Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware Slowing Performance: HiJack Log Included [RESOLVED]

Started by Meredia , Sep 16 2006 09:43 PM

  • This topic is locked This topic is locked

#31
Meredia
Posted 24 September 2006 - 11:45 PM

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Every last one of 'em came back...

C:\Documents and Settings\All Users\Application Data\Microsoft\eHome\logs\ehRecvr.log Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\MSDVRMM_3369727113_917504_19951 Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\TempSBE\SBE1.tmp Object is locked skipped

C:\Documents and Settings\All Users\Documents\Recorded TV\TempRec\{840582DA-E841-4DDC-9ACA-EFF4BB02805F}.TmpSBE Object is locked skipped

C:\Documents and Settings\All Users\DRM\drmstore.hds Object is locked skipped

C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Aim\gakummpi\MerediaVelies\cert8.db Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Aim\gakummpi\MerediaVelies\key3.db Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cert8.db Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\formhistory.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\history.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\key3.db Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\parent.lock Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\index.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr.log Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\dfsr.db Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\fsr.log Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\fsrtmp.log Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_96C8_DA16_C8D9_F489\tmp.edb Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Microsoft\Windows Live Contacts\[email protected]\shadow\members.stg Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_001_ Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_002_ Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_003_ Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\Cache\_CACHE_MAP_ Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\History\History.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\History\History.IE5\MSHist012006092220060923\index.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DF2AC6.tmp Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DF2B41.tmp Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFC18C.tmp Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFD0F.tmp Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temp\~DFD35.tmp Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\NTUSER.DAT Object is locked skipped

C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\ntuser.dat.LOG Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped

C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\LOG\ERRORLOG Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\master.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\mastlog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\model.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\modellog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\tempdb.mdf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Data\templog.ldf Object is locked skipped

C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\LOG\ERRORLOG Object is locked skipped

C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

C:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP4\change.log Object is locked skipped

C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped

C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped

C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped

C:\WINDOWS\Internet Logs\YOUR-2CE3A83D6A.ldb Object is locked skipped

C:\WINDOWS\Registration\{02D4B3F1-FD88-11D1-960D-00805FC79235}.{2A1BDD78-C115-4758-8951-47383FC09D7E}.crmlog Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped

C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\default Object is locked skipped

C:\WINDOWS\system32\config\default.LOG Object is locked skipped

C:\WINDOWS\system32\config\Media Ce.evt Object is locked skipped

C:\WINDOWS\system32\config\SAM Object is locked skipped

C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\SECURITY Object is locked skipped

C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

C:\WINDOWS\system32\config\software Object is locked skipped

C:\WINDOWS\system32\config\software.LOG Object is locked skipped

C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

C:\WINDOWS\system32\config\system Object is locked skipped

C:\WINDOWS\system32\config\system.LOG Object is locked skipped

C:\WINDOWS\system32\h323log.txt Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_23c.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_750.dat Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_7ac.dat Object is locked skipped

C:\WINDOWS\Temp\ZLT0685a.TMP Object is locked skipped

C:\WINDOWS\Temp\ZLT0685d.TMP Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\wiadebug.log Object is locked skipped

C:\WINDOWS\wiaservc.log Object is locked skipped

C:\WINDOWS\WindowsUpdate.log Object is locked skipped

J:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Quarantine\18130000.VBN Infected: Email-Worm.Win32.Bagle.z skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip ZIP: infected - 4 skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip ZIP: infected - 3 skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-162be4ef.zip/javainstaller/InstallerApplet.class Infected: Trojan-Downloader.Java.OpenStream.w skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-162be4ef.zip ZIP: infected - 1 skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/GetAccess.class Infected: Trojan.Java.ClassLoader.c skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/InsecureClassLoader.class Infected: Exploit.Java.ByteVerify skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/Dummy.class Infected: Trojan.Java.ClassLoader.Dummy.a skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.v skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip ZIP: infected - 4 skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip/BlackBox.class Infected: Exploit.Java.ByteVerify skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip/VerifierBug.class Infected: Exploit.Java.ByteVerify skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip/Beyond.class Infected: Trojan-Downloader.Java.OpenConnection.aa skipped

J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip ZIP: infected - 3 skipped

J:\System Volume Information\_restore{593F298F-B7D6-4A3D-A260-6D7E68E3F587}\RP4\change.log Object is locked skipped

Scan process completed.
  • 0

Advertisements

#32
Trevuren
Posted 25 September 2006 - 12:33 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please download this file - combofix.exe by sUBs
  • Double click combofix.exe & follow the prompts.
  • When finished, it will produce a log. Please save that log to post in your next reply along with a fresh HJT log.
Note:
Do not mouse-click combofix's window whille it is running. That may cause it to stall.

Regards,

Trevuren
  • 0

#33
Meredia
Posted 25 September 2006 - 07:31 AM

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Owner - 06-09-25 8:30:31.56 Service Pack 2
ComboFix 06.09.25 - Running from: "C:\Program Files\Mozilla Firefox"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\components
C:\Program Files\Common Files\{C8D9F489-089C-1033-0330-060316060001}


((((((((((((((((((((((((((((((( Files Created from 2006-08-25 to 2006-09-25 ))))))))))))))))))))))))))))))))))


2006-09-16 10:32 7,440 --a------ C:\WINDOWS\system32\sporder.dll
2006-09-16 10:06 146,432 --a------ C:\WINDOWS\REGEDIT.COM
2006-09-16 10:06 146,432 --a------ C:\WINDOWS\R.COM
2006-09-16 10:06 135,680 --a------ C:\WINDOWS\system32\T.COM
2006-09-03 05:07 386 --a------ C:\WINDOWS\purfj.dll
2006-09-02 17:21 90,112 --a------ C:\WINDOWS\system32\AVASTSS.scr
2006-09-02 17:21 635,520 --a------ C:\WINDOWS\system32\aswBoot.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-09-25 08:30 -------- d-------- C:\Program Files\Mozilla Firefox
2006-09-25 08:30 -------- d-------- C:\Program Files\Common Files
2006-09-19 23:52 -------- d-------- C:\Program Files\Winamp
2006-09-19 22:13 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\LimeWire
2006-09-19 12:44 -------- d-------- C:\Program Files\ewido anti-spyware 4.0
2006-09-18 01:34 -------- d-------- C:\Program Files\ProcessGuard
2006-09-17 21:23 -------- d-------- C:\Program Files\Port Explorer
2006-09-16 15:45 -------- d-------- C:\Program Files\MSN Messenger
2006-09-16 10:18 -------- d-------- C:\Program Files\CCleaner
2006-09-10 12:12 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\GlarySoft
2006-09-10 12:11 -------- d-------- C:\Program Files\Registry Repair
2006-09-10 12:06 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Registry Booster
2006-09-09 19:44 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Adobe
2006-09-09 16:47 -------- d-------- C:\Program Files\Zone Labs
2006-09-02 17:21 -------- d-------- C:\Program Files\Alwil Software
2006-09-02 17:05 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Help
2006-09-02 16:07 -------- d-------- C:\Program Files\Grisoft
2006-09-02 16:00 -------- d-------- C:\Program Files\Sophos SWEEP for NT
2006-09-02 15:58 -------- d-------- C:\Program Files\Sophos
2006-09-02 15:53 -------- d--h----- C:\Program Files\Uninstall Information
2006-09-02 15:52 -------- d-------- C:\Program Files\Microsoft SQL Server
2006-09-02 12:46 -------- d-------- C:\Program Files\Shockwave.com
2006-09-02 12:46 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Lavasoft
2006-09-02 12:45 -------- d-------- C:\Program Files\Lavasoft
2006-08-23 08:18 -------- d---s---- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Microsoft
2006-08-22 12:41 -------- d-------- C:\Program Files\LimeWire
2006-08-21 07:21 16896 --a------ C:\WINDOWS\system32\fltlib.dll
2006-08-21 04:14 23040 --a------ C:\WINDOWS\system32\fltmc.exe
2006-08-21 04:14 128896 --a------ C:\WINDOWS\system32\drivers\fltmgr.sys
2006-08-20 16:30 2368 --a------ C:\WINDOWS\system32\SVKP.sys
2006-08-20 16:26 356352 --a------ C:\WINDOWS\eSellerateEngine.dll
2006-08-20 16:25 -------- d-------- C:\Program Files\Deskshare
2006-08-20 16:25 -------- d-------- C:\Program Files\Common Files\DeskShare Shared
2006-08-20 15:22 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Nero
2006-08-20 15:01 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Ahead
2006-08-19 21:02 -------- d-------- C:\Program Files\Common Files\Ahead
2006-08-19 20:59 -------- d-------- C:\Program Files\Nero
2006-08-14 21:36 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2006-08-14 21:35 21840 --a------ C:\WINDOWS\system32\SIntfNT.dll
2006-08-14 21:35 17212 --a------ C:\WINDOWS\system32\SIntf32.dll
2006-08-14 21:35 12067 --a------ C:\WINDOWS\system32\SIntf16.dll
2006-08-14 21:22 94208 --a------ C:\WINDOWS\DIIUnin.exe
2006-08-14 21:22 2829 --a------ C:\WINDOWS\DIIUnin.pif
2006-08-14 20:54 86528 --a------ C:\WINDOWS\bnetunin.exe
2006-08-14 20:54 61440 --a------ C:\WINDOWS\diabunin.exe
2006-08-14 20:51 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-14 20:46 -------- d-------- C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Roxio
2006-08-09 23:45 -------- d-------- C:\Program Files\Internet Explorer
2006-08-09 14:57 26688 --a------ C:\WINDOWS\system32\drivers\procguard.sys
2006-08-05 10:25 87424 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2006-08-05 10:25 85952 --a------ C:\WINDOWS\system32\drivers\aswmon.sys
2006-08-05 10:24 16352 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2006-08-05 10:22 36176 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2006-08-05 10:20 24304 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2006-07-30 13:05 -------- d-------- C:\Program Files\Napster
2006-07-29 19:32 48936 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-07-27 08:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 03:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-12 07:41 125514 --a------ C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Cosmos Prefs
2006-07-01 17:43 107132 --a------ C:\WINDOWS\UninstallFirefox.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"AIM"="J:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"avast!"="C:\\PROGRA~1\\ALWILS~1\\Avast4\\ashDisp.exe"
"Zone Labs Client"="\"C:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,a0,00,00,00,00,00,00,00,80,02,00,00,3a,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,f2,01,00,00,b9,00,00,00,7c,00,00,00,72,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA"

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="ewido anti-spyware 4.0"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000095
"NoSaveSettings"=dword:00000000

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"InstallVisualStyle"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,\
63,65,73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,5c,52,6f,79,61,6c,65,2e,\
6d,73,73,74,79,6c,65,73,00
"InstallTheme"=hex(2):43,3a,5c,57,49,4e,44,4f,57,53,5c,52,65,73,6f,75,72,63,65,\
73,5c,54,68,65,6d,65,73,5c,52,6f,79,61,6c,65,2e,74,68,65,6d,65,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\!1_pgaccount]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="pgaccount"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\ProcessGuard\\pgaccount.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\ehTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ehtray"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\ehome\\ehtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\MSKDetectorExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSKDetct"
"hkey"="HKLM"
"command"="C:\\Program Files\\McAfee\\SpamKiller\\MSKDetct.exe /uninstall"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\readericon]
"command"="C:\\Program Files\\Digital Media Reader\\readericon45G.exe"
"item"="readericon"
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Recguard]
"command"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"item"="Recguard"
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Reminder]
"command"="%WINDIR%\\Creator\\Remind_XP.exe"
"item"="Reminder"
"hkey"="HKLM"
"key"="Software\\Microsoft\\Windows\\CurrentVersion\\Run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\TkBellExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="realsched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSCONFIG\Startupreg\Trust Cleaner]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="TrustCleaner"
"hkey"="HKCU"
"inimapping"="0"


HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders
securityproviders REG_SZ msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll



~ ~ ~ ~ ~ ~ ~ ~ Hijackthis Backups ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~

backup-20060921-224123-269
O2 - BHO: (no name) - {54F0427C-3DA1-4CB2-80D9-D71D10C6BE7F} - C:\WINDOWS\system32\pmnll.dll (file missing)
backup-20060921-224123-186
O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - (no file)

Completion time: Mon 09/25/2006 8:31:06.34
ComboFix.txt
  • 0

#34
Trevuren
Posted 25 September 2006 - 02:00 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
There are a few files in your log of which I am unsure. For that reason, I need you to submit them to Jotti's for analysis.

1. Click HERE to get to Jotti's site.

2. At the top of the Jotti window, use the Browse button to locate the following file on your system:

C:\WINDOWS\system32\T.COM

3. Once you have located the file, click SUBMIT and the content of the file will be uploaded by the site and analysed.

4. Please provide me with the results of the analysis.

5. Now please do the same with the following file:

C:\WINDOWS\R.COM

Regards,

Trevuren
  • 0

#35
Meredia
Posted 25 September 2006 - 03:52 PM

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Both were clean.
  • 0

#36
Trevuren
Posted 25 September 2006 - 04:14 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Please double-click Killbox.exe to run it.
  • Select
    • "Delete on Reboot
    • Then click on the "All Files" button if there are more than 1 file to delete.
  • Please copy the file path(s) below to the clipboard by highlighting ALL of them and pressing CTRL + C

    C:\WINDOWS\purfj.dll
    J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-1cf39f94-227af524.zip
    J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3dbcfe4d-58d74376.zip
    J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-3c936701-162be4ef.zip
    J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-6ba5f6ec.zip
    J:\Documents and Settings\Laura\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-561ea725-604b0ca8.zip



  • Return to Killbox, go to the File menu, and choose "Paste from Clipboard".
  • Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.


Now please rescan with Ewido and post both the Ewido log and a fresh HJT log.

Trevuren
  • 0

#37
Meredia
Posted 26 September 2006 - 09:11 PM

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Logfile of HijackThis v1.99.1
Scan saved at 10:10:10 PM, on 9/26/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Microsoft SQL Server\MSSQL$SOPHOS\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
J:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\ZyXEL\G360\Gcc.exe
C:\Program Files\ZyXEL\G360\OdHost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\svchost.exe
J:\NeverwinterNights\NWN\nwmain.exe
C:\Software\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.gateway.c...h...TP&M=GM5084
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AIM] J:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O4 - Global Startup: ZyXEL G-360 Wireless Adapter Utility.lnk = C:\Program Files\ZyXEL\G360\Gcc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - J:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: MSSQL$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SQLAgent$MICROSOFTSMLBIZ - Unknown owner - C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe


---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:08:53 PM 9/26/2006

+ Scan result:



HKU\S-1-5-21-1204086073-3366893570-454355634-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8CFF3D3F-775C-41F3-8CFC-2FDC45B80E22} -> Adware.CoolWebSearch : Cleaned.
HKU\S-1-5-21-1204086073-3366893570-454355634-1006\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5929CD6E-2062-44A4-B2C5-2C7E78FBAB38} -> Adware.Generic : Cleaned.
C:\!KillBox\ErrorSafeNewReleaseInstall[1].cab/UERS_9999_N91S2507NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.o : Ignored.
:mozilla.46:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.47:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.48:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.50:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.51:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.110:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.114:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.115:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Admarketplace : Cleaned.
:mozilla.120:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.237:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.238:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.239:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.240:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.24:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.25:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.26:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.27:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.28:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.29:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\[email protected][1].txt -> TrackingCookie.Bridgetrack : Cleaned.
:mozilla.249:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.40:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.151:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.116:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.117:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.118:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.119:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.41:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.42:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Cookies\owner@mediaplex[1].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.78:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.79:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.80:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.81:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.121:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.122:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.123:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.124:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.92:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.93:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.94:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.153:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.154:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.202:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.205:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.206:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.207:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.227:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.209:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.210:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.211:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.222:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.223:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.224:C:\Documents and Settings\Owner.YOUR-2CE3A83D6A\Application Data\Mozilla\Firefox\Profiles\w9sug3fv.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end
  • 0

#38
Trevuren
Posted 26 September 2006 - 10:12 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Your log looks good. If you have no more malware-related problems that you are aware of, just give me the OK and we can start the final but essential cleanup procedures and recommendations.

Trevuren
  • 0

#39
Meredia
Posted 28 September 2006 - 09:38 AM

Meredia

    Member

  • Topic Starter
  • Member
  • PipPip
  • 21 posts
Did several other scans. Found nothing but some rather benign tracking cookies at best and killed those off. Everything looks clean. Kasperky, ewido, and Avast! Antivirus all declared it to be free of other infections. Registry has been repaired to clean out any possible keys, and reboot scans are coming up clean.
  • 0

#40
Trevuren
Posted 28 September 2006 - 10:08 AM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Excellent, now please follow the steps outlined in post #26, the All Clean post.

Regards,

Trevuren
  • 0

Advertisements

#41
Trevuren
Posted 01 October 2006 - 12:02 PM

Trevuren

    Old Dog

  • Retired Staff
  • 18,699 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP