Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hijacked Browser! [RESOLVED]

Started by thejonwho , Jul 09 2005 12:56 PM

  • This topic is locked This topic is locked

#1
thejonwho
Posted 09 July 2005 - 12:56 PM

thejonwho

    New Member

  • Member
  • Pip
  • 4 posts
Hello,
have read your site and used its guidence with the scanning programs and found a virus, removed it with no affect on my browser...IE...(PAIN) After a search, or clicking on a link anywhere, I get 2 popup windows that redirect me to another search site, and a ad. Very frustrated.... Please help!! Here is my HiJackThis LOG: THANK YOU in advance.. JON

Logfile of HijackThis v1.99.1
Scan saved at 1:55:29 PM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SM1BG.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Bluetack\Blocklist Manager\BlockMgr.exe
C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
C:\Program Files\AWS\WeatherBug\Weather.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wegner Internet
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsf49B.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [Synchronization Agent] C:\Program Files\Sync Manager\agent\syncagent.exe -reportwithlogfile
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: Blocklist Manager.lnk = C:\Program Files\Bluetack\Blocklist Manager\BlockMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ProtoWall.lnk = C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - Global Startup: WeatherBug.lnk = C:\Program Files\AWS\WeatherBug\Weather.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

Advertisements

#2
Snickets
Posted 11 July 2005 - 01:24 PM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello thejonwho,

Welcome to Geeks to Go my name is Snickets and I will be helping you today!!

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

First-

You have an About:Blank Infection. First we will need to download a few tools that will help us in the removal of your problem.

Download about:buster 5.0 by RubbeRDuckY Here.
Download and install CleanUp! Here

Run the CleanUp! installer. You dont need to do anything with it right now.

Save all of these files somewhere you will remember like to the Desktop.

Update About:Buster
Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
Click "OK" at the prompt with instructions.
Click "Update" and then "Check For Update" to begin the update process.
If any updates exist please download them by clicking "Download Update" then click the X to close that window.
Now close About:Buster


Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

Please run about:buster by RubbeRDuckY:
Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
Click Yes to allow it to shutdown explorer.exe.
It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
Reboot your computer into safe mode again

Run about:buster again following the same instructions as above, this time without the restart at the end.

Reboot your computer into normal windows.

Please run an on-line virus scan at Kaspersky OnLine Scan or if that doesnt work, you can use TrendMicro or BitDefender. (Please post the results of the scan(s) in your next reply)

Second -

While TeaTimer is an excellent tool for the prevention of spyware, it can sometimes prevent HijackThis from fixing certain things.
Please disable TeaTimer for now until you are clean. TeaTimer can be re-activated once your HijackThis log is clean.
  • Open Spybot Search & Destroy.
  • In the Mode menu click "Advanced mode" if not already selected.
  • Choose "Yes" at the Warning prompt.
  • Expand the "Tools" menu.
  • Click "Resident".
  • Uncheck the "Resident "TeaTimer" (Protection of overall system settings) active." box.
  • In the File menu click "Exit" to exit Spybot Search & Destroy.
Please save Hijack This in a permanent folder (i.e. C:\HJT). This ensures backups are saved and accessible.

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = about:blank
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: ohb - {9ADE0443-2AB2-4B23-A3F8-AC520773DE12} - C:\WINDOWS\system32\nsf49B.dll
O2 - BHO: RichEditor Class - {F79A2C4B-8776-4ED7-8B2F-4786A4A3500A} - C:\WINDOWS\system32\richedtr.dll
O4 - HKLM\..\Run: [richup] C:\WINDOWS\system32\richup.exe
O4 - HKCU\..\Run: [Weather] C:\Program Files\AWS\WeatherBug\Weather.exe 1
O4 - Global Startup: WeatherBug.lnk = C:\Program Files\AWS\WeatherBug\Weather.exe
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll (file missing)
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O15 - Trusted Zone: *.musicmatch.com
O15 - Trusted Zone: *.musicmatch.com (HKLM)

Now run CleanUp!

Third-

Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Please remove these entries from Add/Remove Programs in the Control Panel(if present):

SafeSearch
WeatherBug

Please note any other programs that you dont recognize in that list in your next response

Please delete these folders using Windows Explorer(if present):

C:\Program Files\AWS\

Then please delete these files using Windows Explorer(if present):

C:\WINDOWS\system32\nsf49B.dll
C:\WINDOWS\system32\richedtr.dll
C:\WINDOWS\system32\richup.exe

After that, Reboot.

If you would please, rescan with HijackThis and post a fresh log in this same topic, and also post the virus scan log then let us know how your system's working.


Thank you,

Snickets

:tazz:
  • 0

#3
thejonwho
Posted 13 July 2005 - 10:04 AM

thejonwho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello, thank you in advance for all your help! After following your post I have ran HijackThis, and have the log from when I ran the online scan. The redirected popup windows are GONE!!!!!! Your a lifesaver!! Let me know if you need anything else.

Here are the logs:

Logfile of HijackThis v1.99.1
Scan saved at 10:53:01 AM, on 7/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wegner Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [Synchronization Agent] C:\Program Files\Sync Manager\agent\syncagent.exe -reportwithlogfile
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - Global Startup: Blocklist Manager.lnk = C:\Program Files\Bluetack\Blocklist Manager\BlockMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ProtoWall.lnk = C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe


-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Wednesday, July 13, 2005 10:00:31
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 13/07/2005
Kaspersky Anti-Virus database records: 130400
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 70213
Number of viruses found: 12
Number of infected objects: 62
Number of suspicious objects: 0
Duration of the scan process: 5065 sec

Infected Object Name - Virus Name
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/pooheeyore.exe/WISE0023.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/pooheeyore.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/tiggerandpoohys.exe/WISE0021.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/tiggerandpoohys.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/LO_micky.exe/WISE0014.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/LO_micky.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/LO_micky.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/LO_Minnnie.exe/WISE0014.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/LO_Minnnie.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/LO_Minnnie.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/poohsfluffandstuffss.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/poohsfluffandstuffss.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/ss_house_pooh.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/ss_house_pooh.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/eeyoreangelys.exe/WISE0015.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/eeyoreangelys.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/eeyoreangelys.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/tigger_kh.exe/WISE0015.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/tigger_kh.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/tigger_kh.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/winniethepoohiv.exe/WISE0023.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/winniethepoohiv.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip Infected: Trojan-Dropper.Win32.Small.ff
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP101\A0039648.dll Infected: Backdoor.Win32.Ulrbot.b
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0067736.exe Infected: Trojan-Dropper.Win32.Delf.fl
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0067737.exe Infected: Trojan-Dropper.Win32.Delf.fl
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0067738.dll Infected: Trojan.Win32.Delf.gh
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0067739.exe Infected: Trojan-Dropper.Win32.Delf.fl
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0067740.exe Infected: Trojan-Dropper.Win32.Delf.fl
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0067741.exe Infected: Trojan-Dropper.Win32.Delf.fl
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0067742.exe Infected: Trojan-Dropper.Win32.Delf.fl
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0068961.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0068972.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0068974.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0068980.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0068982.exe Infected: Trojan.Win32.Stervis.c
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069313.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069316.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069326.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069335.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069347.exe Infected: Trojan.Win32.Stervis.c
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069507.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069607.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069686.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069694.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069702.exe Infected: Trojan.Win32.Stervis.c
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069718.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0069736.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070000.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070014.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070028.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070046.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070111.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070272.exe Infected: Trojan.Win32.Agent.ay
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070283.exe Infected: Trojan-Downloader.Win32.Intexp.c
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070285.exe Infected: Trojan.Win32.Stervis.c
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0070287.dll Infected: Trojan.Win32.Agent.db
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0074309.dll Infected: Trojan-Spy.Win32.GhostKeyLogger.a
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0074310.exe Infected: Trojan-Spy.Win32.GhostKeyLogger.a
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0074311.exe Infected: Trojan-Downloader.Win32.Agent.er
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0074312.exe/data0000 Infected: Trojan.Win32.SecondThought.aa
C:\System Volume Information\_restore{3764F877-0444-47A3-BAB8-2230284EB90B}\RP107\A0074312.exe Infected: Trojan.Win32.SecondThought.aa

Scan process completed.
  • 0

#4
Snickets
Posted 13 July 2005 - 11:58 AM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello thejonwho,

We still have a little work to do so.

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.



Step 1-

Please go offline, close all browsers and any open Windows, making sure that only HijackThis is open. Scan and when it finishes, put an X in the boxes, only next to these following items, then click fix checked.

O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)

Step 2-
Please reboot into safe mode (continually tap the F8 key while your system is starting, select Safe Mode from the menu).

Once in safe mode:

Please ensure that you have hidden files and folders in view mode and if you do not know how to do this go here and follow the instructions for your operating system.


Then please delete these files using Windows Explorer(if present):

C:\Downloads CD\yahoo messenger\skins\Yahoo Messenger Skings.zip/
C:\WINDOWS\svcproc.exe

After that, Reboot.

Step 3
After something like this it is a good idea to purge the Restore Points and start fresh.

To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)

Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.

Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.

Then run another scan with the kapersky online scanner and also with the hijack this program and post both scans back here for me to review.

Thank you,

Snickets

:tazz:
  • 0

#5
thejonwho
Posted 14 July 2005 - 11:31 PM

thejonwho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello, Snickets, just like instructed, I fixed the entry in HijackThis. Deleted the necessary files, and tried to clear the restore points. I ran into a little problem getting System restore to function properly. A window would pop up saying that it wasn’t functioning properly, to restart and try again! Every time I restarted it had no effect. I searched out how to reinstall System restore. I proceeded to insert my Win XP Pro CD and type:
(rundll32.exe advpack.dll,LaunchINFSection C:\Windows\Inf\sr.inf)
After that finished, and a restart, all back to normal. All restore points cleared, a new one created successfully. I ran HijackThis once again, and did another Kapersky scan that had found 2 viruses and 23 infected objects as you will see below.?.? Here are my new logs: GOOD LUCK...

Logfile of HijackThis v1.99.1
Scan saved at 10:25:14 PM, on 7/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Bluetack\Blocklist Manager\BlockMgr.exe
C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wegner Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [Synchronization Agent] C:\Program Files\Sync Manager\agent\syncagent.exe -reportwithlogfile
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Blocklist Manager.lnk = C:\Program Files\Bluetack\Blocklist Manager\BlockMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ProtoWall.lnk = C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: System Startup Service (SvcProc) - Unknown owner - C:\WINDOWS\svcproc.exe (file missing)
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



-------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Friday, July 15, 2005 00:01:51
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 15/07/2005
Kaspersky Anti-Virus database records: 130617
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 55812
Number of viruses found: 2
Number of infected objects: 23
Number of suspicious objects: 0
Duration of the scan process: 4594 sec

Infected Object Name - Virus Name
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/pooheeyore.exe/WISE0023.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/pooheeyore.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/tiggerandpoohys.exe/WISE0021.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/tiggerandpoohys.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/LO_micky.exe/WISE0014.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/LO_micky.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/LO_micky.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/LO_Minnnie.exe/WISE0014.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/LO_Minnnie.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/LO_Minnnie.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/poohsfluffandstuffss.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/poohsfluffandstuffss.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/ss_house_pooh.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/ss_house_pooh.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/eeyoreangelys.exe/WISE0015.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/eeyoreangelys.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/eeyoreangelys.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/tigger_kh.exe/WISE0015.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/tigger_kh.exe/WISE0023.BIN Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/tigger_kh.exe Infected: Trojan-Downloader.Win32.Wren.d
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/winniethepoohiv.exe/WISE0023.BIN Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip/winniethepoohiv.exe Infected: Trojan-Dropper.Win32.Small.ff
C:\RECYCLER\S-1-5-21-1123561945-789336058-854245398-1003\Dc13.zip Infected: Trojan-Dropper.Win32.Small.ff

Scan process completed.
  • 0

#6
Snickets
Posted 15 July 2005 - 10:20 AM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Hello thejonwho,

Everything is looking alot better, how is the machine running?

There is just a couple of things that we need to do in order finish this up.

Step 1 -

1. Please go to Start>Run>type in services.msc and hit ok
Then a listing of your startup programs will appear, look for the one that says System Startup Service and double click on it.

Then a box will appear and you will see a tab at the top that says General, click on this tab.

Then on this tab you will see a section for startup type as a drop down box, change the type to disabled and then hit the apply button and close out the services window.

2. Open up hijack this and follow the instructions below.

Click on Open the Misc Tools Section>Delete an NT Service>when the window pops up type in this name SvcProc.

Then hit the ok button.

3.Please empty out your recycling bin

4. Reboot your computer

Step 2-

1. Please run another scan with kapersky virus scanner and hijackthis then send me a new scan log from both of these.

Thank you,

Snickets

:tazz:

Edited by Snickets, 15 July 2005 - 10:21 AM.

  • 0

#7
thejonwho
Posted 22 July 2005 - 05:07 PM

thejonwho

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Alright, computer running much better now! I deleted that svcproc service, and here are the logs... I really appreacate the help.. THANK YOU THANK YOU THANK YOU! The kapersky virus scanner will not start so I hope the Panda Scan will be alright??...


Logfile of HijackThis v1.99.1
Scan saved at 4:04:28 PM, on 7/22/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
C:\WINDOWS\SM1BG.EXE
C:\Program Files\PowwwerSoft\CPU Monitor\CPUU.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Wegner Internet
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O2 - BHO: STOPzilla Browser Helper Object - {E3215F20-3212-11D6-9F8B-00D0B743919D} - C:\Program Files\STOPzilla!\SZIEBHO.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ASUS Probe] C:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\STOPzilla.exe /autostart
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe
O4 - HKLM\..\Run: [SM1BG] C:\WINDOWS\SM1BG.EXE
O4 - HKLM\..\Run: [MimBoot] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mimboot.exe
O4 - HKLM\..\Run: [Synchronization Agent] C:\Program Files\Sync Manager\agent\syncagent.exe -reportwithlogfile
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [ProtoWall] C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: PowwwerSoft CPU Monitor.lnk = C:\Program Files\PowwwerSoft\CPU Monitor\CPUU.exe
O4 - Global Startup: Blocklist Manager.lnk = C:\Program Files\Bluetack\Blocklist Manager\BlockMgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ProtoWall.lnk = C:\Program Files\Dudez\ProtoWall\ProtoWall.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: JT's Blocks - http://download.game...ts/y/blt1_x.cab
O16 - DPF: Yahoo! Dominoes - http://download.game...ts/y/dot8_x.cab
O16 - DPF: Yahoo! Literati - http://download.game...nts/y/tt3_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.game...s/y/mjst4_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.game...ts/y/pyt1_x.cab
O16 - DPF: Yahoo! Spades - http://download.game...nts/y/st2_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...sa/LSSupCtl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay10...es/MsnPUpld.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...sa/SymAData.cab
O16 - DPF: {FA3662C3-B8E8-11D6-A667-0010B556D978} (IWinAmpActiveX Class) - http://cdn.digitalci...illama/ampx.cab
O20 - Winlogon Notify: STOPzilla - C:\WINDOWS\SYSTEM32\IS3WLHandler.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe



*-----PANDA SCAN---*

Incident Status Location

Adware:adware/cws.searchmeup No disinfected C:\WINDOWS\SYSTEM32\bose.ico
Adware:adware/pacimedia No disinfected C:\DOCUMENTS AND SETTINGS\AMANDA\FAVORITES\1111\1111.url
Adware:adware/wupd No disinfected C:\PROGRAM FILES\AdTools Service
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\cache32dsrf4535dfs
Spyware:spyware/betterinet No disinfected HKEY_CURRENT_USER\SOFTWARE\IN3RD
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\MAGNET
Adware:adware/bigtrafficnet No disinfected HKEY_CLASSES_ROOT\BTNETW.AMO
Spyware:spyware/safesurf No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\RICHED
Spyware:spyware/bargainbuddy No disinfected HKEY_CLASSES_ROOT\Interface\{71a27036-c7d8-11d2-bef8-525400dfb47a}
Adware:Adware/Alexa-Toolbar No disinfected C:\Downloads CD\Count Down Timer.exe
Spyware:Spyware/SafeSurf No disinfected C:\WINDOWS\system32\InstallerV3.exe
  • 0

#8
Snickets
Posted 12 August 2005 - 04:26 PM

Snickets

    Visiting Staff

  • Member
  • PipPipPip
  • 425 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP