Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Bloodhound.w32.ep, w32.desktophijack, & more (?) [RESOLVED]


  • This topic is locked This topic is locked

#1
imbiginjapan

imbiginjapan

    Member

  • Member
  • PipPip
  • 41 posts
i'm pretty sure i have several viruses. they seem to be infecting my wininet.dll file, and possibly some others.

anyway, i've read into other posts and have tried to rename the wininet.dll file but windows won't let me since it's currently in use.

the progs i've ran are:
-cleanup!
-lavasoft's adaware
-cwshredder
-spybot s&d
-ewido security suite
-trend housecall
-and lastly hijackthis.

thanks in advance for your help.

here's my log from hijackthis ::
Logfile of HijackThis v1.99.1
Scan saved at 7:01:07 PM, on 7/10/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLServiceHost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{39C763CA-7420-2A12-3515-F5A456076FF8} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101097927\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vmtune] gdlib.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [Uint32] qwe.exe
O4 - HKLM\..\Run: [TorontoMail] ms-its.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164157_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164158_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [avpmondll] driver32.exe
O4 - HKCU\..\Run: [nmdllw] ERTYDF.exe
O4 - HKCU\..\Run: [Serviceprocess] runload32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://www.content-l...ad/ccaccess.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C289BD10-714C-4574-ADFF-864FD4D28E13}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O19 - User stylesheet: (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe




and here is my scan report from ewido ::
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:30:50 PM, 7/10/2005
+ Report-Checksum: D09D27FD

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Options -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Registration -> TrojanDownloader.Wareout : Ignored
:mozilla.10:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.12:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.14:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.21:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.22:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.35:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.36:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.37:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\Jeremy Williamson\Local Settings\Temporary Internet Files\Content.IE5\2H8V61AJ\index[1].htm -> Not-A-Virus.Exploit.VBS.Phel.a : Ignored
C:\Documents and Settings\Jeremy Williamson\Local Settings\Temporary Internet Files\Content.IE5\U5WZSJS1\exploit[1].exe -> TrojanDropper.Vidro.p : Ignored
C:\WINNT\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Ignored
C:\WINNT\system32\ccaccess.dll -> Heuristic.Win32.Hijacker1 : Ignored
C:\WINNT\system32\rdsndin.exe -> Spyware.FindSpy : Ignored


::Report End
  • 0

Advertisements


#2
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Hello and welcome to Geeks to Go! :tazz: I'm kool808 and I will be helping you today.

I am working on your log. As soon as I made a good fix for this, I will post a reply. Thank you for your patience.
  • 0

#3
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.
==========================================
1.) Please read Ewido 3.5 Setup Instructions
Update the definitions to the newest files. Do NOT run a scan yet.

2.) Follow these download and setup instructions for Ad-Aware SE 1.06, then check for updates:
Ad-Aware SE Setup
Do NOT run the scan yet!

3.) Please Download the stand-alone version of [ CoolWebShredder ]. Do NOT run it yet.

4.) Download and install Cleanup. Do NOT run it yet.

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
Reboot in SAFE MODE. (How to boot in Safe Mode...)
==========================================
Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = http://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = http://nonstopsearch.com/?a=2

O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)

O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [Uint32] qwe.exe
O4 - HKLM\..\Run: [TorontoMail] ms-its.exe
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [avpmondll] driver32.exe
O4 - HKCU\..\Run: [nmdllw] ERTYDF.exe
O4 - HKCU\..\Run: [Serviceprocess] runload32.exe

O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)

O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windup...e/bridge-c9.cab

O19 - User stylesheet: (file missing)

Make sure to double check the items you have selected, then click Fix Checked.
  • Uninstallation
    We need to uninstall the following programs:
  • Go to Control Panel > Add/Remove Programs
  • Please locate if they exist
    • Ware Out
  • Click Uninstall
  • Confirm with OK
Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

Open Ad-aware and do a full scan. Remove all it finds.


Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\Program Files\WareOut
Finally, Empty Recycle Bin


Now run CleanUp. When you click the Close button you will be prompted to reboot, agree to it.
================================================

Reboot in NORMAL MODE.
  • Close all windows, open HijackThis then SCAN.
  • Post a NEW HijackThis Log.
  • Post the log from Ewido.
  • Please tell me how your system is working now.

  • 0

#4
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
thank you so much for your help. here are my reports ::

hijackthis log ::

Logfile of HijackThis v1.99.1
Scan saved at 6:18:09 PM, on 7/16/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINNT\System32\gdlib.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLServiceHost.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{39C763CA-7420-2A12-3515-F5A456076FF8} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101097927\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vmtune] gdlib.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164157_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164158_mcappins.exe /v=3 /cleanup
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINNT\System32\hgqhp.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://www.content-l...ad/ccaccess.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C289BD10-714C-4574-ADFF-864FD4D28E13}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

ewido log ::

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:04:00 PM, 7/16/2005
+ Report-Checksum: 3AEEDE71

+ Scan result:

HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Cleaned with backup
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Options -> TrojanDownloader.Wareout : Cleaned with backup
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Registration -> TrojanDownloader.Wareout : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\AOL Downloads\lpkw_setupSTUS\comps\coach\aolcinst.exe/fastengine.cab\data\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Documents and Settings\All Users\Documents\AOL Downloads\aolsetup90\comps\coach\aolcinst.exe/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.16:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.20:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.21:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.23:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.24:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.26:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.28:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.29:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.30:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.36:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.37:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.38:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.39:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.40:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.41:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.42:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.44:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.45:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.46:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.50:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.51:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.58:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.59:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.71:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Cleaned with backup
C:\Documents and Settings\Jeremy Williamson\Local Settings\Temporary Internet Files\Content.IE5\CPQ3SHU7\index[1].htm -> Not-A-Virus.Exploit.VBS.Phel.a : Cleaned with backup
C:\Program Files\Common Files\aolback\Comps\coach\aolcinst.exe/.\Data\player\aolnysev.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\Program Files\Common Files\aolshare\Coach\en_en\player\AOLNySEV.exe -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINNT\msxmidi.exe -> TrojanDropper.Vidro.p : Cleaned with backup
C:\WINNT\system32\ccaccess.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
C:\WINNT\system32\rdsndin.exe -> Spyware.FindSpy : Cleaned with backup


::Report End
  • 0

#5
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
i also just ran norton antivirus and one virus still remains: W32.desktophijack on wininet.dll

it won't allow me to quaranitine or delete it.

thanks again.
  • 0

#6
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.
===========================================

I am sure there is a trojan program in your system, we will first try these fix. If it wont be beaten up lets try another fix afterwards.


1. Open Spybot S&D, in the Menu Bar at the top of the Spybot window you will see 'Mode'. Make certain that 'default mode' has a check mark beside it.
2. Close ALL windows except Spybot S&D
3. Click the button to ‘Search for Updates’ then download and install the Updates.
4. After the updates are complete, do NOT run the scan yet.
5. Close Spybot

Reboot in SAFE MODE. (How to boot in Safe Mode...)
===========================================
Once in SAFE MODE.

Killing the Running Processes:
1. Open HijackThis.
2. Click Config.
3. Click Misc Tools.
4. Under System Tools, click Open Process Manager.
5. Make sure to put a check mark on Show DLLs, found on the upper right corner.
5. Select the following file(s) if they exist, one at a time:
  • C:\WINNT\System32\gdlib.exe
6. Click Kill Process one at a time.
7. Close HijackThis.
===========================================

Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

O4 - HKLM\..\Run: [vmtune] gdlib.exe
O4 - HKLM\..\Run: [hgqhp.exe] C:\WINNT\System32\hgqhp.exe

O17 - HKLM\System\CCS\Services\Tcpip\..\{C289BD10-714C-4574-ADFF-864FD4D28E13}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5

Make sure to double check the items you have selected, then click Fix Checked.
===========================================
1. Open Spybot S&D, next click the button ‘Check for Problems'
2. When Spybot is complete, it will be showing ‘RED’ entries bold 'Black' entries and ‘GREEN’ entries in the window
3. Make certain there is a check mark beside all of the RED entries ONLY.
4. Choose ‘Fix Selected Problems’ and allow Spybot to fix the RED entries.
5. REBOOT to complete the scan and clear memory.

Be sure to View Hidden and System Files.

Through Windows Explorer, delete the following folder(s) or files(s) if they exist (in bold):
  • C:\WINNT\System32\gdlib.exe
  • C:\WINNT\System32\hgqhp.exe
Finally, Empty Recycle Bin

Now run CleanUp. When you click the Close button you will be prompted to reboot, agree to it.
===========================================

Once in NORMAL MODE.

Have an On-line scan at this sites: Trend Micro or Panda Scan or BitDefender.
  • Close all windows, open HijackThis then SCAN.
  • Post a NEW HijackThis Log.
  • Post the results from Spybot S&D
  • Post the log from Panda Scan & Trend Micro
  • Please tell me how your system is working now.

  • 0

#7
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
hijack log ::

Logfile of HijackThis v1.99.1
Scan saved at 11:38:13 PM, on 7/16/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLServiceHost.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{39C763CA-7420-2A12-3515-F5A456076FF8} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101097927\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164157_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164158_mcappins.exe /v=3 /cleanup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://www.content-l...ad/ccaccess.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe


panda scan ::

Incident Status Location

Adware:adware/sahagent No disinfected C:\WINNT\DOWNLOADED PROGRAM FILES\setup4002b.ini
Adware:adware/portalscan No disinfected C:\WINNT\SYSTEM32\stcloader.exe
Adware:adware/superspider No disinfected C:\WINNT\SYSTEM32\system32.dll
Adware:adware/cws.searchmeup No disinfected C:\WINNT\mstasks1.exe
Adware:adware/sidesearch No disinfected C:\WINNT\sepsd.bin
Adware:adware/delfinmedia No disinfected C:\keys.ini
Adware:adware/psguard No disinfected HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437D-B334-DEB7EB4982A3}
Adware:adware/memorywatcher No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\MEMORYWATCHER
Adware:adware/iedriver No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{120E090D-9136-4B78-8258-F0B44B4BD2AC}
Spyware:spyware/wareout No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}
Adware:adware/sbsoft No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{08BEC6AA-49FC-4379-3587-4B21E286C19E}
Spyware:spyware/istbar No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{faa356e4-d317-42a6-ab41-a3021c6e7d52}
Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}
Possible Virus. No disinfected C:\Program Files\Internet Explorer\qqtcxdhi.exe
Possible Virus. No disinfected C:\Program Files\Internet Explorer\xnrwjuiv.exe
Possible Virus. No disinfected C:\Program Files\Internet Explorer\ylpyjgby.exe
Spyware:Spyware/Iehelp No disinfected C:\WINNT\Downloaded Program Files\ipreg32.inf
Adware:Adware/WUpd No disinfected C:\WINNT\Downloaded Program Files\MediaGatewayX.dll
Adware:Adware/SAHAgent No disinfected C:\WINNT\Downloaded Program Files\setup4002b.ini
Adware:Adware/SBSoft No disinfected C:\WINNT\webdlg32.inf
Adware:Adware/Popup.pop No disinfected C:\WINNT\winsx.inf


bit defender ::

BitDefender Online Scanner - Real Time Virus Report
Generated at: Sat, Jul 16, 2005 - 23:36:52

Scan Info
Scanned Files 85797
Infected Files 40

Virus Detected
Trojan.Dialer.AY 1
Trojan.Exploit.Mhtredir.AR 1
GenPack:Trojan.Downloader.Dyfuca.EI 3
Trojan.Dropper.Vidro.P 1
Application.Adware.Sidefind.A 1
Application.Adware.Sidefind.B 2
Trojan.Winad.71680.DLL 1
Trojan.Downloader.IstBar.IJ 1
Trojan.Downloader.Adload.A 2
Trojan.Downloader.IstBar.JM 3
Trojan.Downloader.Vbs.Psyme.AC 1
Exploit.Phel.Gen 3
Exploit.ADODB.Stream.Gen 1
Exploit.VBS.Phel.A 2
BehavesLike:Trojan.LowZones 3
Trojan.Isbar.230 1
Adware.Wheaterbug.A 2
Trojan.Winad.AE 1
Trojan.DNSChanger.Q 7
Trojan.Dialer.GlobalAcces 1
Trojan.Downloader.Dyfuca.DD 2

as for the trend micro log- it ended with zero results.

and as for the spybot log, i accidentally didn't create one but there were 14 files found and were from advertising.com and avenue a. there were only red files, no bold black or green.

also, when i went to hijackthis' process manager, gdlib.exe was not there but ntdll.com and sfcfiles.dll were. i didn't choose to kill either process, though.

and last, hgqhp.exe was not in the system32 folder of winnt.

i keep getting pop ups from norton antivirus telling me that i'm still infected with win32.desktophijack on wininet.dll
  • 0

#8
kool808

kool808

    Visiting Staff

  • Member
  • PipPipPipPip
  • 1,690 posts
Please SAVE THIS PAGE or secure a PRINT COPY of the instructions for reference.
==========================================
Download this removal tool http://securityresponse.symantec.com/avcenter/FxIstbar.exe. Save to a place where you can easily remember it, like your desktop. Do NOT run it yet.

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. The latest version should be Ewido 3.5
Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup. The latest version should be Ad-Aware 1.06r
Do NOT run the scan yet!

For Spybot S&D the latest version should be Spybot S&D 1.4

Reboot in SAFE MODE. (How to boot in Safe Mode...)
==========================================
Please close all remaining windows, disconnect from the internet, open HijackThis then click SCAN. Please put a check on the following items listed below:

R3 - URLSearchHook: (no name) - _{39C763CA-7420-2A12-3515-F5A456076FF8} - (no file)
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164157_mcinfo.exe /insfin


Make sure to double check the items you have selected, then click Fix Checked.

1.) Run the FxIstbar.exe tool

2.) Scan with Ad-Aware 1.06r full system scan, fix all found infections. Save a report. Label it report#1

3.) Scan with Spybot 1.4, fix all RED infections. Save a report.

4.) Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
  • When the scan is finished, click the Save report button at the bottom of the screen.
  • Save the report to your desktop
Close Ewido

Run CLEANUP! This will reboot to Normal Mode.
=========================================

Once in NORMAL MODE.

Have an online scan again at Panda Scan, save a report.

For comparison: Re-run again Ad-Aware 1.06r, Save a report then label it report#2.
=========================================
  • Open HijackThis
  • go to Config, then Misc Tools
  • Open Uninstall Manager, then click Save List...
  • Post the results here
  • close HJT
=========================================
THINGS TO POST: (Label each post with a title for easy identification, separate long logs with a new add reply)
1. new HijackThis Log
2. Ad-Aware report#1 and report#2
3. Spybot S&D
4. Ewido report
5. Panda Scan
6. Uninstall List

  • 0

#9
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
i deleted both items you said to after scanning.

NEW HIJACKTHIS LOG ::

Logfile of HijackThis v1.99.1
Scan saved at 1:22:21 PM, on 7/17/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\devldr32.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{39C763CA-7420-2A12-3515-F5A456076FF8} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101097927\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164157_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164158_mcappins.exe /v=3 /cleanup
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Aces Up! by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - http://game1.pogo.co...t-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://game1.pogo.co...r-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - http://game1.pogo.co...s-ob-assets.cab
O16 - DPF: WordJong by pogo - http://game1.pogo.co...g-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - http://www.content-l...ad/ccaccess.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe

Edited by imbiginjapan, 17 July 2005 - 01:17 PM.

  • 0

#10
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
the only items both adaware scans came up with were negligable items.

LOG ONE FROM SAFE MODE ::


Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, July 17, 2005 1:39:37 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R54 14.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):9 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R54 14.07.2005
Internal build : 63
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 496849 Bytes
Total size : 1499538 Bytes
Signature data size : 1467043 Bytes
Reference data size : 31983 Bytes
Signatures total : 41785
CSI Fingerprints total : 962
CSI data size : 33758 Bytes
Target categories : 15
Target families : 715


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:63 %
Total physical memory:261200 kb
Available physical memory:163280 kb
Total page file size:629836 kb
Available on page file:555264 kb
Total virtual memory:2097024 kb
Available virtual memory:2045740 kb
OS:Microsoft Windows 2000 Professional Service Pack 2 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-17-2005 1:39:37 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 108
ThreadCreationTime : 7-17-2005 8:17:07 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 156
ThreadCreationTime : 7-17-2005 8:17:24 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 184
ThreadCreationTime : 7-17-2005 8:17:27 PM
BasePriority : Normal
FileVersion : 5.00.2195.2780
ProductVersion : 5.00.2195.2780
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 196
ThreadCreationTime : 7-17-2005 8:17:27 PM
BasePriority : Normal
FileVersion : 5.00.2195.2964
ProductVersion : 5.00.2195.2964
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 328
ThreadCreationTime : 7-17-2005 8:17:32 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:6 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 360
ThreadCreationTime : 7-17-2005 8:17:34 PM
BasePriority : Normal
FileVersion : 1.50.1085.0029
ProductVersion : 1.50.1085.0029
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:7 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 380
ThreadCreationTime : 7-17-2005 8:19:34 PM
BasePriority : Normal
FileVersion : 5.00.3315.2846
ProductVersion : 5.00.3315.2846
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:8 [devldr32.exe]
FilePath : C:\WINNT\System32\
ProcessID : 444
ThreadCreationTime : 7-17-2005 8:20:25 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1998 - 2000 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:9 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 272
ThreadCreationTime : 7-17-2005 8:39:13 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 9




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 9

1:45:31 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:54.700
Objects scanned:73463
Objects identified:0
Objects ignored:0
New critical objects:0


____________________________________________-

LOG TWO FROM NORMAL MODE ::



Ad-Aware SE Build 1.06r1
Logfile Created on:Sunday, July 17, 2005 3:06:06 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R54 14.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):6 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Definition File:
=========================
Definitions File Loaded:
Reference Number : SE1R54 14.07.2005
Internal build : 63
File location : C:\Program Files\Lavasoft\Ad-Aware SE Personal\defs.ref
File size : 496849 Bytes
Total size : 1499538 Bytes
Signature data size : 1467043 Bytes
Reference data size : 31983 Bytes
Signatures total : 41785
CSI Fingerprints total : 962
CSI data size : 33758 Bytes
Target categories : 15
Target families : 715


Memory + processor status:
==========================
Number of processors : 1
Processor architecture : Intel Pentium IV
Memory available:39 %
Total physical memory:261200 kb
Available physical memory:99260 kb
Total page file size:629836 kb
Available on page file:409380 kb
Total virtual memory:2097024 kb
Available virtual memory:2045648 kb
OS:Microsoft Windows 2000 Professional Service Pack 2 (Build 2195)

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Don't log streams smaller than 0 Bytes
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan within archives
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


7-17-2005 3:06:06 PM - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 148
ThreadCreationTime : 7-17-2005 9:24:31 PM
BasePriority : Normal


#:2 [winlogon.exe]
FilePath : \??\C:\WINNT\system32\
ProcessID : 168
ThreadCreationTime : 7-17-2005 9:24:42 PM
BasePriority : High


#:3 [services.exe]
FilePath : C:\WINNT\system32\
ProcessID : 220
ThreadCreationTime : 7-17-2005 9:24:45 PM
BasePriority : Normal
FileVersion : 5.00.2195.2780
ProductVersion : 5.00.2195.2780
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : services.exe

#:4 [lsass.exe]
FilePath : C:\WINNT\system32\
ProcessID : 232
ThreadCreationTime : 7-17-2005 9:24:45 PM
BasePriority : Normal
FileVersion : 5.00.2195.2964
ProductVersion : 5.00.2195.2964
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Executable and Server DLL (Export Version)
InternalName : lsasrv.dll and lsass.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : lsasrv.dll and lsass.exe

#:5 [svchost.exe]
FilePath : C:\WINNT\system32\
ProcessID : 396
ThreadCreationTime : 7-17-2005 9:24:50 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:6 [sndsrvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 408
ThreadCreationTime : 7-17-2005 9:24:50 PM
BasePriority : Normal
FileVersion : 5.5.1.6
ProductVersion : 5.5
ProductName : Symantec Security Drivers
CompanyName : Symantec Corporation
FileDescription : Network Driver Service
InternalName : SndSrvc
LegalCopyright : Copyright 2002, 2003, 2004 Symantec Corporation
OriginalFilename : SndSrvc.exe

#:7 [spbbcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\SPBBC\
ProcessID : 448
ThreadCreationTime : 7-17-2005 9:24:51 PM
BasePriority : Normal
FileVersion : 1,0,1,47
ProductVersion : 1,0,1,47
ProductName : SPBBC
CompanyName : Symantec Corporation
FileDescription : SPBBC Service
InternalName : SPBBCSvc
LegalCopyright : Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : SPBBCSvc.exe

#:8 [ccsetmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 472
ThreadCreationTime : 7-17-2005 9:24:52 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Settings Manager Service
InternalName : ccSetMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccSetMgr.exe

#:9 [ccevtmgr.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 528
ThreadCreationTime : 7-17-2005 9:24:56 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec Event Manager Service
InternalName : ccEvtMgr
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccEvtMgr.exe

#:10 [spoolsv.exe]
FilePath : C:\WINNT\system32\
ProcessID : 632
ThreadCreationTime : 7-17-2005 9:24:58 PM
BasePriority : Normal
FileVersion : 5.00.2161.1
ProductVersion : 5.00.2161.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolss.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : spoolss.exe

#:11 [aolacsd.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 660
ThreadCreationTime : 7-17-2005 9:24:58 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service
InternalName : AOLacsd
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLacsd.exe

#:12 [aoltsmon.exe]
FilePath : C:\Program Files\Common Files\AOL\TopSpeed\2.0\
ProcessID : 672
ThreadCreationTime : 7-17-2005 9:24:59 PM
BasePriority : Normal
FileVersion : 2, 0, 0, 0
ProductVersion : 2, 0, 0, 0
ProductName : AOL TopSpeed™ Monitor
CompanyName : America Online, Inc
FileDescription : AOL TopSpeed™ Monitor
InternalName : AOL TopSpeed™ Monitor
LegalCopyright : Copyright © 2004 America Online, Inc.
OriginalFilename : aoltsmon.exe

#:13 [ctsvccda.exe]
FilePath : C:\WINNT\System32\
ProcessID : 716
ThreadCreationTime : 7-17-2005 9:25:01 PM
BasePriority : Normal
FileVersion : 1.0.1.0
ProductVersion : 1.0.0.0
ProductName : Creative Service for CDROM Access
CompanyName : Creative Technology Ltd
FileDescription : Creative Service for CDROM Access
InternalName : CTsvcCDAEXE
LegalCopyright : Copyright © Creative Technology Ltd., 1999. All rights reserved.
OriginalFilename : CTsvcCDA.EXE

#:14 [svchost.exe]
FilePath : C:\WINNT\System32\
ProcessID : 732
ThreadCreationTime : 7-17-2005 9:25:01 PM
BasePriority : Normal
FileVersion : 5.00.2134.1
ProductVersion : 5.00.2134.1
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : svchost.exe

#:15 [ewidoctrl.exe]
FilePath : C:\Program Files\ewido\security suite\
ProcessID : 744
ThreadCreationTime : 7-17-2005 9:25:01 PM
BasePriority : Normal
FileVersion : 3, 0, 0, 1
ProductVersion : 3, 0, 0, 1
ProductName : ewido control
CompanyName : ewido networks
FileDescription : ewido control
InternalName : ewido control
LegalCopyright : Copyright © 2004
OriginalFilename : ewidoctrl.exe

#:16 [npfmntor.exe]
FilePath : C:\Program Files\Norton AntiVirus\IWP\
ProcessID : 816
ThreadCreationTime : 7-17-2005 9:25:05 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Firewall Install Monitor
InternalName : NPFMonitor
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NPFMonitor.EXE

#:17 [regsvc.exe]
FilePath : C:\WINNT\system32\
ProcessID : 920
ThreadCreationTime : 7-17-2005 9:25:09 PM
BasePriority : Normal
FileVersion : 5.00.2195.2104
ProductVersion : 5.00.2195.2104
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Remote Registry Service
InternalName : regsvc
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : REGSVC.EXE

#:18 [mstask.exe]
FilePath : C:\WINNT\system32\
ProcessID : 944
ThreadCreationTime : 7-17-2005 9:25:10 PM
BasePriority : Normal
FileVersion : 4.71.2195.1
ProductVersion : 4.71.2195.1
ProductName : Microsoft® Windows® Task Scheduler
CompanyName : Microsoft Corporation
FileDescription : Task Scheduler Engine
InternalName : TaskScheduler
LegalCopyright : Copyright © Microsoft Corp. 1997
OriginalFilename : mstask.exe

#:19 [symlcsvc.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\CCPD-LC\
ProcessID : 968
ThreadCreationTime : 7-17-2005 9:25:11 PM
BasePriority : Normal
FileVersion : 1, 8, 54, 419
ProductVersion : 1, 8, 54, 419
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright © 2003
OriginalFilename : symlcsvc.exe

#:20 [wanmpsvc.exe]
FilePath : C:\WINNT\
ProcessID : 1044
ThreadCreationTime : 7-17-2005 9:25:12 PM
BasePriority : Normal
FileVersion : 9, 0, 0, 0
ProductVersion : 9, 0, 0, 0
ProductName : America Online
CompanyName : America Online, Inc.
FileDescription : Wan Miniport (ATW) Service
InternalName : WanMPSvc
LegalCopyright : Copyright © 2001 America Online, Inc.
OriginalFilename : WanMPSvc.exe

#:21 [winmgmt.exe]
FilePath : C:\WINNT\System32\WBEM\
ProcessID : 1064
ThreadCreationTime : 7-17-2005 9:25:18 PM
BasePriority : Normal
FileVersion : 1.50.1085.0029
ProductVersion : 1.50.1085.0029
ProductName : Windows Management Instrumentation
CompanyName : Microsoft Corporation
FileDescription : Windows Management Instrumentation
InternalName : WINMGMT
LegalCopyright : Copyright © Microsoft Corp. 1995-1999

#:22 [mspmspsv.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1120
ThreadCreationTime : 7-17-2005 9:25:20 PM
BasePriority : Normal
FileVersion : 7.10.00.3059
ProductVersion : 7.10.00.3059
ProductName : Microsoft ® DRM
CompanyName : Microsoft Corporation
FileDescription : WMDM PMSP Service
InternalName : MSPMSPSV.EXE
LegalCopyright : Copyright © Microsoft Corp. 1981-2000
OriginalFilename : MSPMSPSV.EXE

#:23 [explorer.exe]
FilePath : C:\WINNT\
ProcessID : 1164
ThreadCreationTime : 7-17-2005 9:25:21 PM
BasePriority : Normal
FileVersion : 5.00.3315.2846
ProductVersion : 5.00.3315.2846
ProductName : Microsoft® Windows ® 2000 Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : Copyright © Microsoft Corp. 1981-1999
OriginalFilename : EXPLORER.EXE

#:24 [devldr32.exe]
FilePath : C:\WINNT\System32\
ProcessID : 1220
ThreadCreationTime : 7-17-2005 9:25:32 PM
BasePriority : Normal
FileVersion : 1, 0, 0, 15
ProductVersion : 1, 0, 0, 15
ProductName : Creative Ring3 NT Inteface
CompanyName : Creative Technology Ltd.
FileDescription : DevLdr32
InternalName : DevLdr
LegalCopyright : Copyright © 1998 - 2000 Creative Technology Ltd.
OriginalFilename : DevLdr32.exe

#:25 [ahqtb.exe]
FilePath : C:\Program Files\Creative\SBLive\AudioHQ\
ProcessID : 1260
ThreadCreationTime : 7-17-2005 9:25:45 PM
BasePriority : Normal
FileVersion : 1.0.193
ProductVersion : 1.0.193
ProductName : AudioHQ
CompanyName : Creative Technology Ltd.
FileDescription : Creative AudioHQ
InternalName : AHQTaskBar
LegalCopyright : Copyright © Creative Technology Ltd. 1997-1999
OriginalFilename : AHQTb.exe
Comments : Creative AudioHQ

#:26 [realplay.exe]
FilePath : C:\Program Files\Real\RealPlayer\
ProcessID : 1320
ThreadCreationTime : 7-17-2005 9:25:56 PM
BasePriority : Normal
FileVersion : 6.0.9.584
ProductVersion : 6.0.9.584
ProductName : RealPlayer (32-bit)
CompanyName : RealNetworks, Inc.
FileDescription : RealPlayer
InternalName : REALPLAY
LegalCopyright : Copyright © RealNetworks, Inc. 1995-2000
LegalTrademarks : RealAudio™ is a trademark of RealNetworks, Inc.
OriginalFilename : REALPLAY.EXE

#:27 [hpztsb04.exe]
FilePath : C:\WINNT\System32\spool\drivers\w32x86\3\
ProcessID : 1300
ThreadCreationTime : 7-17-2005 9:25:56 PM
BasePriority : Normal
FileVersion : 2,80,0,0
ProductVersion : 2,80,0,0
ProductName : HP DeskJet
CompanyName : HP
LegalCopyright : Copyright © Hewlett-Packard Company 1999-2001

#:28 [qttask.exe]
FilePath : C:\Program Files\QuickTime\
ProcessID : 1344
ThreadCreationTime : 7-17-2005 9:25:57 PM
BasePriority : Normal
FileVersion : 6.5
ProductVersion : QuickTime 6.5
ProductName : QuickTime
CompanyName : Apple Computer, Inc.
InternalName : QuickTime Task
LegalCopyright : © Apple Computer, Inc. 2001-2004
OriginalFilename : QTTask.exe

#:29 [aolsp scheduler.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\
ProcessID : 1352
ThreadCreationTime : 7-17-2005 9:25:58 PM
BasePriority : Normal
FileVersion : 1, 5, 0, 0
ProductVersion : 1, 5, 0, 0
ProductName : AOLSP Scheduler
FileDescription : AOLSP Scheduler
InternalName : AOLSP Scheduler
LegalCopyright : Copyright © America Online, Inc. 2004
OriginalFilename : AOLSP Scheduler.exe

#:30 [aoldial.exe]
FilePath : C:\Program Files\Common Files\AOL\ACS\
ProcessID : 1364
ThreadCreationTime : 7-17-2005 9:25:59 PM
BasePriority : Normal
FileVersion : 3.0.0.1
ProductVersion : 3.0.0.1
ProductName : AOL Connectivity Service
CompanyName : America Online
FileDescription : AOL Connectivity Service Dialer
InternalName : AOLdial
LegalCopyright : Copyright © 2004 America Online
OriginalFilename : AOLdial.exe

#:31 [jusched.exe]
FilePath : C:\Program Files\Java\jre1.5.0_01\bin\
ProcessID : 1440
ThreadCreationTime : 7-17-2005 9:26:02 PM
BasePriority : Normal


#:32 [ccapp.exe]
FilePath : C:\Program Files\Common Files\Symantec Shared\
ProcessID : 1456
ThreadCreationTime : 7-17-2005 9:26:03 PM
BasePriority : Normal
FileVersion : 103.0.4.3
ProductVersion : 103.0.4.3
ProductName : Client and Host Security Platform
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright © 2000-2004 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:33 [aolhos~1.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\
ProcessID : 1568
ThreadCreationTime : 7-17-2005 9:26:09 PM
BasePriority : Normal
FileVersion : 1.0.0.6
ProductVersion : 1.0.0.6
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLHostManager Service
InternalName : AOLHostManager
LegalCopyright : © 2004 America Online, Inc.
OriginalFilename : AOLHostManager.exe

#:34 [aolservicehost.exe]
FilePath : C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\
ProcessID : 1600
ThreadCreationTime : 7-17-2005 9:26:10 PM
BasePriority : Normal
FileVersion : 1.0.0.6
ProductVersion : 1.0.0.6
ProductName : AOL Service Libraries
CompanyName : America Online, Inc.
FileDescription : AOLServiceHost Service
InternalName : AOLServiceHost
LegalCopyright : © 2004 America Online, Inc.
OriginalFilename : AOLServiceHost.exe

#:35 [navapsvc.exe]
FilePath : C:\Program Files\Norton AntiVirus\
ProcessID : 1936
ThreadCreationTime : 7-17-2005 9:26:52 PM
BasePriority : Normal
FileVersion : 11.0.9.16
ProductVersion : 11.0.9
ProductName : Norton AntiVirus
CompanyName : Symantec Corporation
FileDescription : Norton AntiVirus Auto-Protect Service
InternalName : NAVAPSVC
LegalCopyright : Norton AntiVirus 2005 for Windows 98/ME/2000/XP Copyright © 2004 Symantec Corporation. All rights reserved.
OriginalFilename : NAVAPSVC.EXE

#:36 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1868
ThreadCreationTime : 7-17-2005 10:05:53 PM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6


Scanning Hosts file......
Hosts file location:"C:\WINNT\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
2 entries scanned.
New critical objects:0
Objects found so far: 6




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 6

3:11:46 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:05:39.8
Objects scanned:74549
Objects identified:0
Objects ignored:0
New critical objects:0

Edited by imbiginjapan, 17 July 2005 - 01:17 PM.

  • 0

Advertisements


#11
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
SPY-BOT LOG ::

Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Avenue A, Inc.: Tracking cookie (Mozilla: me) (Cookie, fixed)


MediaPlex: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)


Advertising.com: Tracking cookie (Mozilla: me) (Cookie, fixed)



--- Spybot - Search & Destroy version: 1.4 (build: 20050523) ---

2005-05-31 blindman.exe (1.0.0.1)
2005-05-31 SpybotSD.exe (1.4.0.3)
2005-05-31 TeaTimer.exe (1.4.0.2)
2005-07-09 unins000.exe (51.41.0.0)
2005-05-31 Update.exe (1.4.0.0)
2005-05-31 advcheck.dll (1.0.2.0)
2005-05-31 aports.dll (2.1.0.0)
2005-05-31 borlndmm.dll (7.0.4.453)
2005-05-31 delphimm.dll (7.0.4.453)
2005-05-31 SDHelper.dll (1.4.0.0)
2005-05-31 Tools.dll (2.0.0.2)
2005-05-31 UnzDll.dll (1.73.1.1)
2005-05-31 ZipDll.dll (1.73.2.0)
2005-04-26 Includes\Cookies.sbi (*)
2005-07-11 Includes\Dialer.sbi (*)
2005-07-15 Includes\Hijackers.sbi (*)
2005-06-23 Includes\Keyloggers.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2005-07-15 Includes\Malware.sbi (*)
2005-06-09 Includes\PUPS.sbi (*)
2005-04-27 Includes\Revision.sbi (*)
2005-06-09 Includes\Security.sbi (*)
2005-07-15 Includes\Spybots.sbi (*)
2005-02-17 Includes\Tracks.uti
2005-07-15 Includes\Trojans.sbi (*)
  • 0

#12
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
EWIDO REPORT ::

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 2:21:14 PM, 7/17/2005
+ Report-Checksum: FD565242

+ Scan result:

:mozilla.6:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\WINNT\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup


::Report End
  • 0

#13
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
PANDA SCAN RESULTS ::



Incident Status Location

Adware:adware/sahagent No disinfected
C:\WINNT\DOWNLOADED PROGRAM FILES\setup4002b.ini

Adware:adware/portalscan No disinfected C:\WINNT\SYSTEM32\stcloader.exe

Adware:adware/superspider No disinfected C:\WINNT\SYSTEM32\system32.dll

Adware:adware/cws.searchmeup No disinfected
C:\WINNT\mstasks1.exe

Adware:adware/sidesearch No disinfected
C:\WINNT\sepsd.bin

Adware:adware/delfinmedia No disinfected
C:\keys.ini

Adware:adware/psguard No disinfected HKEY_CLASSES_ROOT\CLSID\{357A87ED-3E5D-437D-B334-DEB7EB4982A3}

Adware:adware/memorywatcher No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\MEMORYWATCHER

Adware:adware/iedriver No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{120E090D-9136-4B78-8258-F0B44B4BD2AC}

Spyware:spyware/wareout No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\extensions\CmdMapping\{BF69DF00-2734-477F-8257-27CD04F88779}

Adware:adware/sbsoft No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{08BEC6AA-49FC-4379-3587-4B21E286C19E}

Spyware:spyware/istbar No disinfected HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{faa356e4-d317-42a6-ab41-a3021c6e7d52}

Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908}

Spyware:Spyware/Iehelp No disinfected
C:\WINNT\Downloaded Program Files\ipreg32.inf

Adware:Adware/SAHAgent No disinfected
C:\WINNT\Downloaded Program Files\setup4002b.ini

Adware:Adware/SBSoft No disinfected
C:\WINNT\webdlg32.inf

Adware:Adware/Popup.pop No disinfected
C:\WINNT\winsx.inf
  • 0

#14
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
UNINSTALL LIST FROM HIJACKTHIS ::

Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 7.0
Adobe Reader 6.0.1
America Online (Choose which version to remove)
AOL Coach Version 1.0(Build:20040229.1 en)
AOL Coach Version 2.0(Build:20041026.5 en)
AOL Connectivity Services
AOL Instant Messenger
AOL Spyware Protection
ccCommon
CleanUp!
DAO 3.5
Dell ResourceCD
Empire Earth
ewido security suite
HijackThis 1.99.1
hp deskjet 950c series (Remove only)
Internet Worm Protection
InterVideo WinDVD
J2SE Runtime Environment 5.0 Update 1
Kazaa Lite K++ v2.4.3
Learn2 Player (Uninstall Only)
LimeWire 4.8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft Office XP Professional
Netscape (7.1)
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NTI CD-Maker 6 Platinum
NVIDIA Windows 2000 Display Drivers
PCFriendly
Pure Networks Port Magic
Quicken 2004
QuickTime
QuickTime 3.0
RealPlayer Basic
Sound Blaster Live! Value
SPBBC
Spybot - Search & Destroy 1.4
Symantec
Symantec Script Blocking Installer
SymNet
TurboTax Deluxe 2003
Winamp (remove only)
Windows 2000 Service Pack 2
WinZip
  • 0

#15
imbiginjapan

imbiginjapan

    Member

  • Topic Starter
  • Member
  • PipPip
  • 41 posts
RESULTS FROM FXISTBAR.EXE ::

Symantec Adware.Istbar Removal Tool 1.0.7


registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main: Search Bar (value deleted)
registry: HKEY_USERS\S-1-5-21-343818398-507921405-1060284298-1000\Software\Microsoft\Internet Explorer\Main: Use Search Assistant (value deleted)
registry: HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Search: SearchAssistant (value deleted)

C:\System Volume Information: (not scanned)
Adware.Istbar has not been found on your computer.


________________________________
thanks again for your help. the bug still seems to be infecting my comp; i keep getting popups from norton about it.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP