12-A280-B64681E4D45E} - C:\WINDOWS\prflbmsgp32.dll (file missing)
O4 - HKLM\..\Run: [Uint32] install2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ms-its] MON76234.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [BearShare] "C:\DOCUME~1\BRIAN~1.YOU\LOCALS~1\Temp\Rar$EX01.159\BearShare_Pro_v5.0.2.5\Crack\BearShare.exe" /pause
O4 - HKCU\..\Run: [SysSupport] TRPT.exe
O4 - HKCU\..\Run: [dialer423] mozilla-text.exe
O4 - HKCU\..\Run: [AppMasterCenter] stuffmon.exe
O4 - HKCU\..\Run: [AlexaToolbar] C:\WINDOWS\alt.exe
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)

Click Fix Checked. Close HijackThis, and click OK to proceed.

At the end of the fix, you may need to restart your computer again.

• Download win32delfkil.exe.
• Save it on your desktop.
• Double click on win32delfkil.exe and install it. This creates a new folder on your desktop called win32delfkil.
• Close all windows and open the win32delfkil folder and double click on fix.bat.
• Once the tool has finished the computer will reboot automatically. If it does not reboot...please do so manually.
  
  Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
  *Click "Options..."
  *Move the arrow down to "Custom CleanUp!"
  *Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
    [X]Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
  Click OK
  Press the CleanUp! button to start the program. Reboot/logoff when prompted.
  
  Reboot into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.
  
  Run Ewido again and let it clean the PC.
  
  Run KILL box. Paste the following locations into KILL BOX one at a time. Checkmark the box that says "Delete on Reboot" and checkmark the box "Unregister DLL" (If available) Click the RED X and it will ask you to confirm the file for deletionÂ…say YES and when the next box opens prompting you to reboot now...click NO...and proceed with the next file. Once you get to the last one click YES and it will reboot.
  
  C:\WINDOWS\SYSTEM32\IDEMLOG.EXE
  C:\WINDOWS\SYSTEM32\idesk.conf
  C:\WINDOWS\alt.exe
  C:\WINDOWS\system32\__delete_on_reboot__st3.dll
  C:\WINDOWS\__delete_on_reboot__prflbmsgp32.dll
  C:\Documents and Settings\BRIAN.YOUR-1A8EB98045\Desktop\Programs\EvID4226Patch.exe
  
  Once back to normal mode...run another Panda scan.
  
  Please post the contents of the logfile C:\fixwareout\report.txt[/b], along with a new HijackThis log and the Panda log.

 

[BRlAN]

i did too follow directions i did put it in c drive folder