Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hi jack this log.[CLOSED]

Started by sooch90 , May 04 2005 02:54 PM

  • This topic is locked This topic is locked

#1
sooch90
Posted 04 May 2005 - 02:54 PM

sooch90

    Member

  • Member
  • PipPip
  • 51 posts
Hey, I'm getting a bunch of pop ups and my home page keeps on changeing to
"about:blank" It's pretty annoying. help would be great! Here's my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 4:50:07 PM, on 5/4/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Documents and Settings\All Users\Documents\SIERRA\Half-Life\Steam.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\nttp32.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\mfcqv32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B1972057-9AC3-F461-75AD-16E47C3F5461} - C:\WINDOWS\system32\javacl32.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [QuickTime Update Completion 0] "C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeUpdateHelper.exe" -destfullpath "C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeStreamingAuthoring.qtx" -sourcefullpath "C:\WINDOWS\SYSTEM32\QuickTime\QuickTimeStreamingAuthoring.qtx.new00" -atboottime "QuickTime Update Completion 0"
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [nttp32.exe] C:\WINDOWS\nttp32.exe
O4 - HKLM\..\RunOnce: [mfcqv32.exe] C:\WINDOWS\mfcqv32.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: winlogin.exe
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.sarangccm...eX/AlwaysOn.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atllu.exe (file missing)
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
  • 0

Advertisements

#2
Guest_thatman_*
Posted 04 May 2005 - 03:22 PM

Guest_thatman_*
  • Guest
Hi sooch90

Please read through the instructions before you start (you may want to print this out).

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Please do not run it yet, though.

Run CWShredder to fix your CWS problem.

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first.

Download and unzip cwsserviceremove to your desktop. use either link below:
cwsserviceremove


Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:

Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I)

When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.


Please set your system to show all files; please see here if you're unsure how to do this.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B1972057-9AC3-F461-75AD-16E47C3F5461} - C:\WINDOWS\system32\javacl32.dll
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [nttp32.exe] C:\WINDOWS\nttp32.exe
O4 - HKLM\..\RunOnce: [mfcqv32.exe] C:\WINDOWS\mfcqv32.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atllu.exe (file missing)
Click on Fix Checked when finished and exit HijackThis.

Reboot into Safe Mode: please see here if you are not sure how to do this.

Using Windows Explorer, locate the following files/folders, and delete them:
C:\WINDOWS\system32\javacl32.dll
C:\WINDOWS\nttp32.exe
C:\WINDOWS\mfcqv32.exe
C:\WINDOWS\atllu.exe (file missing)
Exit Explorer.Reboot as normal.

If you were unable to find any of the files then please follow these additional instructions:
Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINDOWS\system32\javacl32.dll
C:\WINDOWS\nttp32.exe
C:\WINDOWS\mfcqv32.exe
C:\WINDOWS\atllu.exe
End of killbox file;s

Reboot as normal

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#3
sooch90
Posted 04 May 2005 - 05:34 PM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
wait after I disable the Workstation NetLogon Service then what do i do? continue on with the next step? Because if you said if you don't see the service listed then continue? What do you mean?
  • 0

#4
sooch90
Posted 04 May 2005 - 05:40 PM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
also when do i use About:Buster and cwshredder?
  • 0

#5
sooch90
Posted 04 May 2005 - 05:49 PM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
also um when i looked for tools in my computer i couldn't find it. so i'm guessing it's Control Panel and then I went to appearence and themes and there it has Folder Options. But when I click on that i get an error message

(null) is not a valid Win32 application.

ahhh.
  • 0

#6
Guest_thatman_*
Posted 04 May 2005 - 09:20 PM

Guest_thatman_*
  • Guest
Hi sooch90

Download Pocket Killbox and unzip it; save it to your Desktop.

Please download and unzip
About:Buster to a folder. Inside the folder is a readme file that has instructions on the use of the program.
AboutBuster MUST be updated before you use it.
Start AboutBuster, click the update button, check for update, drag the box to the side and hit download updates, close the box . Don't run it yet.

Download CWShredder (there is a link in my signature), unzip it, and save it on the Desktop. Don't run it yet.

Please download and install AD-Aware.
Check Here on how setup and use it - please make sure you update it first. Don't run it yet.

Download and unzip cwsserviceremove to your desktop. use link below: Don't run it yet.
cwsserviceremove

Important Step
1. Go to Start->Run and type "Services.msc" (without quotes) then hit Ok
Scroll down and find the service called:
Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I)
When you find it, double-click on it. In the next window that opens, click the Stop button, then click on properties and under the General Tab, change the Startup Type to Disabled. Now hit Apply and then Ok and close any open windows. If you don´t find this service listed go ahead with the next steps.

Open Windows Explorer & Go to Tools > Folder Options. Click on the View tab and make sure that "Show hidden files and folders" is checked.
Also uncheck "Hide protected operating system files" and untick "hide extensions for known file types" . Now click "Apply to all folders"
Click "Apply" then "OK"

Clean out temporary and TIF files. Go to Start > Run and type in the box: cleanmgr. Let it scan your system for files to remove. Make sure all are checked and then press *ok* to remove:

Reboot into Safe Mode: Click here if you don't know how to do this.

Close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://C:\WINDOWS\system32\druiy.dll/sp.html#14044
R3 - Default URLSearchHook is missing
O2 - BHO: (no name) - {B1972057-9AC3-F461-75AD-16E47C3F5461} - C:\WINDOWS\system32\javacl32.dll
O4 - HKLM\..\Run: [iexplore.exe] C:\Program Files\Internet Explorer\iexplore.exe
O4 - HKLM\..\Run: [nttp32.exe] C:\WINDOWS\nttp32.exe
O4 - HKLM\..\RunOnce: [mfcqv32.exe] C:\WINDOWS\mfcqv32.exe
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\atllu.exe (file missing)
Click on Fix Checked when finished and exit HijackThis.

Double click on the cwsserviceremove and when asked to merge say yes.

Run about buster

Run CWShredder to fix your CWS problem.

Run Ad-aware

Run killbox and click the radio button that says Delete a file on reboot. For each of the files you could not delete, paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in whereupon you should answer Yes. Let the system reboot.
C:\WINDOWS\system32\javacl32.dll
C:\WINDOWS\nttp32.exe
C:\WINDOWS\mfcqv32.exe
C:\WINDOWS\atllu.exe
End of killbox file;s

Reboot as normal

Run Ad-aware

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.logWe will need them to remove previous infections that have left files on your system.

Kc :tazz:
  • 0

#7
sooch90
Posted 05 May 2005 - 07:13 PM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
hey thanks for all your help. At the moment i don't have any pop ups and my homepage is fine. the panda scanner thing, the site is down or something, so I couldn't scan.

However something did happen. After the other online scanner(the link you provided for me) was done scanning, I went to google images and looked up "World War 2." (I'm interested in that stuff). So anyway then I left it to open up hijack this. I scanned and about a minute after I scanned the screen on my computer goes completely blue. It said something about the computer went to this screen or whatever in order to prevent damage on the computer. So I rebooted and when I logged on my name, and STOPzilla's black list, virus protection thing (I have a free trial) had image.google.com on it. little confused. please help.

here is my hijack this log.

Logfile of HijackThis v1.99.1
Scan saved at 9:08:53 PM, on 5/5/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\savedump.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.sarangccm...eX/AlwaysOn.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
  • 0

#8
Guest_thatman_*
Posted 06 May 2005 - 07:38 AM

Guest_thatman_*
  • Guest
Hi sooch90

Please download, install and run this disk cleanup utility called Cleanup version 4.0!
http://downloads.ste...p/CleanUp40.exe
It will get rid of any malware which may be hiding in your temp folders ( a common hiding place). You will also regain a massive amount of disk space. Here is a tutorial which describes its usage:
http://www.bleepingc...tutorial93.html
Check the custom settings to your liking under options, but be sure to delete temporary files and temporary internet files for all user profiles. Also, cleanout the prefetch folder and the recycle bin.
Reboot when prompted to let it clean out the remaining files.

Reboot as normal

Lets see if this will finds any hidden Trojan’s http://www.ewido.net/en/download/
This setup contains the free as well as the plus-version of the ewido security suite. After the installation, a free 14-day test version containing all the extensions of the plus-version will be activated. At the end of the test phase, the extensions of the plus version are deactivated and the freeware version can be used unlimited times. The purchased license code of the plus version can be entered at any time.
Ewido will auto-udate tne run a full scan save the log when the scan has finnished.

Post the ewido log and a new HJT.Log

Kc :tazz:
  • 0

#9
sooch90
Posted 06 May 2005 - 04:39 PM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
hey that man. I found the site for the panada thing and i ran download CleanUp4.0
But when I ran Ewido, and i updated and scanned, I got an error message. It's one of those messages from microsoft that says "SecuritySuite.exe has encountered a problem and needs to close. We are soory for the inconvenience." It also gives me the option to send the error report to microsoft. It has the Ewido icon on the side too. It seems like I've been getting a bunch of these errors recently from various programs like QuickTime, or Internet explorer and stuff like that. strange. I got this error message when Ewido reached 100.00% in scanning, and on the bottom of Ewido it says "Clean "F:\WINDOWS\TEMP\_unin_.exe"" Yeah i dunno. well here is my panda scanner log and the HJT log.

Here is the panda online scanner one...


Incident Status Location

Spyware:Spyware/Cydoor No disinfected C:\WINDOWS\cdmxtras
Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/nCase No disinfected C:\WINDOWS\System32\FLEOK
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\DOCUME~1\EDOH~1\LOCALS~1\Temp\bs*.tmpbsx32
Adware:Adware/NetPals No disinfected C:\WINDOWS\System32\calsdr.dll
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\System32\a.exe
Adware:Adware/AdDestroyer No disinfected C:\Documents and Settings\Ed Oh\Start Menu\Programs\AdDestroyer
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\System32\swrt01.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Ed Oh\Application Data\tvm*.dll
Adware:Adware/SideSearch No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\DOCUME~1\EDOH~1\LOCALS~1\Temp\alchem.???
Adware:Adware/SideFind No disinfected Windows Registry
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Adware:Adware/Tubby No disinfected C:\WINDOWS\System32\MTC.ini
Adware:Adware/SuperSpider No disinfected C:\Program Files\Q330994.exe
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\System32\fiz1
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\mstasks1.exe
Adware:Adware/InstaFinder No disinfected C:\Program Files\INSTAFINK
Adware:Adware/Adsmart No disinfected Windows Registry
Virus:Trj/Downloader.CFJ Disinfected Operating system
Adware:Adware/WinActive No disinfected C:\Documents and Settings\Dad\Local Settings\Temp\bz24.tmp[bz24.tmp]
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Ed Oh\Application Data\tvmcwrd.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Ed Oh\Application Data\tvmknwrd.dll
Adware:Adware/MyWay No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232913-564.dll
Adware:Adware/MyWay No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232913-701.dll
Adware:Adware/Adblaster No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232914-566.dll
Adware:Adware/Adblaster No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232914-965.dll
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050409-201830-391.dll
Adware:Adware/MyWay No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050418-190708-619.dll
Adware:Adware/InstaFinder No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050418-190708-943.dll
Adware:Adware/MyWay No disinfected C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050420-205915-831.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\alchem.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\alchem.ini
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\Belt.ini
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\conscorr.inf
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\conscorr.ini
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\II242.tmp
Adware:Adware/Adblaster No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\ngpw34.dll
Adware:Adware/Adblaster No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\ngsw31.dll
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\p2psetup.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\pch386.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\pch437.exe
Adware:Adware/MyWay No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\temp.fr9221\mysearch.cab
Adware:Adware/MyWay No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\temp.fr9221\mysearch.cab[mySetp.exe]
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Ed Oh\Local Settings\Temp\tvmupdater.exe
Adware:Adware/SuperSpider No disinfected C:\m.exe
Adware:Adware/SuperSpider No disinfected C:\mssys.com
Possible Virus. No disinfected C:\Program Files\GameSpy Arcade\fpupdate.exe
Adware:Adware/InstaFinder No disinfected C:\Program Files\INSTAFINK\instafink.dll
Adware:Adware/SuperSpider No disinfected C:\Program Files\Q330994.exe
Adware:Adware/SuperSpider No disinfected C:\Q250204.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\alchem.ini
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\cvchost.exe
Adware:Adware/Yahoo No disinfected C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\alchem.inf
Adware:Adware/SAHAgent No disinfected C:\WINDOWS\INF\biH.inf
Adware:Adware/IPInsight No disinfected C:\WINDOWS\INF\conscorr.inf
Adware:Adware/Transponder No disinfected C:\WINDOWS\INF\polall1r.inf
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msstasks.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\mssys.com
Adware:Adware/CWS.Searchmeup No disinfected C:\WINDOWS\mstasks1.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\mstaskss.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\msxmidi.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\rocky.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\runwin32.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\seksdialer.exe
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\smdat32m.sys
Virus:Trj/Downloader.BSU Disinfected C:\WINDOWS\sysdy.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\system.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM\wmscrop.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\system.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\a.exe
Adware:Adware/NetPals No disinfected C:\WINDOWS\SYSTEM32\atiupdate5.exe
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\bH.dll
Adware:Adware/StatBlaster No disinfected C:\WINDOWS\SYSTEM32\biggie.exe
Spyware:Spyware/Bridge No disinfected C:\WINDOWS\SYSTEM32\bridge.dll
Adware:Adware/NetPals No disinfected C:\WINDOWS\SYSTEM32\calsdr.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\d2kpax.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\d2kpax.exe
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:Adware/Look2Me No disinfected C:\WINDOWS\SYSTEM32\IF01.exe
Adware:Adware/KeenValue No disinfected C:\WINDOWS\SYSTEM32\in10b6.dll
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM32\INNERADINSTALL.LOG
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\jac.dll
Spyware:Spyware/Whazit No disinfected C:\WINDOWS\SYSTEM32\kyf.dat
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\msxslab.dll
Adware:Adware/Tubby No disinfected C:\WINDOWS\SYSTEM32\MTC.ini
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\SYSTEM32\newdevin.exe
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\SYSTEM32\services
Adware:Adware/NetPals No disinfected C:\WINDOWS\SYSTEM32\siae3123.exe
Adware:Adware/VirtualBouncer No disinfected C:\WINDOWS\SYSTEM32\SWRT01.dll
Adware:Adware/Adsmart No disinfected C:\WINDOWS\SYSTEM32\thun.dll
Adware:Adware/SuperSpider No disinfected C:\WINDOWS\wininet32.exe
Adware:Adware/SuperSpider No disinfected C:\winspec.dat
Adware:Adware/Twain-Tech No disinfected F:\WINDOWS\INF\TWAINTEC.INF
Spyware:Spyware/Altnet No disinfected F:\WINDOWS\TEMP\asmfiles.cab[asm.exe]
Adware:Adware/Twain-Tech No disinfected F:\WINDOWS\TEMP\THI4B66.TMP\twaintec.inf
Spyware:Spyware/Altnet No disinfected F:\WINDOWS\TEMP\__unin__.exe
Adware:Adware/IPInsight No disinfected F:\WINDOWS\TEMP\alchem.cab[alchem.inf]
Adware:Adware/IPInsight No disinfected F:\WINDOWS\TEMP\alchem.cab[alchem.ini]
Adware:Adware/IPInsight No disinfected F:\WINDOWS\TEMP\alchem.inf
Adware:Adware/IPInsight No disinfected F:\WINDOWS\TEMP\alchem.ini
Virus:W32/Netsky.P.worm Disinfected F:\WINDOWS\Desktop\coh.zip[Inbox_5-14-2004][application.exe]
Virus:W32/Gibe.C.worm Disinfected F:\WINDOWS\Desktop\coh.zip[Old-Inbox-03-12-2004][Upgrade929.exe]
Adware:Adware/P2PNetworking No disinfected F:\WINDOWS\Desktop\hijack this\backup-20040614-220739-568.dll
Virus:W32/Netsky.P.worm Disinfected F:\WINDOWS\Temporary Internet Files\Content.IE5\8XUB056N\coh[1].zip[Inbox_5-14-2004][application.exe]
Virus:W32/Gibe.C.worm Disinfected F:\WINDOWS\Temporary Internet Files\Content.IE5\8XUB056N\coh[1].zip[Old-Inbox-03-12-2004][Upgrade929.exe]
Adware:Adware/MyWay No disinfected F:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
Adware:Adware/WebHancer No disinfected F:\Program Files\whInstall\whInstaller.ini
Adware:Adware/WebHancer No disinfected F:\Program Files\whInstall\whAgent.inf
Spyware:Spyware/Clipgenie No disinfected F:\Program Files\Support Software\SS2.DLL
Virus:W32/Verona.B Disinfected F:\save this stuff\email\inbox\In.mbx[~000964.@x@]
Virus:W32/Verona.B Disinfected F:\save this stuff\email\inbox\In.mbx[~000965.@x@]
Virus:W32/Verona.B Disinfected F:\save this stuff\email\inbox\In.mbx[~000966.@x@]
Virus:Exploit/iFrame Disinfected F:\save this stuff\email\inbox\In.mbx[~003567.@x@]
Virus:Exploit/iFrame Disinfected F:\save this stuff\email\inbox\In.mbx[~005386.@x@]
Spyware:Spyware/TVMedia No disinfected F:\TV Media\Tvm.exe


Here is the Hijack This log...

Logfile of HijackThis v1.99.1
Scan saved at 6:38:26 PM, on 5/6/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Startup: Ubisoft register.lnk = C:\Program Files\Ubisoft\Register\schedule.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.sarangccm...eX/AlwaysOn.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe



Well Thanks for all your help so far!
  • 0

#10
Guest_thatman_*
Posted 07 May 2005 - 01:18 AM

Guest_thatman_*
  • Guest
Hi sooch90

Download Pocket Killbox and unzip it; save it to your Desktop.
Run killbox and click the radio button that says Delete a file on reboot.
Copy and Paste them one at a time into the full path of file to delete box and click the red circle with a white cross in it.
The program will ask you if you want to reboot; say No each time until the last one has been pasted in where upon you should answer Yes.
Let the system reboot.
C:\WINDOWS\cdmxtras
C:\Program Files\MyWay
C:\WINDOWS\System32\FLEOK
C:\DOCUME~1\EDOH~1\LOCALS~1\Temp\bs*.tmpbsx32
C:\WINDOWS\System32\calsdr.dll
C:\Program Files\cxtpls
C:\WINDOWS\System32\a.exe
C:\Documents and Settings\Ed Oh\Start Menu\Programs\AdDestroyer
C:\WINDOWS\System32\swrt01.dll
C:\Documents and Settings\Ed Oh\Application Data\tvm*.dll
C:\DOCUME~1\EDOH~1\LOCALS~1\Temp\alchem.???
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\System32\MTC.ini
C:\Program Files\Q330994.exe
C:\WINDOWS\System32\fiz1
C:\WINDOWS\mstasks1.exe
C:\Program Files\INSTAFINK
C:\Documents and Settings\Dad\Local Settings\Temp\bz24.tmp[bz24.tmp]
C:\Documents and Settings\Ed Oh\Application Data\tvmcwrd.dll
C:\Documents and Settings\Ed Oh\Application Data\tvmknwrd.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232913-564.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232913-701.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232914-566.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backup-20040703-232914-965.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050409-201830-391.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050418-190708-619.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050418-190708-943.dll
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\backups\backup-20050420-205915-831.dll
C:\Documents and Settings\Ed Oh\Local Settings\Temp\alchem.inf
C:\Documents and Settings\Ed Oh\Local Settings\Temp\alchem.ini
C:\Documents and Settings\Ed Oh\Local Settings\Temp\Belt.ini
C:\Documents and Settings\Ed Oh\Local Settings\Temp\conscorr.inf
C:\Documents and Settings\Ed Oh\Local Settings\Temp\conscorr.ini
C:\Documents and Settings\Ed Oh\Local Settings\Temp\II242.tmp
C:\Documents and Settings\Ed Oh\Local Settings\Temp\ngpw34.dll
C:\Documents and Settings\Ed Oh\Local Settings\Temp\ngsw31.dll
C:\Documents and Settings\Ed Oh\Local Settings\Temp\p2psetup.exe
C:\Documents and Settings\Ed Oh\Local Settings\Temp\pch386.exe
C:\Documents and Settings\Ed Oh\Local Settings\Temp\pch437.exe
C:\Documents and Settings\Ed Oh\Local Settings\Temp\temp.fr9221\mysearch.cab
C:\Documents and Settings\Ed Oh\Local Settings\Temp\temp.fr9221\mysearch.cab[mySetp.exe]
C:\Documents and Settings\Ed Oh\Local Settings\Temp\tvmupdater.exe
C:\m.exe
C:\mssys.com
C:\Program Files\GameSpy Arcade\fpupdate.exe
C:\Program Files\INSTAFINK\instafink.dll
C:\Program Files\Q330994.exe
C:\Q250204.exe
C:\WINDOWS\alchem.ini
C:\WINDOWS\cvchost.exe
C:\WINDOWS\Downloaded Program Files\ycomp5_0_2_7.dll
C:\WINDOWS\INF\alchem.inf
C:\WINDOWS\INF\biH.inf
C:\WINDOWS\INF\conscorr.inf
C:\WINDOWS\INF\polall1r.inf
C:\WINDOWS\msstasks.exe
C:\WINDOWS\mssys.com
C:\WINDOWS\mstasks1.exe
C:\WINDOWS\mstaskss.exe
C:\WINDOWS\msxmidi.exe
C:\WINDOWS\rocky.exe
C:\WINDOWS\runwin32.exe
C:\WINDOWS\seksdialer.exe
C:\WINDOWS\smdat32m.sys
C:\WINDOWS\sysdy.exe
C:\WINDOWS\SYSTEM\system.exe
C:\WINDOWS\SYSTEM\wmscrop.exe
C:\WINDOWS\system.exe
C:\WINDOWS\SYSTEM32\a.exe
C:\WINDOWS\SYSTEM32\atiupdate5.exe
C:\WINDOWS\SYSTEM32\bH.dll
C:\WINDOWS\SYSTEM32\biggie.exe
C:\WINDOWS\SYSTEM32\bridge.dll
C:\WINDOWS\SYSTEM32\calsdr.dll
C:\WINDOWS\SYSTEM32\d2kpax.dll
C:\WINDOWS\SYSTEM32\d2kpax.exe
C:\WINDOWS\SYSTEM32\fiz1
C:\WINDOWS\SYSTEM32\IF01.exe
C:\WINDOWS\SYSTEM32\in10b6.dll
C:\WINDOWS\SYSTEM32\INNERADINSTALL.LOG
C:\WINDOWS\SYSTEM32\jac.dll
C:\WINDOWS\SYSTEM32\kyf.dat
C:\WINDOWS\SYSTEM32\msxslab.dll
C:\WINDOWS\SYSTEM32\MTC.ini
C:\WINDOWS\SYSTEM32\newdevin.exe
C:\WINDOWS\SYSTEM32\services
C:\WINDOWS\SYSTEM32\siae3123.exe
C:\WINDOWS\SYSTEM32\SWRT01.dll
C:\WINDOWS\SYSTEM32\thun.dll
C:\WINDOWS\wininet32.exe
C:\winspec.dat
F:\WINDOWS\INF\TWAINTEC.INF
F:\WINDOWS\TEMP\asmfiles.cab[asm.exe]
F:\WINDOWS\TEMP\THI4B66.TMP\twaintec.inf
F:\WINDOWS\TEMP\__unin__.exe
F:\WINDOWS\TEMP\alchem.cab[alchem.inf]
F:\WINDOWS\TEMP\alchem.cab[alchem.ini]
F:\WINDOWS\TEMP\alchem.inf
F:\WINDOWS\TEMP\alchem.ini
F:\WINDOWS\Desktop\hijack this\backup-20040614-220739-568.dll
F:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL
F:\Program Files\whInstall\whInstaller.ini
F:\Program Files\whInstall\whAgent.inf
F:\Program Files\Support Software\SS2.DLL
F:\TV Media\Tvm.exe
End of killbox file's

Reboot into normal mode.

Run the cleaner

Please run the following free, online virus scans.
http://www.pandasoft...n_principal.htm
http://housecall.tre.../start_corp.asp
Please post the logs From Panda virus scan and HJT.log we will need them to remove previous infections that have left files on your system.

Kc
  • 0

Advertisements

#11
sooch90
Posted 07 May 2005 - 05:40 AM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
hey thatman. I ran pocket killbox before and well first i didn't find a radio button. I just simply found a place to put in the address of the files. I didn't find a place to update my kill box, so i have 2.0.0.175. Are there any updates at all?

also when I ran pocket killbox last time, it said something like it couldn't delete the files? well I'll try again.
  • 0

#12
sooch90
Posted 07 May 2005 - 05:41 AM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
oh and for the radio thing, i just found a circle to fill in that said delete on reboot
  • 0

#13
sooch90
Posted 07 May 2005 - 06:06 AM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
hey i just did the killbox thing and i entered all of the programs. and I got something that said... "PendingFileRenameOperations registry data has been removed by external process!" what should i do?
  • 0

#14
Guest_thatman_*
Posted 07 May 2005 - 08:12 AM

Guest_thatman_*
  • Guest
Hi sooch90

Just continue untill you have removed all the files.

Then follow my last post

Thank you

Kc :tazz:
  • 0

#15
sooch90
Posted 07 May 2005 - 08:07 PM

sooch90

    Member

  • Topic Starter
  • Member
  • PipPip
  • 51 posts
k here is my hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 10:05:49 PM, on 5/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\AIM95\aim.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\Microsoft Works\MSWorks.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ed Oh\Desktop\Ed Oh's stuff\KillBox.exe
C:\Documents and Settings\Ed Oh\Desktop\Hijack this\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: (no name) - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [DAEMON Tools-1033] "C:\Program Files\D-Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O16 - DPF: Yahoo! Chess - http://download.game...nts/y/ct1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.game...ts/y/grt5_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.game...ts/y/potc_x.cab
O16 - DPF: {1DE9BB01-B121-401D-8877-BCD5ED5B7EE5} (Tpwin Control) - http://www.sarangccm...eX/AlwaysOn.CAB
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...64/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by17fd.bay17....es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe



and here is the panda online scanner log.


Incident Status Location

Adware:Adware/eZula No disinfected Windows Registry
Adware:Adware/MyWay No disinfected C:\Program Files\MyWay
Adware:Adware/nCase No disinfected C:\WINDOWS\System32\FLEOK
Spyware:Spyware/Dyfuca No disinfected Windows Registry
Adware:Adware/BookedSpace No disinfected C:\WINDOWS\bsx32
Adware:Adware/Apropos No disinfected C:\Program Files\cxtpls
Adware:Adware/VirtualBouncer No disinfected Windows Registry
Spyware:Spyware/Altnet No disinfected F:\WINDOWS\TEMP\asmfiles.cab[asm.exe]
Adware:Adware/IPInsight No disinfected F:\WINDOWS\TEMP\alchem.cab[alchem.inf]
Adware:Adware/IPInsight No disinfected F:\WINDOWS\TEMP\alchem.cab[alchem.ini]
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP