Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Aurora! [CLOSED]


  • This topic is locked This topic is locked

#1
anime666

anime666

    New Member

  • Member
  • Pip
  • 4 posts
Ok ive been battling the Aurora Pop-up all night, following the creation of Unreal Tournamnet Maps last night, i cant get textures off the net with out being pestered every one or two web pages by it, im sorry to bother you as I see so many people have this problem and it looks to be a fast growing spyware now!


Here's me Logfile, any help much appreciated and speak to ya guys soon :tazz:
Logfile of HijackThis v1.99.1
Scan saved at 08:07:03, on 29/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
c:\windows\system32\HealthNotifier.exe
C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
c:\windows\system32\zubwxu.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gogle.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gogle.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [lriwch] c:\windows\system32\zubwxu.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Make Mobile Logo - C:\PROGRA~1\MOBILE~1\MLogoContExt.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL
O9 - Extra 'Tools' menuitem: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B1AFEA2-B628-4DC4-B97C-6DE122C3F87D}: NameServer = 195.92.195.95 195.92.195.94
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: HealthNotifier - Unknown owner - c:\windows\system32\HealthNotifier.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe

  • 0

Advertisements


#2
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
anime666,
Welcome to the GTG Forums, I will be reviewing your HJT log.
Please read through these instructions before proceeding:

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

Please download Nailfix from here:
Nailfix.zip
Unzip it to the desktop but please do NOT run it yet.

Next, please reboot your computer in SafeMode by doing the following:
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
  • Instead of Windows loading as normal, a menu should appear
  • Select the first option, to run Windows in Safe Mode.
For additional help in booting into Safe Mode, see the following site:
SafeMode Help


Once in SafeMode, please double-click on Nailfix.cmd.
Your desktop and icons will disappear and reappear, and a window should open and close very quickly --- this is normal.

Then please run Ewido, and run a full scan. Save the logfile from the scan.

Now scan with HijackThis and place a checkmark next to the following items:

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =

F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab


Close all open windows except for HijackThis and click Fix Checked

Restart your computer in normal mode and please post a new HijackThis log, as well as the log from the Ewido scan by using Add Reply

Thanks,
rstones12

Edited by rstones12, 29 May 2005 - 02:13 AM.

  • 0

#3
anime666

anime666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thanx for the Uber fast reply, truely a legend!

I forgot to remove the third enrty you sed so, shall i do it now?
heres my two logs, HiJackThis and Ewido

Logfile of HijackThis v1.99.1
Scan saved at 11:20:54, on 29/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gogle.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gogle.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Make Mobile Logo - C:\PROGRA~1\MOBILE~1\MLogoContExt.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL
O9 - Extra 'Tools' menuitem: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HealthNotifier - Unknown owner - c:\windows\system32\HealthNotifier.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

----------------------------------------------------------------------------------------------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:17:19, 29/05/2005
+ Report-Checksum: BF7A8414

+ Date of database: 29/05/2005
+ Version of scan engine: v3.0

+ Duration: 77 min
+ Scanned Files: 153966
+ Speed: 33.18 Files/Second
+ Infected files: 79
+ Removed files: 79
+ Files put in quarantine: 79
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\Documents and Settings\Ben\Cookies\ben@247realmedia[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@adserver.akqa[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@as1.falkag[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@a[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@bravenet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@burstnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@counter2.hitslink[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@doubleclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@geocities[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@hb.lycos[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@pr.valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@realmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@search.msn[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@servedby.netshelter[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@spylog[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@tradedoubler[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@ts1.lexmark[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@www.altnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@www.vibrantmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Cookies\ben@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Local Settings\Temp\Cookies\ben@www.altnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ben\Local Settings\Temp\QCQ\aurareco.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Ben\Local Settings\Temp\uninstall.exe -> Spyware.EliteBar.q -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@a[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@bravenet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@burstnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@cgi-bin[3].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@geocities[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@image.masterstats[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@list[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@magpie.sitetracker[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@mediamgr.ugo[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@sexlist[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@spylog[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@statse.webtrendslive[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@targetnet[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@tribalfusion[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@xiti[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Cookies\dan@zedo[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Dan\Desktop\Warhammer Dawn Of War\Warhammer dow keygen.exe -> Trojan.Steam.a -> Cleaned with backup
C:\Documents and Settings\Ellie\Cookies\ellie@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Ellie\Cookies\ellie@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Cookies\lyn@adserver.akqa[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Cookies\lyn@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Cookies\lyn@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Cookies\lyn@com[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Cookies\lyn@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Cookies\lyn@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Cookies\lyn@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Lyn\Local Settings\Temporary Internet Files\Content.IE5\G5I34L2F\dbaccess[1].exe -> Dialer.Generic -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\9AF70806-3361-45E7-B4B2-5B08CD\136F2184-979A-4C98-92B2-B5C758 -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Screensavers.com\Installer\bin\siuninst.exe -> Spyware.Broadcap.b -> Cleaned with backup
C:\RECYCLER\S-1-5-21-354112871-173854050-551238085-1007\Dc24.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\system32\C4T.exe -> TrojanDownloader.Small.ya -> Cleaned with backup
C:\WINDOWS\system32\ifoveoe.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\LC.exe -> Spyware.WinAD.k -> Cleaned with backup
C:\WINDOWS\tylxbycrt.exe -> Spyware.BetterInternet -> Cleaned with backup


::Report End

cheers for the help i keep checkin back every 5-10 mins casue u seem liek your a fast replyer! ty for ure help so far

Anime 666
  • 0

#4
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
anime666,

OK a few things to do.
Please read through these instructions before proceeding:

Download CleanUp
Install the program, dont run it yet, we will later.

Scan with HJT and place a checkmark next to the following items.

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab

Close all browsers and open windows except HJT, then click the Fix Checked button.

Start CleanUp
When CleanUp starts go to the Options button (right side of CleanUp screen)
Uncheck cookies
This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea.
Click OK
Then click on the CleanUp button. This will take a short while, let it do its thing.
When asked to reboot system select No
Close CleanUp

Reboot your system

Download FindIt's.zip to your desktop: http://forums.net-in...=post&id=142443

1. Unzip/extract the files inside to a folder on your desktop.
2. Open the folder and run FindIt's.bat and wait for notepad to open a text file. It may take awhile so please be patient ...
3. Then post the results here along with a new HJT log by using Add Reply

Thanks,
rstones12
  • 0

#5
anime666

anime666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
OK all done, as follows:-

Find it


Microsoft Windows XP [Version 5.1.2600]
The current date is: 29/05/2005
PLEASE NOTE THAT ALL FILES FOUND BY THIS METHOD ARE NOT BAD FILES, THERE MIGHT BE LEGIT FILES LISTED AND PLEASE BE CAREFUL WHILE FIXING. IF YOU ARE UNSURE OF WHAT IT IS LEAVE THEM ALONE.
»»»»»»»»»»»»»»»»»»»»»»»» Todo Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» aurora Files found »»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Suspect's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Dont delete file's in the section without guidance
If any doubt back them up first


»»»»» lagitamate file's can/will show in this section.

»»»»»»»»»»»»»»»»»»»»»»»» Buddy file's »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» SAHAgent Files found »»»»»»»»»»»»»»»»»»»»»»»»»

»»»»»»»»»»»»»»»»»»»»»»»» Misc checks »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


»»»»» Check for Windows\SYSTEM32\cache32_rtneg* folder.

Volume in drive C is Hard Drive
Volume Serial Number is D807-2924

Directory of C:\WINDOWS\SYSTEM32

»»»»» Checking for SAHAgent ico files.
Volume in drive C is Hard Drive
Volume Serial Number is D807-2924

Directory of C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»».

and HJT

Logfile of HijackThis v1.99.1
Scan saved at 19:43:39, on 29/05/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\windows\system32\HealthNotifier.exe
C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Ben\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gogle.co.uk
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.wanadoo.c...rch/default.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.gogle.co.uk
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\googletoolbar.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\googletoolbar.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\googletoolbar.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Make Mobile Logo - C:\PROGRA~1\MOBILE~1\MLogoContExt.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\googletoolbar.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\googletoolbar.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL
O9 - Extra 'Tools' menuitem: Mobile Logo 123 - {1FB6C321-4DF9-4CEC-934D-A4E6CCAA9011} - C:\PROGRA~1\MOBILE~1\MLOGO1~1.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'xfire_lsp.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....467&clcid=0x409
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {4D7F48C0-CB49-4EA6-97D4-04F4EACC2F3B} (InstallShield Setup Player 2K2) - http://sib1.od2.com/...2/OCI/setup.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.co...ad/MsnPUpld.cab
O16 - DPF: {88D758A3-D33B-45FD-91E3-67749B4057FA} - http://dm.screensave.../sinstaller.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8B1AFEA2-B628-4DC4-B97C-6DE122C3F87D}: NameServer = 195.92.195.94 195.92.195.95
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: HealthNotifier - Unknown owner - c:\windows\system32\HealthNotifier.exe
O23 - Service: HF30Service - Unknown owner - C:\Program Files\Everstrike Software\Hide Folder 3.1\HF30Service.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: kavsvc - Kaspersky Lab - C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus Personal\kavsvc.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

Thanx for ya help is that it, or is there more spyware?

you guys are great and a really great asset to the online community ^_^

post back anime 666
  • 0

#6
rstones12

rstones12

    Malware Expert

  • Retired Staff
  • 3,731 posts
anime666,
Your log looks good, are you having anymore issues....


Here are some tips, to reduce the potential for spyware infection in the future, I strongly recommend installing the following applications:

Detect and Remove Programs:
  • How to use Ad-Aware to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Ad-Aware.
  • How to use Spybot to remove Spyware <= If you suspect that you have spyware installed on your computer, here are instructions on how to download, install and then use Spybot. Similar to Ad-Aware, I strongly recommend both to catch most spyware.
Prevention Programs:
  • Spywareblaster <= SpywareBlaster will prevent spyware from being installed.
  • Spywareguard <= SpywareGuard offers realtime protection from spyware installation attempts.
  • IE/Spyad <= IE/Spyad places over 4000 websites and domains in the IE Restricted list which will severely impair attempts to infect your system. It basically prevents any downloads (Cookies etc) from the sites listed, although you will still be able to connect to the sites.
  • MVPS Hosts file <= The MVPS Hosts file replaces your current HOSTS file with one containing well know ad sites etc. Basically, this prevents your coputer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer
  • Google Toolbar <= Get the free google toolbar to help stop pop up windows.
Other necessary Programs:
  • AntiVirus Program<= An AntiVirus program is a must! Whether it is a free version like AVG or Anti-Vir, or a shareware version like Norton or Kapersky, this is a must have.
  • Firewall<= A firewall is definatley a must have. Two good free versions are Sygate and ZoneLabs.
  • More Secure Browser<= Internet Explorer is not the most secure and best browser. There are safer and better alternatives available. I recommend Firefox, however Opera is OK as well.
Be sure to also keep up with Windows and IE updates.

Windows security and critical updates.
http://v4.windowsupd.../en/default.asp

Internet Explorer security and critical updates.
http://www.microsoft.../ie/default.asp

And also see TonyKlein's good advice
So how did I get infected in the first place? and AntiSpyware Net's spyware article: Spyware, Adware, Malware: What it is, how it got on my computer, how to get rid of it, and how to prevent it.

Thanks,
rstones12
  • 0

#7
anime666

anime666

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Thankyou very much for your time, its much apprciated.
I have taken advice to switch to firefox and I am pleased with results, its a great program and very user friendly.

:tazz: Job Well Done Mate ;)

the next thing, any more issues, my net has started disconnecting itself, I can never tell if this is a hardware or software issue!

Thanks for your help dude!

anime666
  • 0

#8
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP