Worm problem ..

[dherzog]

Thanks in advance for any help. I downloaded Limewire and downloaded something I shouldn't have I think because ever since I have random things being downloaded to my computer, ex: millions of popups, lots of files in my shared file and desktop that i never downloaded. I ran my adaware and I have a Alcon Worm and I try to delete it and it always comes back. Then I saw on here someone said to download zonelabs and in the matter of one hour I had 44 intrusions blocked. Here is a copy of the hijackthis ::



Logfile of HijackThis v1.99.1
Scan saved at 10:37:30 PM, on 6/6/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZONELABS\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
c:\PROGRA~1\mcafee.com\vso\OasClnt.exe
c:\program files\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe
C:\Program Files\outlook\outlook.exe
C:\Program Files\ipwins\ipwins.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\System32\winlog.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\taskmgr.exe
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\msconfig.exe
C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
C:\WINDOWS\system32\dwdsregt.exe
c:\program files\common files\aol\1146200731\ee\aim6.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\HijackThis\HijackThis.exe

F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,glwxlcc.exe
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [winlog] winlog.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [defender] C:\\defender25.exe
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe
O4 - HKLM\..\Run: [newname] C:\\newname25.exe
O4 - HKLM\..\Run: [{D0-0C-CA-A6-ZN}] C:\WINDOWS\system32\dwdsregt.exe GID003
O4 - HKLM\..\Run: [w002ada2.dll] RUNDLL32.EXE w002ada2.dll,I2 0013a9020002ada2
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\RunServices: [winlog] winlog.exe
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000137.exe
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe
O4 - Global Startup: taskmgr.exe
O4 - Global Startup: msconfig.exe
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.com/resources/MsnPUpld.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll
O20 - AppInit_DLLs: C:\WINDOWS\System32\svchost.dll
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe

I don't have a clue what half of that stuff is. Obviously I'm downloading anything I can to get away from this thing. Any ideas? Thanks!

 

[jp198780]

if i were you, i'd go on www.microsoft.com, and download SP2.

 

[dherzog]

my step dad downloaded it onto this computer *its his* and he said that sp2 completely erased everything off of it. i had to redownload windows onto it and everything afterwards.

 

[4W4K3]

SP2 most likely didn't do that, as thousands (if not millions) of users have used it just fine (including myself). There's no way a service pack can format your hard drive, if soemthing terrible went wrong the worst that could happen would be it won't load the OS. That can be fixed without losing data.

What anti-virus are you using that is live/active? Norton, McAffee, etc.?

 

[dherzog]

SP2 most likely didn't do that, as thousands (if not millions) of users have used it just fine (including myself). There's no way a service pack can format your hard drive, if soemthing terrible went wrong the worst that could happen would be it won't load the OS. That can be fixed without losing data.

What anti-virus are you using that is live/active? Norton, McAffee, etc.?

I have mcafee, zonealarm, and ad-aware. zonealarm keeps telling me IP address' that are trying to access my computer.

 

[Computer Genius]

OMG! This log is terrible. Keyloggers Tojans, Ad-ware, Spyware. I recommend you reformat.

mcafee and ad-aware. Also download Spybot Search and Distroy (http://www.download.com/Spybot-Search-Destroy/3000-8022_4-10401314.html?tag=lst-0-1)

Remove: C:\Program Files\ipwins\ipwins.exe

Right this is difficult.
C:\WINDOWS\System32\winlog.exe this is registered to a trojan But is also essential for some programs to run. Run your anti-virus and see if it is picked up.

Also this is not suppost to be running in system32.

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\taskmgr.exe

Remove:C:\WINDOWS\system32\dwdsregt.exe

Rremove: O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing)

Also outlook is in the wrong directory.
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto

Remove: O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe

Remove: O4 - HKLM\..\Run: [defender] C:\\defender25.exe

Remove: O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe

Keyboard25 is a keylogger. So whatever you have typed will be sent to somebody who can use all your details and Credit Card Details ect. I advise you change your credit cards and passwords immediatly.

Remove: O4 - HKLM\..\Run: [newname] C:\\newname25.exe

Remove: O4 - HKLM\..\Run: [{D0-0C-CA-A6-ZN}] C:\WINDOWS\system32\dwdsregt.exe GID003

Remove: O4 - HKLM\..\Run: [w002ada2.dll] RUNDLL32.EXE w002ada2.dll,I2 0013a9020002ada2

Remove: O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000137.exe

Remove: O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe

Remove: O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM

Remove: O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing)

Remove: O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll

 

[Jars]

Please do not follow the instructions above. You have been aftected with the Alcan Worm. If buzz gets to it let him do it, otherwise i can post a fix later today. Their are fixes made for this.

 

[Computer Genius]

what Did I Say. Run His Anti-virus!

Stop Interfearing. Idiot

 

[edifier]

Computer Genius

While it is appreciated that you are trying to help, it is obvious that you are not a 'Malware Genius'.You never recommend 'reformatting' until all avenues have been exhausted.

C:\WINDOWS\System32\winlog.exe this is registered to a trojan But is also essential for some programs to run. Run your anti-virus and see if it is picked up.

This is not a legit process, PERIOD!. The legit process is ' winlogon.exe. '.

Instead of getting mad, why don't you ask 'Jars' to take over and learn from him.

 

[Computer Genius]

IT IS! I DO RESEARCH http://www.processlibrary.com/directory/files/winlog/index.php

UP YOURS

Also all the programs are in the wrong directory!

 

[edifier]

First time i've seen that so i'm glad you brought that to my attection and i stand corrected.As for your attitude, frankly it stinks and you are obviously a very immature individual!.If 'Buzz', who is very educated with malware removal, says your diagnosis and instructions are correct to help this poster, then i will take back what i've said and apologize.

 

[Jars]

I am sorry that you are taking this so offensivly. I will explain what i have learned in my training.



F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,glwxlcc. exe qoologic infection
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing) random named file
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll Legit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx Legit
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll Legit
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll Legit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe Legit
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto bad
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe Adware
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask Legit
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe Legit
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe Legit
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1 \mcafee.com\agent\mcagent.exe Legit
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe Legit
O4 - HKLM\..\Run: [winlog] winlog.exe Needs to be uploaded
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Legit
O4 - HKLM\..\Run: [defender] C:\\defender25.exe Alcan
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe Alcan
O4 - HKLM\..\Run: [newname] C:\\newname25.exe Alcan
O4 - HKLM\..\Run: [{D0-0C-CA-A6-ZN}] C:\WINDOWS\system32\dwdsregt.exe GID003 random
O4 - HKLM\..\Run: [w002ada2.dll] RUNDLL32.EXE w002ada2.dll,I2 0013a9020002ada2 random
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" Legit
O4 - HKLM\..\RunServices: [winlog] winlog.exe needs to be uploaded
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp Legit
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000137.exe Bad
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe Zeno-Bad
O4 - Global Startup: taskmgr.exe legit
O4 - Global Startup: msconfig.exe legit, but not needed for Global Startup
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe Legit
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html Legit
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM Toolbar888 adware
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html Legit
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html Legit
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html Legit
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html Legit
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html Legit
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) Trojan
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) Trojan
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll Legit
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll Virus
O20 - AppInit_DLLs: C:\WINDOWS\System32\svchost.dll Virus
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Legit
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe Legit
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe Legit
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe Legit
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe Legit
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe Legit
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe Legit

To the poster i will get to your log with full instructions as soon as i can, i have just been really busy with finals.

 

[dherzog]

I am sorry that you are taking this so offensivly. I will explain what i have learned in my training.



F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,glwxlcc. exe qoologic infection
O2 - BHO: Yvakt Class - {5C3E6596-C64F-48E0-AC1E-B9C6EB3A5915} - C:\WINDOWS\System32\x3cqp0.dll (file missing) random named file
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll Legit
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx Legit
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll Legit
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll Legit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1146200731\ee\AOLSoftware.exe Legit
O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto bad
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe Adware
O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask Legit
O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe Legit
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe Legit
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1 \mcafee.com\agent\mcagent.exe Legit
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe Legit
O4 - HKLM\..\Run: [winlog] winlog.exe Needs to be uploaded
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime Legit
O4 - HKLM\..\Run: [defender] C:\\defender25.exe Alcan
O4 - HKLM\..\Run: [keyboard] C:\\keyboard25.exe Alcan
O4 - HKLM\..\Run: [newname] C:\\newname25.exe Alcan
O4 - HKLM\..\Run: [{D0-0C-CA-A6-ZN}] C:\WINDOWS\system32\dwdsregt.exe GID003 random
O4 - HKLM\..\Run: [w002ada2.dll] RUNDLL32.EXE w002ada2.dll,I2 0013a9020002ada2 random
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" Legit
O4 - HKLM\..\RunServices: [winlog] winlog.exe needs to be uploaded
O4 - HKCU\..\Run: [Aim6] "C:\Program Files\Common Files\AOL\Launch\AOLLaunch.exe" /d locale=en-US ee://aol/imApp Legit
O4 - HKCU\..\Run: [DNS] C:\Program Files\Common Files\mc-110-12-0000137.exe Bad
O4 - Startup: Z_Start.lnk = C:\WINDOWS\system32\dwdsregt.exe Zeno-Bad
O4 - Global Startup: taskmgr.exe legit
O4 - Global Startup: msconfig.exe legit, but not needed for Global Startup
O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\1.1.514.27546\GoogleUpdater.exe Legit
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html Legit
O8 - Extra context menu item: &MyToolBar Search - res://C:\Program Files\ToolBar888\MyToolBar.dll/MENUSEARCH.HTM Toolbar888 adware
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html Legit
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html Legit
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html Legit
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html Legit
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html Legit
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) Trojan
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINDOWS\System32\dmonwv.dll (file missing) Trojan
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll Legit
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by105fd.bay105.hotmail.msn.co...s/MsnPUpld.cab
O18 - Filter: text/html - {624A3CDB-8C0A-4902-8480-191582C8498E} - C:\WINDOWS\System32\x3cqp0.dll Virus
O20 - AppInit_DLLs: C:\WINDOWS\System32\svchost.dll Virus
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe Legit
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe Legit
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe Legit
O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe Legit
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe Legit
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe Legit
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZONELABS\vsmon.exe Legit

To the poster i will get to your log with full instructions as soon as i can, i have just been really busy with finals.

Thank you so much - I have been a little confused over who to listen to and you have been the most helpful and mature. My ZoneAlarm has been popping up now that I have two trojans and I try to clean them and it won't allow me. I have no idea what I did - I'll just wait from instruction from you. Thank you so much!

 

[Computer Genius]

Thats what i basically said

 

[Computer Genius]

Mine is just as good. it is just idiots who are jelous that i helped first. And it is all correct.

 

[Jars]

First of all, idiots? Hardly. You are having him removing them using HiJackThis. Alcan virus needs a special fix. When you have him remove them using HiJack This, you have to have him delete the file, you need to learn how to use HiJackThis. Your lack of knowledge with HiJackThis will come day to haunt you.

 

[Jars]

dherzog, i have time for one thing. Lets patch your windows and do some house cleaning.


Step 1
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here: http://www.microsoft.com/windowsxp/downloads/updates/sp1/default.mspx
Apply the update, reboot, and post a fresh Hijack This log.

Step 2

1. Please download Ewido Anti-Malware

• Install ewido anti-malware
• Launch ewido, there should be an icon on your desktop, double-click it.
• The program will now open to the main screen.
• When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  
  You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update.
  • Then click on Start Update.
• The update will start and a progress bar will show the updates being installed.
  (the status bar at the bottom will display ("Update successful")
• Exit Ewido, do not run the scan yet!

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

2. Please download Brute Force Uninstaller to your desktop.

• Right click the BFU folder on your desktop, and choose Extract All
• Click "Next"
• In the box to choose where to extract the files to,
• Click "Browse"
• Click on the + sign next to "My Computer"
• Click on "Local Disk (C or whatever your primary drive is
• Click "Make New Folder"
• Type in BFU
• Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".

3. RIGHT-CLICK HERE and choose "Save As" (in IE it's "Save Target As") in order to download Alcra PLUS Remover.
Save it in the same folder you made earlier (c:\BFU).

Do not do anything with these yet!

Reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping F8 until a menu appears. Highlight Safe Mode and hit enter.

4. Once in Safe Mode, Open Ewido:

• Click on scanner
• Click on Complete System Scan and the scan will begin.
• You will be prompted to clean the first infection.
• Select "Perform action on all infections", then proceed.
• Once the scan has completed, there will be a button located on the bottom of the screen named Save report
• Click Save report.
• Save the report .txt file to your desktop or a location where you can find it easily.

Close ewido anti-malware.

5. Then, please go to Start > My Computer and navigate to the C:\BFU folder.

• Start the Brute Force Uninstaller by doubleclicking BFU.exe
• Behind the scriptline to execute field click the folder icon
  
  and select alcanshorty.bfu
• Press Execute and let the program do it’s job. (You ought to see a progress bar if you did this correctly.)
• Wait for the complete script execution box to pop up and press OK.
• Press exit to terminate the BFU program.

Reboot into normal windows and post the contents of Ewido text report that you saved and a new HiJackThis log.

Please post a new:

HijackThis log
Ewido log

 

[4W4K3]

Mine is just as good. it is just idiots who are jelous that i helped first. And it is all correct.

Get off it mate, you are immature and rude. Regardless if you are right or not, your attitude is in the wrong place. If you expect to stay here long, you'd better straighten up. I'm glad you're trying to help, but don't be all high and mighty.

 

[edifier]

I tried to be nice as evidenced by the first sentence in my first response.Hijack This is a great tool but it isn't 'the tool'.It should be part of the cleaning process, not 'the cleaning process' which is the way ' 'computer genius' does it.And all he does is 'plug' someones log into the 'analizer' and lists what is says.It's so easy to tell by his responses.So wise up with the attitude and try to learn more or take your attitude somewhere else!.

 

[Buzz1927]

I tried to be nice as evidenced by the first sentence in my first response.Hijack This is a great tool but it isn't 'the tool'.It should be part of the cleaning process, not 'the cleaning process' which is the way ' 'computer genius' does it.And all he does is 'plug' someones log into the 'analizer' and lists what is says.It's so easy to tell by his responses.So wise up with the attitude and try to learn more or take your attitude somewhere else!.

Good reply, I was about to post something similar.

Computer Genius, you might want to think about changing your user name to something more accurate.