Options

trojan.smitfraud.c/daosearch/skorokonecmira

Unknown
edited April 2005 in Spyware & Virus Removal
Hi,

My computer has been infected with the trojan-spy.HTML.Smitfraud.c virus. I get popups evey 8 minutes. What is more troubling, is that about 15% of my searchs goes to this web address - www.ipassist.bizx/free.php?id=11258. It also prevents accessing almost all sites with adware or spyware in them. It has replaced my start page.

I was able to download an adware program and Microsoft anti-spware as well as Hijackthis. I've gone to the control panel and try to change the start page. It keeps reverting back. Hijackthis was able to locate the trojan. I delete and it keeps coming back. It also copies itself in the backup files on Hijackthis. I ran the Microsoft Spyware and deleted the trojan. I've gone into my download files - deleted the trojan and deleted it wherever I can find it. Whatever I do,it reverses the process.

Here is a copy of the Hijackthis log. Any help would be appreciated. Please make any suggestions as general as possible - I am not proficient in computer operations.

Logfile of HijackThis v1.99.1
Scan saved at 12:07:58 PM, on 4/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Winamp\Winampa.exe
C:\WINDOWS\system32\EXPLORER.EXE
C:\WINDOWS\system32\netd32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\Services\{1DC8CA62-5088-4791-BAA7-FD7560145C52}\SVCHOST.EXE
C:\Program Files\NetMeeting\conf.exe
C:\wp.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Netscape\Netscape 6\Netscp.exe
C:\hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapps.yahoo.com/customize/ycomp/defaults/sp/*http://www.yahoo.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\Winampa.exe"
O4 - HKLM\..\Run: [Winsock2 driver] EXPLORER.EXE
O4 - HKLM\..\Run: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Service Host] C:\WINDOWS\System32\Services\{1DC8CA62-5088-4791-BAA7-FD7560145C52}\SVCHOST.EXE
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch.exe
O4 - HKLM\..\RunServices: [Microsoft Network Daemon for Win32] netd32.exe
O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKLM\..\RunOnce: [!CleanupNetMeetingDispDriver] "C:\WINDOWS\system32\rundll32.exe" msconf.dll,CleanupNetMeetingDispDriver 0
O4 - HKCU\..\Run: [Microsoft NetMeeting] "C:\Program Files\NetMeeting\conf.exe" -Background
O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
O4 - HKCU\..\Run: [HijackThis startup scan] C:\hijack this\HijackThis.exe /startupscan
O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
O4 - HKCU\..\RunOnce: [Winsock2 driver] EXPLORER.EXE
O4 - Startup: radio@netscape.lnk = C:\Program Files\Radio@Netscape Plus\Program\radio@netscape.exe
O4 - Global Startup: file.exe
O4 - Global Startup: worldchat.exe
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Microsoft AntiSpyware helper - {E12FDFEF-65F4-4053-8DDB-45D811239C47} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E12FDFEF-65F4-4053-8DDB-45D811239C47} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {E22AE65A-7B0A-4878-8A70-1BAF74A28B1B} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E22AE65A-7B0A-4878-8A70-1BAF74A28B1B} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {EAB38775-21F3-47C9-8B4C-103332077EF2} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EAB38775-21F3-47C9-8B4C-103332077EF2} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {EDBEEBF0-5050-4B3C-A5BB-249F815CD6CC} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EDBEEBF0-5050-4B3C-A5BB-249F815CD6CC} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Microsoft AntiSpyware helper - {F5070751-8471-4D01-86C7-325FA4D92AB0} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F5070751-8471-4D01-86C7-325FA4D92AB0} - C:\WINDOWS\System32\wldr.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Microsoft AntiSpyware helper - {0443B2A8-B87F-41CB-8098-0D42897E8687} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0443B2A8-B87F-41CB-8098-0D42897E8687} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {06630B2A-A0D4-44EA-B6E6-8DF1813DCD4F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {06630B2A-A0D4-44EA-B6E6-8DF1813DCD4F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {07A5D7E2-E9B5-4264-BD82-658F142355AE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {07A5D7E2-E9B5-4264-BD82-658F142355AE} - (no file) (HKCU)
O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0ABFE1C6-8595-4B8B-B346-0C8978C5D6AC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0ABFE1C6-8595-4B8B-B346-0C8978C5D6AC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0C228842-AF58-4265-A584-483A3A779E62} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C228842-AF58-4265-A584-483A3A779E62} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {0DA40A70-2DF1-49EE-A12D-D19BD1981052} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0DA40A70-2DF1-49EE-A12D-D19BD1981052} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {15450316-1453-4F2D-8BD8-17DB04FFF7D2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {15450316-1453-4F2D-8BD8-17DB04FFF7D2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {19ED7BEC-FEA6-4A39-8B4F-366FDD8B9B43} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {19ED7BEC-FEA6-4A39-8B4F-366FDD8B9B43} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1A5D9523-E23A-4B57-AA9C-1D199AB869EA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1A5D9523-E23A-4B57-AA9C-1D199AB869EA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1C37FEE9-98DB-44D9-BE64-500CE4E05F2A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1C37FEE9-98DB-44D9-BE64-500CE4E05F2A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {1F91042F-C7AF-4B63-9D17-11AA78A38703} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1F91042F-C7AF-4B63-9D17-11AA78A38703} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {250931C9-43AF-4671-8A33-D3F84F5D9351} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {250931C9-43AF-4671-8A33-D3F84F5D9351} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {2AC0BD67-E138-4FDA-8A1E-6B6003C921CE} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AC0BD67-E138-4FDA-8A1E-6B6003C921CE} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {30FC0620-96D5-4AD7-9263-DE2ACAE8AC41} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {30FC0620-96D5-4AD7-9263-DE2ACAE8AC41} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {353CC064-54BC-463F-A1F7-E40850FD3262} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {353CC064-54BC-463F-A1F7-E40850FD3262} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3787ED2F-3EDF-4CFB-9C55-C666CB307547} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3787ED2F-3EDF-4CFB-9C55-C666CB307547} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {3E588037-3405-4455-8D40-6D7BBD8FC5BF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E588037-3405-4455-8D40-6D7BBD8FC5BF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {45CD9618-5848-4CF4-837B-31B58BE7AE9B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {45CD9618-5848-4CF4-837B-31B58BE7AE9B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {464A0532-26E4-4256-A083-58FF9D29A7E6} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {464A0532-26E4-4256-A083-58FF9D29A7E6} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {51EE1558-52F8-4069-BF6B-E572662D00B5} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {51EE1558-52F8-4069-BF6B-E572662D00B5} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {51FCB97F-FED1-4BBA-924A-45BA1DB5EF02} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {51FCB97F-FED1-4BBA-924A-45BA1DB5EF02} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5808B4F7-E9D3-4BF4-A1C3-847C0E47F6F9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5808B4F7-E9D3-4BF4-A1C3-847C0E47F6F9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5C159FFF-C064-4393-854D-7BEC99C166EC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5C159FFF-C064-4393-854D-7BEC99C166EC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {5D8154AE-B51D-4342-8CFF-8F46D2FFE561} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D8154AE-B51D-4342-8CFF-8F46D2FFE561} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6332D541-46FB-40AC-9D39-4A4BD9A725DF} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6332D541-46FB-40AC-9D39-4A4BD9A725DF} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6AD8DB79-F8DD-4988-BC16-D2427843ABE9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6AD8DB79-F8DD-4988-BC16-D2427843ABE9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6CEF22C6-9D77-4185-BC5A-CA236EE9AF8F} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6CEF22C6-9D77-4185-BC5A-CA236EE9AF8F} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6D2DB9CC-F951-47D9-9A1A-DD9109E4089A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6D2DB9CC-F951-47D9-9A1A-DD9109E4089A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {6F792CE8-6536-4EEE-A934-4CF4502F47A8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6F792CE8-6536-4EEE-A934-4CF4502F47A8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7D0A8D49-22A3-4BC4-99B2-1EBF1C7DE68B} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D0A8D49-22A3-4BC4-99B2-1EBF1C7DE68B} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7FEE7353-54AD-445B-936F-79FEC799B30A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7FEE7353-54AD-445B-936F-79FEC799B30A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {7FF9170C-09BC-4716-AB59-A4EF3CE437B3} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7FF9170C-09BC-4716-AB59-A4EF3CE437B3} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {88024DC0-078E-44BF-BB04-8640A3D38EDA} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {88024DC0-078E-44BF-BB04-8640A3D38EDA} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8BAFBD6D-3C9D-4DA0-A129-DB5BDB892E68} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8BAFBD6D-3C9D-4DA0-A129-DB5BDB892E68} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8EB7AD4E-75B4-4BA6-9243-C2C3AD4BE2F9} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8EB7AD4E-75B4-4BA6-9243-C2C3AD4BE2F9} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {8EDB6620-58C6-495C-BC46-A2CC50A0A745} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8EDB6620-58C6-495C-BC46-A2CC50A0A745} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {9029AF65-1EAC-48AB-B3D0-BFB8F6E444DC} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9029AF65-1EAC-48AB-B3D0-BFB8F6E444DC} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {94CC31CF-E90B-41D3-9EF2-2DFF7360C152} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {94CC31CF-E90B-41D3-9EF2-2DFF7360C152} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {94FC47A4-0F7C-47BE-8415-C64883A69FD2} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {94FC47A4-0F7C-47BE-8415-C64883A69FD2} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A144BFED-FA36-483C-9F06-FF9DBF8D1A6C} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A144BFED-FA36-483C-9F06-FF9DBF8D1A6C} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {A5B7BE54-27C3-499F-949C-750A08E0A905} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5B7BE54-27C3-499F-949C-750A08E0A905} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {AC2F5874-C34D-4120-9AB7-89C93F046200} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AC2F5874-C34D-4120-9AB7-89C93F046200} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BC9F2124-150C-4B85-AC5B-5E40A3D89A3A} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BC9F2124-150C-4B85-AC5B-5E40A3D89A3A} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BD400D75-45A7-4A31-8A87-1D0AF2E1A714} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD400D75-45A7-4A31-8A87-1D0AF2E1A714} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BE12E301-0244-4D17-9C7C-31864560E385} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BE12E301-0244-4D17-9C7C-31864560E385} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {BE2E102B-D656-4265-AA86-0A3CBA1698D8} - (no file) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BE2E102B-D656-4265-AA86-0A3CBA1698D8} - (no file) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E12FDFEF-65F4-4053-8DDB-45D811239C47} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E12FDFEF-65F4-4053-8DDB-45D811239C47} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {E22AE65A-7B0A-4878-8A70-1BAF74A28B1B} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E22AE65A-7B0A-4878-8A70-1BAF74A28B1B} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EAB38775-21F3-47C9-8B4C-103332077EF2} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EAB38775-21F3-47C9-8B4C-103332077EF2} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {EDBEEBF0-5050-4B3C-A5BB-249F815CD6CC} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EDBEEBF0-5050-4B3C-A5BB-249F815CD6CC} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra button: Microsoft AntiSpyware helper - {F5070751-8471-4D01-86C7-325FA4D92AB0} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F5070751-8471-4D01-86C7-325FA4D92AB0} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
O12 - Plugin for .spop: C:\PROGRA~1\INTERN~1\Plugins\NPDocBox.dll
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {2ED9BC2B-4DF1-472E-9B5E-55477D2C97F5} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a224.g.akamai.net/7/224/52/20010419/qtinstall.info.apple.com/qt501/us/win/QuickTimeInstaller.exe
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield Setup Player) - http://ftp.hp.com/pub/automatic/player/isetup.cab
O16 - DPF: {A7E092C3-692A-11D0-A7E5-08002B322F3B} (WebResponseAttachments Control) - https://webresponse.one.microsoft.com/oas/ActiveX/FileXfer.cab
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\System32\ZipToA.exe (file missing)


Many thanks,

Randy

Comments

  • SpywareShooterSpywareShooter 127.0.0.1
    edited April 2005
    This new CWS variant looks pretty nasty, just like their ways of advertising it :shakehead

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ipassist.biz/index.php?id=11258
    O4 - HKLM\..\RunServices: [MOSearch] C:\PROGRA~1\COMMON~1\System\MOSearch\Bin\mosearch. exe
    O4 - HKLM\..\RunServices: [Microsoft Network Daemon for Win32] netd32.exe
    O4 - HKLM\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
    O4 - HKLM\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O4 - HKCU\..\Run: [WindowsFY] c:\wp.exe
    O4 - HKCU\..\RunOnce: [Local runole service] C:\WINDOWS\System32\srvc32.exe
    O4 - HKCU\..\RunOnce: [Srv32 spool service] C:\WINDOWS\System32\spoolsrv32.exe
    O4 - Global Startup: file.exe
    O4 - Global Startup: worldchat.exe
    O9 - Extra button: Microsoft AntiSpyware helper - {0443B2A8-B87F-41CB-8098-0D42897E8687} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0443B2A8-B87F-41CB-8098-0D42897E8687} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {06630B2A-A0D4-44EA-B6E6-8DF1813DCD4F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {06630B2A-A0D4-44EA-B6E6-8DF1813DCD4F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {07A5D7E2-E9B5-4264-BD82-658F142355AE} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {07A5D7E2-E9B5-4264-BD82-658F142355AE} - (no file) (HKCU)
    O9 - Extra button: Dell Home - {08DCFC6C-B6E4-480C-95A4-FC64F37B787E} - http://www.dellnet.com/ (file missing) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0ABFE1C6-8595-4B8B-B346-0C8978C5D6AC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0ABFE1C6-8595-4B8B-B346-0C8978C5D6AC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0C228842-AF58-4265-A584-483A3A779E62} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0C228842-AF58-4265-A584-483A3A779E62} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {0DA40A70-2DF1-49EE-A12D-D19BD1981052} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {0DA40A70-2DF1-49EE-A12D-D19BD1981052} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {15450316-1453-4F2D-8BD8-17DB04FFF7D2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {15450316-1453-4F2D-8BD8-17DB04FFF7D2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {19ED7BEC-FEA6-4A39-8B4F-366FDD8B9B43} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {19ED7BEC-FEA6-4A39-8B4F-366FDD8B9B43} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {1A5D9523-E23A-4B57-AA9C-1D199AB869EA} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1A5D9523-E23A-4B57-AA9C-1D199AB869EA} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {1C37FEE9-98DB-44D9-BE64-500CE4E05F2A} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1C37FEE9-98DB-44D9-BE64-500CE4E05F2A} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {1F91042F-C7AF-4B63-9D17-11AA78A38703} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {1F91042F-C7AF-4B63-9D17-11AA78A38703} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {250931C9-43AF-4671-8A33-D3F84F5D9351} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {250931C9-43AF-4671-8A33-D3F84F5D9351} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {2AC0BD67-E138-4FDA-8A1E-6B6003C921CE} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {2AC0BD67-E138-4FDA-8A1E-6B6003C921CE} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {30FC0620-96D5-4AD7-9263-DE2ACAE8AC41} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {30FC0620-96D5-4AD7-9263-DE2ACAE8AC41} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {353CC064-54BC-463F-A1F7-E40850FD3262} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {353CC064-54BC-463F-A1F7-E40850FD3262} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {3787ED2F-3EDF-4CFB-9C55-C666CB307547} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3787ED2F-3EDF-4CFB-9C55-C666CB307547} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {3E588037-3405-4455-8D40-6D7BBD8FC5BF} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {3E588037-3405-4455-8D40-6D7BBD8FC5BF} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {45CD9618-5848-4CF4-837B-31B58BE7AE9B} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {45CD9618-5848-4CF4-837B-31B58BE7AE9B} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {464A0532-26E4-4256-A083-58FF9D29A7E6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {464A0532-26E4-4256-A083-58FF9D29A7E6} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {51EE1558-52F8-4069-BF6B-E572662D00B5} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {51EE1558-52F8-4069-BF6B-E572662D00B5} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {51FCB97F-FED1-4BBA-924A-45BA1DB5EF02} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {51FCB97F-FED1-4BBA-924A-45BA1DB5EF02} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5808B4F7-E9D3-4BF4-A1C3-847C0E47F6F9} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5808B4F7-E9D3-4BF4-A1C3-847C0E47F6F9} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5C159FFF-C064-4393-854D-7BEC99C166EC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5C159FFF-C064-4393-854D-7BEC99C166EC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {5D8154AE-B51D-4342-8CFF-8F46D2FFE561} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {5D8154AE-B51D-4342-8CFF-8F46D2FFE561} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {6332D541-46FB-40AC-9D39-4A4BD9A725DF} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6332D541-46FB-40AC-9D39-4A4BD9A725DF} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {6AD8DB79-F8DD-4988-BC16-D2427843ABE9} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6AD8DB79-F8DD-4988-BC16-D2427843ABE9} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {6CEF22C6-9D77-4185-BC5A-CA236EE9AF8F} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6CEF22C6-9D77-4185-BC5A-CA236EE9AF8F} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {6D2DB9CC-F951-47D9-9A1A-DD9109E4089A} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6D2DB9CC-F951-47D9-9A1A-DD9109E4089A} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {6F792CE8-6536-4EEE-A934-4CF4502F47A8} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {6F792CE8-6536-4EEE-A934-4CF4502F47A8} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7D0A8D49-22A3-4BC4-99B2-1EBF1C7DE68B} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7D0A8D49-22A3-4BC4-99B2-1EBF1C7DE68B} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7FEE7353-54AD-445B-936F-79FEC799B30A} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7FEE7353-54AD-445B-936F-79FEC799B30A} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {7FF9170C-09BC-4716-AB59-A4EF3CE437B3} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {7FF9170C-09BC-4716-AB59-A4EF3CE437B3} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {88024DC0-078E-44BF-BB04-8640A3D38EDA} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {88024DC0-078E-44BF-BB04-8640A3D38EDA} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8BAFBD6D-3C9D-4DA0-A129-DB5BDB892E68} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8BAFBD6D-3C9D-4DA0-A129-DB5BDB892E68} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8EB7AD4E-75B4-4BA6-9243-C2C3AD4BE2F9} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8EB7AD4E-75B4-4BA6-9243-C2C3AD4BE2F9} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {8EDB6620-58C6-495C-BC46-A2CC50A0A745} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {8EDB6620-58C6-495C-BC46-A2CC50A0A745} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {9029AF65-1EAC-48AB-B3D0-BFB8F6E444DC} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {9029AF65-1EAC-48AB-B3D0-BFB8F6E444DC} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {94CC31CF-E90B-41D3-9EF2-2DFF7360C152} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {94CC31CF-E90B-41D3-9EF2-2DFF7360C152} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {94FC47A4-0F7C-47BE-8415-C64883A69FD2} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {94FC47A4-0F7C-47BE-8415-C64883A69FD2} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A144BFED-FA36-483C-9F06-FF9DBF8D1A6C} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A144BFED-FA36-483C-9F06-FF9DBF8D1A6C} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {A5B7BE54-27C3-499F-949C-750A08E0A905} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {A5B7BE54-27C3-499F-949C-750A08E0A905} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {AC2F5874-C34D-4120-9AB7-89C93F046200} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {AC2F5874-C34D-4120-9AB7-89C93F046200} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BC9F2124-150C-4B85-AC5B-5E40A3D89A3A} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BC9F2124-150C-4B85-AC5B-5E40A3D89A3A} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BD400D75-45A7-4A31-8A87-1D0AF2E1A714} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BD400D75-45A7-4A31-8A87-1D0AF2E1A714} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BE12E301-0244-4D17-9C7C-31864560E385} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BE12E301-0244-4D17-9C7C-31864560E385} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {BE2E102B-D656-4265-AA86-0A3CBA1698D8} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {BE2E102B-D656-4265-AA86-0A3CBA1698D8} - (no file) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E12FDFEF-65F4-4053-8DDB-45D811239C47} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E12FDFEF-65F4-4053-8DDB-45D811239C47} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {E22AE65A-7B0A-4878-8A70-1BAF74A28B1B} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {E22AE65A-7B0A-4878-8A70-1BAF74A28B1B} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EAB38775-21F3-47C9-8B4C-103332077EF2} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EAB38775-21F3-47C9-8B4C-103332077EF2} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {EDBEEBF0-5050-4B3C-A5BB-249F815CD6CC} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {EDBEEBF0-5050-4B3C-A5BB-249F815CD6CC} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra button: Microsoft AntiSpyware helper - {F5070751-8471-4D01-86C7-325FA4D92AB0} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)
    O9 - Extra 'Tools' menuitem: Microsoft AntiSpyware helper - {F5070751-8471-4D01-86C7-325FA4D92AB0} - C:\WINDOWS\System32\wldr.dll (file missing) (HKCU)

    Fix those entries then find and delete the following files:
    C:\PROGRAM FILES\COMMON FILES\System\MOSearch\
    netd32.exe
    C:\WINDOWS\System32\srvc32.exe
    C:\WINDOWS\System32\spoolsrv32.exe
    c:\wp.exe
    file.exe
    worldchat.exe

    Then restart your computer and post a new log.
Sign In or Register to comment.