Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Tuesday 4.3.2025 / 13:27
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > http://85.12.43.75/tst20.html virus
Show topics
 
Forums
Forums
http://85.12.43.75/tst20.html VIRUS
  Jump to:
 
Posted Message
bloodytom
Newbie
_ 		16. February 2009 @ 23:44 _ Link to this message    Send private message to this user   
Hey i need some help with the http://85.12.43.75/tst20.html virus. [the one with the spamming pop ups :(] my hijackthis results as follows:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:33:19 p.m., on 17/02/2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\Hewlett-Packard\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\ToolBoxFX\bin\HPTLBXFX.exe
C:\Program Files\Hewlett-Packard\Toolbox\jre\bin\javaw.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320 series\Digital

Imaging\bin\hpqtra08.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\palmOne\HOTSYNC.EXE
C:\PROGRA~1\MICROS~3\rapimgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Transparent Windows\Transparent.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Dragon\Desktop\HiJackThis\HijackThis.exe
C:\Documents and Settings\Dragon\Desktop\HiJackThis\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: {034d8958-7176-9209-e8f4-75f790d5b4c7} - {7c4b5d09-7f57-4f8e-9029-67178598d430} -

C:\WINDOWS\system32\yqenhu.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {85f93b31-1e63-4960-9235-3a250888062c} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program

Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {ea98320d-eeaa-4c74-b98a-4353157ac8d2} - C:\WINDOWS\system32

\nukugego.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [TomcatStartup 2.5] C:\Program Files\Hewlett-Packard\Toolbox\hpbpsttp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [StatusClient 2.6] C:\Program Files\Hewlett-

Packard\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HPPQVideo] "C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320

series\ScheduledLaunch\HP Color LaserJet CP1510 Series\bin\hppschlnch.exe" -r

SOFTWARE\Hewlett-Packard\ScheduledLaunch\CLJ_CP1510_Series -f PQOptimizerVideo.xml -o

remindLater
O4 - HKLM\..\Run: [ToolBoxFX] "C:\Program Files\Hewlett-Packard\hp LaserJet 1160_1320

series\ToolBoxFX\bin\HPTLBXFX.exe" /enum:on /alerts:on /notifications:on /fl:on /fr:on

/appData:on
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0

\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Burn Proc Ping Cash] C:\Documents and Settings\All Users\Application

Data\lite grim burn proc\Cake Clock.exe
O4 - HKLM\..\Run: [zuwolapubo] Rundll32.exe "C:\WINDOWS\system32\gehofoza.dll",s
O4 - HKLM\..\Run: [c029f964] rundll32.exe "C:\WINDOWS\system32\wuzaduzi.dll",b
O4 - HKLM\..\Run: [CPMc31acaf8] Rundll32.exe "c:\windows\system32\fuzoyalu.dll",a
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft

ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search &

Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [camptwo] C:\DOCUME~1\Dragon\APPLIC~1\HOPEVI~1\media locks.exe
O4 - HKUS\S-1-5-18\..\Run: [Windows Guard] waumgrd.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Windows Guard] waumgrd.exe (User 'Default user')
O4 - S-1-5-18 Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (User

'SYSTEM')
O4 - S-1-5-18 Startup: Transparent Windows.lnk = %APPDATA%\Microsoft\Installer\{26E30F32-

01C0-47EF-930B-D36B676B86A9}\_294823.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE (User

'Default user')
O4 - .DEFAULT Startup: Transparent Windows.lnk = %APPDATA%\Microsoft\Installer\{26E30F32-

01C0-47EF-930B-D36B676B86A9}\_294823.exe (User 'Default user')
O4 - Startup: HotSync Manager.lnk = C:\Program Files\palmOne\HOTSYNC.EXE
O4 - Startup: Transparent Windows.lnk = %APPDATA%\Microsoft\Installer\{26E30F32-01C0-47EF-

930B-D36B676B86A9}\_294823.exe
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0

\Distillr\acrotray.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\Hewlett-Packard\hp

LaserJet 1160_1320 series\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: LCDPlayer.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2

\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {0062C9BD-B349-40DE-91A0-755F37ACD559} - (no file)
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program

Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -

C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program

Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-

D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} -

C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1

\MICROS~3\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-

00C04FAE2D4F} - C:\PROGRA~1\MICROS~3\INetRepl.dll
O9 - Extra button: TestPokerStars.com - {809132AF-89D2-4d52-AA03-AB4E35BBDC5B} - C:\Program

Files\PokerStars.TEST\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2

\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

E:\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} -

E:\PartyPoker\RunApp.exe (file missing)
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and

Settings\Dragon\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program

Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4

-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program

Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://xtra.co.nz
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) -

http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} -

http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) -

http://appdirectory.messenger.msn.com/Ap...ap/PhtPkMSN.cab
O16 - DPF: {A1F2F2CE-06AF-483C-9F12-D3BAA72477D6} (BatchDownloader Class) -

http://appdirectory.messenger.msn.com/Ap...ap/DigWXMSN.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Mes...nt.cab56907.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) -

http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{F236FD3A-3986-4423-834D-B1CB093BBABD}: NameServer =

202.27.158.40,202.27.156.72
O20 - AppInit_DLLs: \WINDOWS\system32\husugudi.dll C:\WINDOWS\system32\kimulizi.dll

C:\WINDOWS\system32\vonowiya.dll C:\WINDOWS\system32\lusokiba.dll C:\WINDOWS\system32

\dirupahu.dll C:\WINDOWS\system32\pabinula.dll C:\WINDOWS\system32\susopaya.dll yqenhu.dll

C:\WINDOWS\system32\fazugine.dll C:\WINDOWS\system32\yobivola.dll c:\windows\system32

\fuzoyalu.dll c:\windows\system32\kirenalo.dll c:\windows\system32\heparira.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32

\fuzoyalu.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} -

c:\windows\system32\fuzoyalu.dll
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common

Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program

Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program

Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1

\LUCOMS~1.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program

Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program

Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program

Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 12044 bytes
[ + quote]
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > http://85.12.43.75/tst20.html virus
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2025 by AfterDawn Ltd.

  IDG TechNetwork