Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Please view log, help rid Spyware And Adware


  • This topic is locked This topic is locked

#1
eeastewart

eeastewart

    New Member

  • Member
  • Pip
  • 6 posts
Something (or lots of things) very nasty invaded my computer and installed themselves. I've managed to uninstall a number of programs and control the popups and delete viruses spotted by Norton and Microsoft tools, plus other Anti-adware and anti-spyware programs. But things aren't sorted yet - there seem to be some vestiges of these nasty programs (e.g. shortcuts to internet sites are being added to my desktop automatically). There are also a couple of programs that I can't uninstall without visiting their sites (which I haven't):
The ABI Network - A division of direct revenue
Windows AFA Internet Enhancement

I'm pasting an Ewido report and a HJT log.
Looking forward to your response. Thanks!

EWIDO:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 11:42:53, 20/06/2005
+ Report-Checksum: 7939888

+ Date of database: 20/06/2005
+ Version of scan engine: v3.0

+ Duration: 110 min
+ Scanned Files: 84361
+ Speed: 12.70 Files/Second
+ Infected files: 84
+ Removed files: 42
+ Files put in quarantine: 42
+ Files that could not be opened: 0
+ Files that could not be cleaned: 42

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\
D:\
C:\
D:\

+ Scan result:
C:\Documents and Settings\Administrator\Cookies\administrator@adremote.timeinc[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@bravenet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\478508.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\AutoUpdate0\auto_update_install.exe -> Spyware.POP.dl -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\Del14.tmp -> TrojanDownloader.Small.asf -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\drp71.tmp\thnall2c.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\DrTemp\ceres.dll -> Spyware.BetterInternet.d -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\DrTemp\polall2c.exe -> Trojan.Agent.ay -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\f424760.exe -> TrojanDownloader.Qoologic.n -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4F.EXE -> Spyware.SmartPops -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\pcs_0009.exe -> Spyware.Pacer.b -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0009.exe -> Spyware.Pacer -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temp\thin-94-1-x-x.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJ2FITQB\abiuninst[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJ2FITQB\thnall2c[1].exe -> Spyware.BetterInternet -> Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\DC33B4B2-6D65-4975-889C-B7685C\F181BAE0-582A-45FC-8213-F7BE70 -> Spyware.BookedSpace.e -> Cleaned with backup
C:\WINNT\ceres.dll -> Spyware.BetterInternet.d -> Cleaned with backup
C:\WINNT\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINNT\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace -> Cleaned with backup
C:\WINNT\EliteToolBar\EliteToolBar version 60.dll -> Spyware.EliteBar.af -> Cleaned with backup
C:\WINNT\My404.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINNT\srfsmlem.exe -> Spyware.BookedSpace.e -> Cleaned with backup
C:\WINNT\system32\asms.exe -> TrojanDropper.Agent.kd -> Cleaned with backup
C:\WINNT\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Cleaned with backup
C:\WINNT\system32\elitefjj32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINNT\system32\elitewvn32.exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINNT\system32\LeisureBoxInst_ppi1a.exe -> TrojanDownloader.VB.ft -> Cleaned with backup
C:\WINNT\system32\n.dll -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\WINNT\system32\nsg42.dll -> Spyware.HotSearchBar -> Cleaned with backup
C:\WINNT\system32\redit.cpl -> TrojanDownloader.Qoologic.p -> Cleaned with backup
C:\WINNT\system32\thin-138-1-x-x.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINNT\system32\uci.exe -> TrojanDropper.Agent.hl -> Cleaned with backup
C:\WINNT\system32\wrapperouter.exe -> TrojanDropper.Agent.hl -> Cleaned with backup
C:\Documents and Settings\Administrator\Cookies\administrator@adremote.timeinc[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@atdmt[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@bravenet[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@cgi-bin[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@fastclick[2].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Cookies\administrator@tradedoubler[1].txt -> Spyware.Tracking-Cookie -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\478508.dll -> Spyware.EliteBar.af -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\AutoUpdate0\auto_update_install.exe -> Spyware.POP.dl -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\Del14.tmp -> TrojanDownloader.Small.asf -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\drp71.tmp\thnall2c.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\DrTemp\ceres.dll -> Spyware.BetterInternet.d -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\DrTemp\polall2c.exe -> Trojan.Agent.ay -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\f424760.exe -> TrojanDownloader.Qoologic.n -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\nst4F.EXE -> Spyware.SmartPops -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\pcs_0009.exe -> Spyware.Pacer.b -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\ptf_0009.exe -> Spyware.Pacer -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Small.qn -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temp\thin-94-1-x-x.exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJ2FITQB\abiuninst[1].exe -> Spyware.BetterInternet -> Error during cleaning
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\MJ2FITQB\thnall2c[1].exe -> Spyware.BetterInternet -> Error during cleaning
C:\Program Files\Microsoft AntiSpyware\Quarantine\DC33B4B2-6D65-4975-889C-B7685C\F181BAE0-582A-45FC-8213-F7BE70 -> Spyware.BookedSpace.e -> Error during cleaning
C:\WINNT\ceres.dll -> Spyware.BetterInternet.d -> Error during cleaning
C:\WINNT\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace -> Error during cleaning
C:\WINNT\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace -> Error during cleaning
C:\WINNT\EliteToolBar\EliteToolBar version 60.dll -> Spyware.EliteBar.af -> Error during cleaning
C:\WINNT\My404.exe -> Spyware.Hijacker.Generic -> Error during cleaning
C:\WINNT\srfsmlem.exe -> Spyware.BookedSpace.e -> Error during cleaning
C:\WINNT\system32\asms.exe -> TrojanDropper.Agent.kd -> Error during cleaning
C:\WINNT\system32\cxtpls_loader.exe -> TrojanDownloader.Apropo.ab -> Error during cleaning
C:\WINNT\system32\elitefjj32.exe -> Spyware.Hijacker.Generic -> Error during cleaning
C:\WINNT\system32\elitewvn32.exe -> Spyware.Hijacker.Generic -> Error during cleaning
C:\WINNT\system32\LeisureBoxInst_ppi1a.exe -> TrojanDownloader.VB.ft -> Error during cleaning
C:\WINNT\system32\n.dll -> Spyware.Hijacker.Generic -> Error during cleaning
C:\WINNT\system32\nsg42.dll -> Spyware.HotSearchBar -> Error during cleaning
C:\WINNT\system32\redit.cpl -> TrojanDownloader.Qoologic.p -> Error during cleaning
C:\WINNT\system32\thin-138-1-x-x.exe -> Spyware.BetterInternet -> Error during cleaning
C:\WINNT\system32\uci.exe -> TrojanDropper.Agent.hl -> Error during cleaning
C:\WINNT\system32\wrapperouter.exe -> TrojanDropper.Agent.hl -> Error during cleaning


::Report End


Hijack This Log:
Logfile of HijackThis v1.99.1
Scan saved at 11:57:29, on 20/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINNT\Explorer.EXE
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\rnnkrh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Cas\Client\casclient.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Documents and Settings\Administrator\My Documents\SonyTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\rnnkrh.exe reg_run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [dBx8RiaEg] roustor.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108239707954
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: STOPzilla - C:\WINNT\SYSTEM32\IS3WLHandler.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
  • 0

Advertisements


#2
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi eeastewart,

The reason why you have a bunch of infections on your PC is because you have not been updating Windows Xp with the patches released by Microsoft and especially the SP1a and SP2 patches.

We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.

Click here

or you can get the SP1a patch from http://www.microsoft...p1/network.mspx

Please donot install SP2 at this stage.

Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
eeastewart

eeastewart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thanks for your reply - just to confirm... My computer runs Windows 2000 professional - do I still update with these XP patches??
  • 0

#4
eeastewart

eeastewart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Sorry. Please disregard earlier post.
  • 0

#5
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi eeastewart,

Your HJT log says that your are running Windows XP !!!!!! These patches are not intended for Windows 2000.

Please check as to which Operating system you are using !!!!!!!!

One you are sure that u are using XP, please update the patches.
  • 0

#6
eeastewart

eeastewart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
I'm sorry - I got mixed up in my machines and operating systems. Am currently working with 2 computers...
The problem machine IS running XP (professional).
I clicked on your "here" link instead and am currently installing updates from there.
Once done will reboot and run a HJT scan (or whatever it's called. I am SO computer unsavvy).
Em
  • 0

#7
eeastewart

eeastewart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hi,
Here's the latest HJT log. As I said, I went to "here" - I didn't install the SP1 from the other link...

Thanks!

Logfile of HijackThis v1.99.1
Scan saved at 17:55:32, on 20/06/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\STOPzilla!\SZServer.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINNT\System32\rnnkrh.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\STOPzilla!\STOPzilla.exe
C:\Program Files\Cas\Client\casclient.exe
C:\Documents and Settings\Administrator\My Documents\SonyTray.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\BT Broadband\Help\bin\mpbtn.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINNT\System32\wuauclt.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~1\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\BT Voyager 205 ADSL Router\Adsl\dslagent.exe
O4 - HKLM\..\Run: [KavSvc] C:\WINNT\System32\rnnkrh.exe reg_run
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKCU\..\Run: [Microsoft Works Update Detection] \WkDetect.exe
O4 - HKCU\..\Run: [dBx8RiaEg] roustor.exe
O4 - HKCU\..\Run: [CAS Client] "C:\Program Files\Cas\Client\casclient.exe"
O4 - HKCU\..\Run: [180ClientStubInstall] "C:\temp\stubinstaller6480.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BT Broadband Help.lnk = C:\Program Files\BT Broadband\Help\bin\matcli.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {54823A9D-6BAE-11D5-B519-0050BA2413EB} (ChkDVDCtl Class) - http://www.gocyberli...xp/CheckDVD.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1108239707954
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O20 - Winlogon Notify: STOPzilla - C:\WINNT\SYSTEM32\IS3WLHandler.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Pml Driver HPZ12 - HP - C:\WINNT\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: STOPzilla Service (szserver) - Unknown owner - C:\Program Files\Common Files\STOPzilla!\SZServer.exe
  • 0

#8
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Hi eeastewart,

Your log shows that the SP1a has not been installed on the PC yet. If you have been able to install the patch, then reboot the PC and then run HJT and post a fresh log.

As I mentioned before, Without this update, you're wide open to re-infection, and we're both just wasting our time.
  • 0

#9
eeastewart

eeastewart

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Hmm. There was an error in installation as my windows software isn't legit. A true computer geek loaded that all on some time ago. I'll be able to get a legit version through work, and will just reboot the whole machine. Could some of the files that I will wish to hold onto, e.g. documents and pictures, be infected?
  • 0

#10
tampabelle

tampabelle

    Member 5k

  • Retired Staff
  • 6,363 posts
Please install a legit version of Windows and post a new topic !!

Usually the infections spread through executable files and .dll files. However, other extensions could be an integral part of the infection. Usually document files and picture files are not infected but can never be 100% sure
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP