Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora infected my comp :(


  • This topic is locked This topic is locked

#1
speed24

speed24

    Member

  • Member
  • PipPip
  • 11 posts
I ran Ad-Aware, and Hijack This, and Norton Anti Virus...
and Aurora still comes up trying to advertise on my computer.
here is a log:

Logfile of HijackThis v1.99.1
Scan saved at 9:24:16 PM, on 5/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Brian II\Program Downloads\Norton Antivirus 2002\navapsvc.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\system32\slserv.exe
C:\Brian II\2.08d_logo\CD\Utility\sistray.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Brian II\Program Downloads\AIM\aim.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Brian II\Program Downloads\Norton Antivirus 2002\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Brian II\Program Downloads\Norton Antivirus 2002\NavShExt.dll
O4 - HKLM\..\Run: [SiS Tray] C:\Brian II\2.08d_logo\CD\Utility\sistray.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_05\bin\npjpi142_05.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Brian II\Program Downloads\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c337.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1098122280413
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Brian II\Program Downloads\Norton Antivirus 2002\navapsvc.exe
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

I'd appreciate any help.
  • 0

Advertisements


#2
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
i also ran ad-aware and this came up under my log and yet the aurora pages keep coming and coming.


Ad-Aware SE Build 1.05
Logfile Created on:Tuesday, May 03, 2005 2:37:31 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R42 28.04.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
BargainBuddy(TAC index:8):1 total references
begin2search(TAC index:3):3 total references
BookedSpace(TAC index:10):9 total references
DyFuCA(TAC index:3):3 total references
IBIS Toolbar(TAC index:5):21 total references
istbar(TAC index:7):5 total references
Lop(TAC index:7):2 total references
MRU List(TAC index:0):35 total references
SahAgent(TAC index:9):3 total references
Tracking Cookie(TAC index:3):2 total references
WindUpdates(TAC index:8):4 total references
VX2(TAC index:10):5 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


5-3-2005 2:37:31 PM - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\Brian\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\Brian\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\ahead\cover designer\recent file list
Description : list of recently used files in ahead cover designer


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\frontpage\editor\recent templates
Description : list of recently used templates in microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent file list
Description : list of recently used files in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent page list
Description : list of recently used pages in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\frontpage\explorer\frontpage explorer\recent web list
Description : list of recently used webs in microsoft frontpage


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-19\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-20\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\microsoft management console\recent file list
Description : list of recent snap-ins used in the microsoft management console


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\office\10.0\common\open find\microsoft word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : software\musicmatch
Description : download location of the musicmatch installer


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\fileconv
Description : file conversion location settings in musicmatch jukebox


MRU List Object Recognized!
Location: : software\musicmatch\musicmatch jukebox\4.0\mmradio
Description : information on the last station listened to using musicmatch radio


MRU List Object Recognized!
Location: : .DEFAULT\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-18\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-1085031214-1935655697-1957994488-1004\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 936
ThreadCreationTime : 5-3-2005 3:22:37 PM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 5-3-2005 3:22:40 PM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1012
ThreadCreationTime : 5-3-2005 3:22:42 PM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1056
ThreadCreationTime : 5-3-2005 3:22:44 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1068
ThreadCreationTime : 5-3-2005 3:22:45 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1232
ThreadCreationTime : 5-3-2005 3:22:49 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1324
ThreadCreationTime : 5-3-2005 3:22:51 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1380
ThreadCreationTime : 5-3-2005 3:22:52 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1548
ThreadCreationTime : 5-3-2005 3:22:53 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1612
ThreadCreationTime : 5-3-2005 3:22:55 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1972
ThreadCreationTime : 5-3-2005 3:23:00 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:12 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 208
ThreadCreationTime : 5-3-2005 3:23:00 PM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:13 [mdm.exe]
FilePath : C:\Program Files\Common Files\Microsoft Shared\VS7Debug\
ProcessID : 424
ThreadCreationTime : 5-3-2005 3:23:03 PM
BasePriority : Normal
FileVersion : 7.00.9064.9150
ProductVersion : 7.00.9064.9150
ProductName : Microsoft Development Environment
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : Copyright © Microsoft Corp. 1997-2000
OriginalFilename : mdm.exe

#:14 [navapsvc.exe]
FilePath : C:\Brian II\Program Downloads\Norton Antivirus 2002\
ProcessID : 464
ThreadCreationTime : 5-3-2005 3:23:04 PM
BasePriority : Normal
FileVersion : 8.07.17
ProductVersion : 8.07.17
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Copyright © 2000-2002 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:15 [nicserv.exe]
FilePath : C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\
ProcessID : 616
ThreadCreationTime : 5-3-2005 3:23:05 PM
BasePriority : Normal
FileVersion : 1.1.0.0
ProductVersion : 1.0.0.0

#:16 [sistray.exe]
FilePath : C:\Brian II\2.08d_logo\CD\Utility\
ProcessID : 728
ThreadCreationTime : 5-3-2005 3:23:08 PM
BasePriority : Normal
FileVersion : 0.0.0.2030
ProductVersion : 0.0.0.2030
ProductName : SiS ® 630/730 SiSTray application for Windows NT4.0/2000/XP
CompanyName : Silicon Integrated Systems Corporation
FileDescription : SiS 630/730 Super VGA Tray Application
InternalName : SISTRAY 2.03.01
LegalCopyright : Copyright © Silicon Integrated Systems Corp. 1998-2000
OriginalFilename : SISTRAY.EXE
Comments : SiS 630/730 Super VGA Tray Application

#:17 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 736
ThreadCreationTime : 5-3-2005 3:23:08 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:18 [slserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 980
ThreadCreationTime : 5-3-2005 3:23:11 PM
BasePriority : Normal


#:19 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1072
ThreadCreationTime : 5-3-2005 3:23:12 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [wdfmgr.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1536
ThreadCreationTime : 5-3-2005 3:23:14 PM
BasePriority : Normal
FileVersion : 5.2.3790.1230 built by: DNSRV(bld4act)
ProductVersion : 5.2.3790.1230
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows User Mode Driver Manager
InternalName : WdfMgr
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : WdfMgr.exe

#:21 [odhost.exe]
FilePath : C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\
ProcessID : 1968
ThreadCreationTime : 5-3-2005 3:23:24 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
FileDescription : Odyssey COM Host
InternalName : OdHost
LegalCopyright : Copyright © 2003
OriginalFilename : Odhost.exe

#:22 [wpc54cfg.exe]
FilePath : C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\
ProcessID : 1992
ThreadCreationTime : 5-3-2005 3:23:26 PM
BasePriority : Normal
FileVersion : 1.0.0.24
ProductVersion : 1.3.0.1
ProductName : Linksys Instant WLAN Monitor
CompanyName : The Linksys Group, Inc.
FileDescription : Linksys Instant WLAN Monitor
InternalName : WLANMonitor.EXE
LegalCopyright : Copyright © 2003, Linksys
LegalTrademarks : Instant Wireless
OriginalFilename : WLANMonitor.EXE
Comments : Linksys Instant WLAN Monitor

#:23 [symwsc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\Security Center\
ProcessID : 168
ThreadCreationTime : 5-3-2005 3:23:26 PM
BasePriority : Normal
FileVersion : 2005.1.2.20
ProductVersion : 2005.1
ProductName : Norton Security Center
CompanyName : Symantec Corporation
FileDescription : Norton Security Center Service
InternalName : SymWSC.exe
LegalCopyright : Copyright © 1997-2004 Symantec Corporation
OriginalFilename : SymWSC.exe

#:24 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 2408
ThreadCreationTime : 5-3-2005 3:23:48 PM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:25 [aim.exe]
FilePath : C:\Brian II\Program Downloads\AIM\
ProcessID : 1116
ThreadCreationTime : 5-3-2005 5:45:17 PM
BasePriority : Normal
FileVersion : 5.9.3690
ProductVersion : 5.9.3690
ProductName : AOL Instant Messenger
CompanyName : America Online, Inc.
FileDescription : AOL Instant Messenger
InternalName : AIM
LegalCopyright : Copyright © 1996-2004 America Online, Inc.
OriginalFilename : AIM.EXE

#:26 [ad-aware.exe]
FilePath : C:\Brian II\Program Downloads\Ad-Aware SE Personal\
ProcessID : 3772
ThreadCreationTime : 5-3-2005 6:37:16 PM
BasePriority : Normal
FileVersion : 6.2.0.206
ProductVersion : VI.Second Edition
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 35


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2c4e6d22-b71f-491f-aad3-b6972a650d50}
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{86227d9c-0efe-4f8a-aa55-30386a3f5686}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{bb0d5adc-028d-4185-9288-722ddce2c757}
Value :

VX2 Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{92daf5c1-2135-4e0c-b7a0-259abfcd3904}

DyFuCA Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\avenue media

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 8
Objects found so far: 43


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 43


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : brian@tickle[1].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:brian@tickle.com/
Expires : 5-2-2007 2:19:38 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : brian@cs.sexcounter[2].txt
Category : Data Miner
Comment : Hits:5
Value : Cookie:brian@cs.sexcounter.com/
Expires : 5-12-2024 2:07:28 PM
LastSync : Hits:5
UseCount : 0
Hits : 5

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 45



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Lop Object Recognized!
Type : File
Data : splsrscb.exe
Category : Malware
Comment :
Object : C:\Program Files\Common Files\nddntdme\lbntmsrc\



Lop Object Recognized!
Type : File
Data : fnlurtasc.exe
Category : Malware
Comment :
Object : C:\Program Files\Common Files\nddntdme\nastofurod\



IBIS Toolbar Object Recognized!
Type : File
Data : A0022999.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP214\



IBIS Toolbar Object Recognized!
Type : File
Data : A0023011.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP214\



IBIS Toolbar Object Recognized!
Type : File
Data : A0023019.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP214\



IBIS Toolbar Object Recognized!
Type : File
Data : A0023049.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP214\



IBIS Toolbar Object Recognized!
Type : File
Data : A0023074.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP215\



IBIS Toolbar Object Recognized!
Type : File
Data : A0023098.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP216\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024098.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP217\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024121.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP217\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024132.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP217\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024163.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP218\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024166.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP218\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024167.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP218\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024170.cfg
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP218\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024174.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP218\



IBIS Toolbar Object Recognized!
Type : File
Data : A0024181.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP218\



WindUpdates Object Recognized!
Type : File
Data : A0025435.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP228\



WindUpdates Object Recognized!
Type : File
Data : A0025436.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP228\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : LoaderX Module
FileDescription : LoaderX Module
InternalName : LoaderX
LegalCopyright : Copyright 2005
OriginalFilename : LoaderX.EXE


WindUpdates Object Recognized!
Type : File
Data : A0025437.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP228\



SahAgent Object Recognized!
Type : File
Data : A0025460.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP229\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


SahAgent Object Recognized!
Type : File
Data : A0025461.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP229\
FileVersion : 4, 0, 0, 2
ProductVersion : 4, 0, 0, 2


SahAgent Object Recognized!
Type : File
Data : A0025475.exe
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP229\
FileVersion : 4, 0, 0, 4
ProductVersion : 4, 0, 0, 4


WindUpdates Object Recognized!
Type : File
Data : A0037129.vxd
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP245\



DyFuCA Object Recognized!
Type : File
Data : A0037132.dll
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP245\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


BargainBuddy Object Recognized!
Type : File
Data : A0037133.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP245\



begin2search Object Recognized!
Type : File
Data : A0037316.dll
Category : Data Miner
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP245\
FileVersion : 2, 6, 0, 0
ProductVersion : 2, 6, 0, 0
ProductName : Winb2s32 Module
FileDescription : Winb2s32 Module
InternalName : Winb2s32
LegalCopyright : Copyright 2002
OriginalFilename : Winb2s32.DLL


BookedSpace Object Recognized!
Type : File
Data : A0037317.exe
Category : Malware
Comment :
Object : C:\System Volume Information\_restore{D3E5B986-E742-46BB-A1C4-116D6B762F84}\RP245\



Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 73


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 73




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

IBIS Toolbar Object Recognized!
Type : Regkey
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata\sto
Value : C

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : CustomizeSearch

IBIS Toolbar Object Recognized!
Type : RegValue
Data :
Category : Data Miner
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\windows\currentversion\installer\userdata
Value : TUID

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler

istbar Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : aspfile\persistenthandler
Value :

istbar Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\downloadmanager

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\toolbar\webbrowser
Value : {0E5CBF21-D15F-11D0-8301-00AA005B4383}

VX2 Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main\featurecontrol\feature_window_restrictions
Value : iexplore.exe

DyFuCA Object Recognized!
Type : File
Data : wsem303.dll
Category : Malware
Comment :
Object : C:\WINDOWS\
FileVersion : 1, 0, 0, 1
ProductVersion : 1, 0, 0, 1
ProductName : DyFuCA_BH Module
FileDescription : DyFuCA_BH Module
InternalName : DyFuCA_BH
LegalCopyright : Copyright 2002
OriginalFilename : DyFuCA_BH.DLL


begin2search Object Recognized!
Type : File
Data : msxml3.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\



begin2search Object Recognized!
Type : File
Data : msxml3r.dll
Category : Data Miner
Comment :
Object : C:\WINDOWS\system32\
FileVersion : 8.20.8730.1
ProductVersion : 8.20.8730.1
ProductName : Microsoft Data Access Components
CompanyName : Microsoft Corporation
FileDescription : XML Resources
InternalName : MSXML3R.dll
LegalCopyright : Copyright © Microsoft Corporation. 1981-2000
OriginalFilename : MSXML3R.dll


BookedSpace Object Recognized!
Type : Regkey
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PopupMgr

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : PlaySound

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : UseSecBand

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : BlockUserInit

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : UseTimerMethod

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : UseHooks

BookedSpace Object Recognized!
Type : RegValue
Data :
Category : Malware
Comment :
Rootkey : HKEY_CURRENT_USER
Object : software\microsoft\internet explorer\new windows
Value : AllowHTTPS

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 20
Objects found so far: 93

2:49:56 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:12:24.660
Objects scanned:101533
Objects identified:58
Objects ignored:0
New critical objects:58
  • 0

#3
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello Speed24 and welcome to Geeks to Go.

Before we get underway, you may wish to print these instructions for easy reference during the fix, although please be aware that many of the required URLs are hyperlinks in the red names shown on your screen. Part of the fix will require you to be in Safe Mode, which may not allow you to access the Internet, or my instructions!

Would your name be Brian? Looking at your HJT log, you have a Trojan plus some installed malware. Let’s see if we can clean this in one go. Now if you are ready, let’s get fixing!

You are running HijackThis from the Desktop; please create a new folder for it (for example C:\Program Files\Hijackthis\Hijackthis.exe) and move the programme into it. It is very important you do this before anything else!

To start please download the following programmes, we will run them later. Please save them to a place that you will remember, I suggest the Desktop:

CCleaner
Ewido Security Suite

Install Ewido Security Suite (it is a 14-day trial version of the programme).
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The programme will prompt you to update click the OK button
  • The programme will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the programme scan the machine
While the scan is in progress you will be prompted to clean files, click OK

Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop and include it in your reply.
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O2 - BHO: ohb - {4D568F0F-8AC9-40AB-88B7-415134C78777} - C:\WINDOWS\system32\winb2s32.dll
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...bridge-c337.cab

Now close all windows other than HiJackThis, then click Fix Checked. Please now reboot into safe mode. Here's how:

Restart your computer and as soon as it starts booting up again continuously tap the F8 key. A menu should appear where you will be given the option to enter Safe Mode.

Please remove these entries from Add/Remove Programs in the Control Panel (if present):(click Start>Settings>Control Panel)

Begin2Search Bar
Windupdates

Please notify me of any other programmes that you don’t recognise in that list in your next response

Please set your system to show all files; please see here if you're unsure how to do this.

Please delete this file (if present) using Windows Explorer:

C:\WINDOWS\system32\winb2s32.dll

Close Windows Explorer and Reboot normally.

Now we must hide the files we revealed earlier by reversing the process, this is an important safeguard to stop important system files being deleted by accident.

There is almost certainly bound to be some junk (leftover bits and pieces) on your system that is doing nothing but taking up space. I would recommend that you run CCleaner. Install it, update it, check the default setting in the left-hand pane, Analyze, Run Cleaner. You may be fairly surprised by how much it finds.

Post back a fresh HijackThis log and also an Uninstall Log:

Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click Save List (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.

and I will take another look.
  • 0

#4
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
I ran Adaware SE, Cleanup, Spybot, Spyware blaster, spysweeper, killbox, ccleaner, Find It, and Ewido, also went to one of those sites that scan your comptuer and delete viruses that i saw on another Aurora post from someone else.

I only have two problems now and one is that svchost.exe is running about 5 times on my computer simultaneously.
The other problem is within the attchment i have here, i believe one of the programs deleted a file and my computer is getting errors now, but i think by adding something back into my computer then it will be fine again.


Here is the log uptodate:




Logfile of HijackThis v1.99.1
Scan saved at 11:15:36 PM, on 5/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Brian II\Program Downloads\Ewido security suite\ewidoctrl.exe
C:\Brian II\Program Downloads\Ewido security suite\ewidoguard.exe
C:\Brian II\2.08d_logo\CD\Utility\sistray.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Brian II\2.08d_logo\CD\Utility\d3dpvw.exe
C:\Brian II\2.08d_logo\CD\Utility\khooker.exe
C:\WINDOWS\explorer.exe
C:\Brian II\Program Downloads\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Brian II\Program Downloads\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Brian II\Program Downloads\Norton Antivirus 2002\NavShExt.dll
O4 - HKLM\..\Run: [SiS Tray] C:\Brian II\2.08d_logo\CD\Utility\sistray.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Brian II\Program Downloads\AIM\aim.exe
O23 - Service: ewido security suite control - ewido networks - C:\Brian II\Program Downloads\Ewido security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Brian II\Program Downloads\Ewido security suite\ewidoguard.exe
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Attached Thumbnails

  • problem_with_computer.JPG

  • 0

#5
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
another error is
Dr Watson Postmortem Debugger
and i don't know what that is but it freezes up my computer and i have to keep clicking end task.
  • 0

#6
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

Thanks for the replies but I really would have preferred to have had the two logs I requested in my previous post.

To save you looking them up, they were the Ewido log and the HJT uninstall list.

Thanks
  • 0

#7
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
those files were deleted by my family because i saved them to the desktop and my mom didn't like it there so i dont know how to retrieve since she emptied the recycling bin too. :tazz:
  • 0

#8
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

Could you please do the Ewido scan again and send me the log and also do the HJT uninstall log again.

BTW, there is nothing unusual about having more than one svchost running on your system. My pc has 5 running right now.

Thanks

Edited by Crustyoldbloke, 05 May 2005 - 08:49 AM.

  • 0

#9
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
In this post are the:
Ewido log
Hijack This log
and a picture of error message that keeps coming up that i would like to get rid of so i can use my comptuer on a regular basis. i'd appreciate it if you would take a look at it.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 7:10:20 PM, 5/5/2005
+ Report-Checksum: E13889EC

+ Date of database: 5/5/2005
+ Version of scan engine: v3.0

+ Duration: 36 min
+ Scanned Files: 47881
+ Speed: 22.15 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
No infected files found!


::Report End





HERE IS THE HIJACK THIS LOG

Logfile of HijackThis v1.99.1
Scan saved at 7:14:53 PM, on 5/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Brian II\Program Downloads\Ewido security suite\ewidoctrl.exe
C:\Brian II\Program Downloads\Ewido security suite\ewidoguard.exe
C:\Brian II\2.08d_logo\CD\Utility\sistray.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\OdHost.exe
C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\WPC54Cfg.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Brian\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Brian II\Program Downloads\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Brian II\Program Downloads\Norton Antivirus 2002\NavShExt.dll
O4 - HKLM\..\Run: [SiS Tray] C:\Brian II\2.08d_logo\CD\Utility\sistray.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Wireless-G Notebook Adapter with SpeedBooster Utility.lnk = C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\Startup.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Brian II\Program Downloads\AIM\aim.exe
O23 - Service: ewido security suite control - ewido networks - C:\Brian II\Program Downloads\Ewido security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Brian II\Program Downloads\Ewido security suite\ewidoguard.exe
O23 - Service: NICSer_WPC54GS - Unknown owner - C:\Program Files\Linksys\Wireless-G Notebook Adapter with SpeedBooster\NICServ.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Attached Thumbnails

  • Error_in_win32.JPG

  • 0

#10
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Ok most of my problems are gone now that i ran all the spyware and ewido stuff.
My system problems are gone aswell because i repaired my windows xp without deleting files.

thanks geeks to go.

Only thing i have to do now is find windows updates :tazz:
  • 0

#11
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

I am very glas to hear that your PC is running well now. Thank you again for the logs supplied, however you still did not provide the log I requested which was an uninstall log. I am happy to look at one if you could provide it.

Thanks
  • 0

#12
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
where do i find the uninstall log... ????


ALSO the repairing of windows xp took away my standby button and i'd like it if i could be able to put my computer into standby again.

is there a way to give me the standby button back
  • 0

#13
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

Please refer to post No. 3 in this thread. It clearly states how to provide an uninstall log.

Thanks
  • 0

#14
speed24

speed24

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
OK my Standby button is back had to reinstall graphics driver because i bought this laptop custom made and no backup discs were given to me.... but anywho here is uninstall log:


Absolute Poker
Ad-Aware SE Personal
Adobe Reader 7.0
AnyDVD
AOL Instant Messenger
BitTornado 0.3.8
BitTorrent 3.4.2
CCleaner (remove only)
CleanUp!
CloneDVD 2.2 Trial Version
CloneDVD2
DVD Decrypter (Remove Only)
DVD Shrink 3.2
DVD X Copy Platinum 4.0.3
Easy CD Creator 5 Basic
ewido security suite
EZ Label Xpress Lite
Google Toolbar for Internet Explorer
HijackThis 1.99.1
Intel® Create & Share® Software
IsoBuster 1.6
Java 2 Runtime Environment, SE v1.4.2_05
LimeWire 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Microsoft Office XP Professional with FrontPage
mIRC
MSN Gaming Zone
MUSICMATCH® Jukebox
Net MD Simple Burner
Norton AntiVirus 2002
Norton WMI Update
Odyssey Client
OpenMG Jukebox
OpenMG Secure Module 3.0.03
PowerDVD
QuickTime
Real Alternative 1.29
Realtek AC'97 Audio
SiS 650
SiS VGA Utilities
Sonic DLA
Sonic MyDVD
Sonic RecordNow!
Sonic Update Manager
Sony Net MD Help
SP2 Connection Patcher
Spy Sweeper
Spybot - Search & Destroy 1.3
SpywareBlaster v3.3
Tweak-SE plug-in for Ad-Aware SE
VX2 Cleaner plug-in for Ad-Aware SE
Warez P2P Client 2.75
WinAVI VideoConverter
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Service Pack 2
WinRAR archiver
Wireless-G Notebook Adapter with SpeedBooster
  • 0

#15
Crustyoldbloke

Crustyoldbloke

    Old Malware Surgeon with a shaky scalpel

  • Retired Staff
  • 15,130 posts
Hello again

The uninstall log is clean.

Is your PC trouble-free now?

Please report any problems you are having that you believe may be malware created.

Thanks.




"Edit,
As there has been no reply from the original poster this topic is now closed,
Should you have any further problems please create a new Topic,

Thanks "

Edited by Crustyoldbloke, 16 May 2005 - 03:04 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP