Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Yazzlesudoku! [RESOLVED]


  • This topic is locked This topic is locked

#1
Slider92

Slider92

    Member

  • Member
  • PipPip
  • 91 posts
When i searched for CasaleMedia in spyhunter trial i found YazzleSudoku! But spybot and ad-aware didnt find any such thing(is spyhunter by itself spyware?) I found out on net that YazzleSudoku installed spyware if i installed the program but i havent installed the program! Anyway, I want it removed!

Hijacklog:

Logfile of HijackThis v1.99.1
Scan saved at 19:51:32, on 23.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programfiler\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\J River\Media Center 11\Media Center.exe
C:\Programfiler\BitComet\BitComet.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\hi\Hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Programfiler\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155068682812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

BTW. Theres something called ConnectionServices in my add\remove list. What is it? When i press Change\Remove it links to a page: htp://notetol dot com/uninstall.php?accept= Dont press it in case its virus or anything everybody..=P

*removed "t" and added "dot" instead of "." (Linkmaster)

Edited by Linkmaster, 26 August 2006 - 12:07 PM.

  • 0

Advertisements


#2
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Hi Slider92, Welcome to GTG !!
Sorry for the delay in reviewing your post

You may wish to print out a copy of these instructions to follow while you complete this procedure

Since it has been a few days, lets begin by downloading and running a few programs to help clean things up :

Download ATF (Atribune Temp File) Cleaner© by Atribune

Download and Install Ewido Anti-Malware© by Ewido Networks

Launch Ewido, there should be an icon on your desktop double-click it.
The program will now go to the main screen
You will need to update Ewido to the latest definition files.
On the main screen select the icon Update then select the Update now link
Next select the Start Update button, the update will start and a progress bar will show the updates being installed.
Close Ewido Anti-Malware

Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Exit on the Main menu to close the program.

Run Ewido Anti-Malware
Click on Scanner at top
Click on Settings
Once in the Settings screen click on Recommended actions and then select Quarantine
Under Reports, Select Automatically generate report after every scan
Un-Select Only if threats were found
Select the Scanner icon at the top and then the Scan tab then click on Complete System Scan
Ewido will now begin the scanning process, be patient this may take a little time
Once the scan is complete do the following :
If you have any infections you will prompted, then select Apply all actions
Next select the Reports icon at the top.
Select the Save report as button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
Close Ewido Anti-Malware

Reboot to Normal Mode

Please run ONE of these Online Virus Scans :

Run TrendMicro Housecall
Note: you must use Internet Explorer, other browsers will not work.
Under "Scan your PC", please click Scan now. It's free!
Select your location and click the Go button.
Click the red magnifying glass button.
Select Complete Scan.
Please be patient while Housecall downloads.
Please allow the ActiveX Control and when prompted click install
Put a check next to My Computer
Leave the following checked:

Scan for Spyware
Check security vulnerabilities


Click the Next button.
It will download the latest scan engine and pattern files.
When the definitions have been downloaded, the scan will start.
After it's done scanning it will take you to the summary page.
Click the Next button.
Click the drop-down to choose delete or remove on each bad guy found, if you receive a prompt click OK
Click the Next button to move onto the recovery (final) portion of the scan.
After everything has been removed, please click the Show button on everything.
Highlight all the of text and press CTRL + C to copy the text.
Open Notepad, hit Ctrl + V to Paste
Save it to the desktop

OR

Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files:
Once the files have been downloaded click on NEXT
Now click on Scan Settings
In the scan settings make that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)

Scan Options:
Scan Archives
Scan Mail Bases

Click OK

Now under select a target to scan:
Select My Computer

Then the program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button:
Save the file to your desktop.

Reboot, run HijackThis and post a fresh HijackThis Log, the Ewido Log, and the Virus Scan Log here

Thank You !!
  • 0

#3
Slider92

Slider92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Hijack Log:

Logfile of HijackThis v1.99.1
Scan saved at 12:19:01, on 27.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\Programfiler\Winamp\Winamp.exe
C:\WINDOWS\system32\CTPdeSrv.exe
C:\Programfiler\MSN Messenger\msnmsgr.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\hi\Hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Programfiler\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155068682812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe

Ewido Log: (I forgot to save the log after i had applied actions so its written no action taken but it was quarantined[but that backdoor thing came up in kapersky again])

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 09:58:41 27.08.2006

+ Scan result:



C:\WINDOWS\system32\s25p1E3VYE.ini -> Backdoor.Dragonbot.k : No action taken.
:mozilla.16:C:\Documents and Settings\Slider\Programdata\Mozilla\Firefox\Profiles\8y91ihux.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.
:mozilla.17:C:\Documents and Settings\Slider\Programdata\Mozilla\Firefox\Profiles\8y91ihux.default\cookies.txt -> TrackingCookie.Adjuggler : No action taken.


::Report end

Kapersky report: (added as attachment) Attached File  kapersky_report.html   38.53KB   22 downloads
  • 0

#4
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Reboot to Safe mode
Restart your computer and begin tapping the F8 key on your keyboard just before Windows starts to load
If done right a Windows Advanced Options menu will appear.
Select the Safe Mode option and press Enter

Please disable AdWatch, as it may hinder the removal of some entries. You can re-enable it after you're clean.
To disable AdWatch:

Open AdAware SE
Click AdWatch User Interface
Click Tools and Preferences
At the bottom of the screen you will see 2 options Active and Automatic
Active: This will turn Ad-Watch On\Off without closing it
Automatic: Suspicious activity will be blocked automatically
Uncheck both options. You can enable these after resolving your problem.

Open Windows Explorer, locate and Delete the following folders or files in RED : (if present)

C:\WINDOWS\system32\s25p1E3VYE.ini
C:\WINDOWS\system32\olwk.dll


Run ATF Cleaner
Double-click ATF Cleaner.exe
Under Main choose: Select All
Click the Empty Selected button.
Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

Reboot to Normal Mode

**Turn off System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
Check "Turn off System Restore"
Click Apply, then click OK and Reboot

**Turn ON System Restore**
On the Desktop, right-click My Computer
Click Properties
Click the System Restore tab.
UN-Check "Turn off System Restore"
Click Apply, then click OK and Reboot

Run Ewido and the Kaspersky scans again and post a fresh HijackThis log, the new Ewido log and the new Kaspersky scan log here
Let me know how your system is running !
Thanks

Edited by Linkmaster, 27 August 2006 - 05:44 AM.

  • 0

#5
Slider92

Slider92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Can i just run kaspersky on the places where i found infdected files please?`it took alot of time before it was done: 2 hours!

Cant i just run it here:

C:\documents and settings

C:\Windows

C:\Programfiles

C:\System Volume Information
  • 0

#6
Slider92

Slider92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Thx man. Seems like my system is clean.

Hijacklog:

Logfile of HijackThis v1.99.1
Scan saved at 16:32:37, on 27.08.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5450.0004)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLanCfgG.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
C:\WINDOWS\Explorer.EXE
C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
C:\Programfiler\ATI Technologies\ATI.ACE\CLI.EXE
C:\Programfiler\Trend Micro\Internet Security 2006\pccguide.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe
C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe
C:\Programfiler\SpywareGuard\sgmain.exe
C:\Programfiler\SpywareGuard\sgbhp.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\Programfiler\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programfiler\Internet Explorer\iexplore.exe
C:\hi\Hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.no/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Programfiler\SpywareGuard\dlprotect.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programfiler\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Programfiler\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Programfiler\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [DMXLauncher] C:\Programfiler\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\isuspm.exe" -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Programfiler\Fellesfiler\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ATICCC] "C:\Programfiler\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [pccguide.exe] "C:\Programfiler\Trend Micro\Internet Security 2006\pccguide.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Programfiler\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\Programfiler\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKCU\..\Run: [Creative Detector] C:\Programfiler\Creative\MediaSource\Detector\CTDetect.exe /R
O4 - Startup: SpywareGuard.lnk = C:\Programfiler\SpywareGuard\sgmain.exe
O4 - Global Startup: dlbcserv.lnk = C:\Programfiler\Dell Photo Printer 720\dlbcserv.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Save with Download Manager... - file://C:\Programfiler\J River\Media Center 11\DMDownload.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programfiler\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1155068682812
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Belkin Wireless USB Network Adapter (Belkin Wireless USB Network Adapter Service) - Unknown owner - C:\Programfiler\Belkin\Belkin Wireless Network Utility\WLService.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Programfiler\ewido anti-spyware 4.0\guard.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Programfiler\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programfiler\Fellesfiler\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Programfiler\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe


Kapersky-report:

Sunday, August 27, 2006 4:31:51 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/08/2006
Kaspersky Anti-Virus database records: 218676


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Folders
C:\Documents and Settings\
C:\Programfiler\
C:\System Volume Information\
C:\WINDOWS\

Scan Statistics
Total number of scanned objects 114379
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:59:43

Infected Object Name Virus Name Last Action
C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

C:\Documents and Settings\All Users\Programdata\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Slider\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Logg\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Programdata\ApplicationHistory\CLI.EXE.cf0e47d0.ini.inuse Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Programdata\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temp\Perflib_Perfdata_9e4.dat Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temp\Perflib_Perfdata_ad8.dat Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temp\Perflib_Perfdata_cb8.dat Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temp\Perflib_Perfdata_e4c.dat Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temp\TMP000000010F87E1A70AF00D38 Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temp\~DFB131.tmp Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temp\~DFEED0.tmp Object is locked skipped

C:\Documents and Settings\Slider\Lokale innstillinger\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Slider\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Slider\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Slider\Programdata\Lavasoft\Ad-Aware\Logs\AWEVLOG.txt Object is locked skipped

C:\Programfiler\Alcohol Soft\Alcohol 120\StarWind\logs\starwind.2006-08-27.14-12-38.log Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{3E0C683E-89DF-4C61-BBDB-4266F97EC915}\RP2\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edbtmp.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\ACEEvent.evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\DEFAULT Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Internet.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\SOFTWARE Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SYSTEM Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\drivers\dtscsi.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd.sys Object is locked skipped

C:\WINDOWS\system32\drivers\sptd7517.sys Object is locked skipped

C:\WINDOWS\system32\drivers\vaxscsi.sys Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

By the way...I have a thing called ConnectionServices in my add\remove list. Can you tell me what it is? Is it malware? When i press change\remove it links to a page. Is it safe to remove it and how do I do that?

And is Spyhunter malware?

Edited by Slider92, 27 August 2006 - 01:45 PM.

  • 0

#7
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts

By the way...I have a thing called ConnectionServices in my add\remove list


Open Windows Explorer, locate and Delete the following folders or files in RED : (if present)

C:\Program Files\ConnectionServices

Empty your Recycle Bin

And is Spyhunter malware?


It was but they seemed to clean up their act, but it still is not as good as some of the better ones :

Your log looks clean!!

Here are a few tools that I recommend for protecting your system and reduce the risk of infection again !!

Real Time Prevention
SpywareBlaster© by Javacool Software

Prevent the installation of ActiveX-based spyware, adware, browser hijackers, dialers, and other potentially unwanted pests.
Block spyware/tracking cookies in Internet Explorer and Mozilla/Firefox.
Restrict the actions of potentially dangerous sites in Internet Explorer.
Consumes no system resources.

Download, run, check for updates, download updates, select all, protect against checked. All done. Check for updates every couple of weeks. If you have any errors running the program like a missing file see the link at the bottom of the javacool page
IESpyad© by EHowes : This will add several hundred Restricted Sites to the Restricted Site Zone in IE.

File Cleaners (temp, prefetch, cookie, etc)
2000/XP Only
ATF (Atribune Temp File) Cleaner© by Atribune
All Windows
CCleaner© by CCleaner.com

Spyware Scanners:
Ad-aware SE© by Lavasoft : Provides protection and removal of trojans, dialers, malware, browser hijackers, and tracking components
Spybot - Search & Destroy© by Safer Networking : Detects and removes spyware of different kinds from your computer

Good Free Antivirus Programs:
AVG© by Grisoft
AntiVir© by H+BEDV Datentechnik GmbH
Avast© by ALWIL Software
NOTE:Remember always have just 1 antivirus program running at a time. Having more than one running causes a conflict between the programs !! You can use one as a backup to run manually

Windows Update:
It's also very important to keep your system up to date to avoid unnecessary security risks
Windows Update

Firewalls:
If you have an "always on" internet connection, such as DSL or Cable, I recommend a Firewall.
A firewall will make your pc invisible to the outside world and will filter the outgoing and incoming traffic on your pc.
For a good idea of how vulnerable your system(s) are go to GRC
Scroll down to "Shields Up" Click on "Proceed" Then click on "Common Ports"to scan your ports.
Very good Firewalls :
ZoneAlarm Firewall© by Zone Labs
Sunbelt Kerio Personal Firewall© by Sunbelt
Comodo Personal Firewall© by Comodo Group

Alternative Browsers :
Use ANY browser besides Internet Explorer, almost every exploit is crafted to take advantage of an IE weakness
FireFox© by Mozilla
Opera© by Opera Software ASA

Install Java :
Java Runtime Environment© Sun Microsystems. It's much more secure than Microsoft's Java Virtual Machine

Always keep your Antivirus & Spyware Removal Tools current with the latest definitions and updates !!

Using these tools and keeping them updated will reduce the risk of future infections!!

Do you have any questions??

Edited by Linkmaster, 27 August 2006 - 06:49 PM.

  • 0

#8
Slider92

Slider92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
ConnectionServices isnt in C:\program files. Does that meen that it isnt on my computer or is it somewhere else?
  • 0

#9
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Go to Start, Search
Click on "All Files and Folders"
In the "All or part of the file name" box type :

ConnectionServices

In the "Look in" box make sure it is pointing to "Local Hard Drives (C:, etc.)"
Click on Search
Look in the right pane, Highlight and Delete the file

Edited by Linkmaster, 28 August 2006 - 07:52 AM.

  • 0

#10
Slider92

Slider92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
It didnt find anything. Weird.
  • 0

Advertisements


#11
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
OK, lets try one more thing:

Download SpySweeper© by WebRoot (It's a 2 week trial)
Double-click sspsetup1.exe to install it.
Before installation it may ask you to check for program updates. Click YES
Then finish installation leaving all the default options.
Once the program is installed, it will ask if you wish to reboot now choose YES.
After reboot, open SpySweeper
Click Options on the left side.
Click the Sweep tab.

Under Items to Sweep make sure the following are checked:
Windows registry
Memory objects
Cookies
Compressed Files
System Restore Folder


Under Other Options make sure the following are checked:
Sweep all user accounts
Enable Direct Disk Sweeping
Sweep for rootkits


Click the Sweep button on the left side.
Click the Start Sweep button.
When it's done scanning, make sure everything has a check next to it, then click the Quarantine Selected button.
It will quarantine all of the items found.
Click View Session Log in the right corner above the box where the items are listed.
Click Save to File and save it on your desktop.
Close SpySweeper
Copy and Paste the contents of the Spy Sweeper Session Log.txt here
NOTE: you can get to the log by clicking Options on the left
Then, View Session Log will be listed under Other Options
  • 0

#12
Slider92

Slider92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
19:16: Shield States
19:16: Spyware Definitions: 750
19:15: Spy Sweeper 5.0.5.1286 started
18:44: | End of Session, 29. august 2006 |
18:43: Your spyware definitions have been updated.
Operation: File Access
Target:
Source:
18:43: Tamper Detection
18:42: Windows Messenger Service Shield: On
Keylogger Shield: On
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites Shield: Off
Hosts File Shield: On
Spy Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: Off
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: On
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
18:42: Shield States
18:42: Spyware Definitions: 691
18:42: Spy Sweeper 5.0.5.1286 started
18:42: Spy Sweeper 5.0.5.1286 started
18:42: | Start of Session, 29. august 2006 |
********
19:12: Removal process completed. Elapsed time 00:00:22
19:12: Preparing to restart your computer. Please wait...
19:12: Quarantining All Traces: comet cursor
19:12: c:\documents and settings\slider\lokale innstillinger\programdata\microsoft\messenger\[email protected]\sharingmetadata\[email protected]\dfsr\staging\cs{9ed4686c-5c33-c616-7dbc-e62382fd00e1}\39\39-{0af6059e-0d45-400a-8397-8a44326bc193}-v39-{0af6059e-0d45-400a-8397-8a44326bc193}-v39-downloading.frx is in use. It will be removed on reboot.
19:12: c:\windows\dlndh1.dll is in use. It will be removed on reboot.
19:12: potentially rootkit-masked files is in use. It will be removed on reboot.
19:12: Quarantining All Traces: potentially rootkit-masked files
19:12: Removal process initiated
19:12: Traces Found: 3
19:12: Full Sweep has completed. Elapsed time 00:27:30
19:12: File Sweep Complete, Elapsed Time: 00:25:32
Ingen tilgang
19:11: Warning: Unable to sweep compressed file: System Error. Code: 5.
19:07: c:\documents and settings\slider\lokale innstillinger\programdata\microsoft\messenger\[email protected]\sharingmetadata\[email protected]\dfsr\staging\cs{9ed4686c-5c33-c616-7dbc-e62382fd00e1}\39\39-{0af6059e-0d45-400a-8397-8a44326bc193}-v39-{0af6059e-0d45-400a-8397-8a44326bc193}-v39-downloading.frx (ID = 0)
19:07: c:\windows\dlndh1.dll (ID = 0)
19:07: Found System Monitor: potentially rootkit-masked files
19:07: Warning: Failed to access drive L:
19:07: Warning: Failed to access drive K:
19:07: Warning: Failed to access drive J:
19:07: Warning: Failed to access drive H:
19:07: Warning: Failed to access drive G:
19:07: Warning: Failed to access drive F:
19:07: Warning: Failed to access drive E:
19:07: Warning: Failed to access drive D:
19:06: Warning: Failed to open file "c:\documents and settings\slider\lokale innstillinger\programdata\microsoft\messenger\[email protected]\sharingmetadata\[email protected]\dfsr\staging\cs{9ed4686c-5c33-c616-7dbc-e62382fd00e1}\39\39-{0af6059e-0d45-400a-8397-8a44326bc193}-v39-{0af6059e-0d45-400a-8397-8a44326bc193}-v39-downloading.frx". Operasjonen er utfřrt
18:46: Starting File Sweep
18:46: Cookie Sweep Complete, Elapsed Time: 00:00:00
18:46: Starting Cookie Sweep
18:46: Registry Sweep Complete, Elapsed Time:00:00:29
18:46: HKLM\software\screensavers.com\ (ID = 140569)
18:46: Found Adware: comet cursor
18:46: Starting Registry Sweep
18:46: Memory Sweep Complete, Elapsed Time: 00:01:24
18:44: Starting Memory Sweep
18:44: Sweep initiated using definitions version 750
18:44: Spy Sweeper 5.0.5.1286 started
18:44: | Start of Session, 29. august 2006 |
********
  • 0

#13
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
Did you reboot after the scan ??

Do you still see ConnectionServices in Add/Remove ??
  • 0

#14
Slider92

Slider92

    Member

  • Topic Starter
  • Member
  • PipPip
  • 91 posts
Yeah i rebooted and its still there. What is it anyway?
  • 0

#15
Linkmaster

Linkmaster

    Visiting Staff

  • Member
  • PipPipPip
  • 940 posts
It is Spyware that will direct you to some site (like the one you found when ou clicked on it trying to remove it)

Lets run 1 more scan !
Stubborn bugger!!

Download and Extract ComboFix© by sUBs to your Desktop
Double click combofix.exe & follow the prompts.
Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall
When finished, it will produce a log for you
Post the contents of that log here !
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP