Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help me pls - W32.desktophijack is driving me craz


  • This topic is locked This topic is locked

#1
P-Nuts

P-Nuts

    New Member

  • Member
  • Pip
  • 3 posts
hey there i will happy if you can help me with this.
i try everything before i write this.

here is my log file:


Logfile of HijackThis v1.99.1
Scan saved at 16:12:57, on 27/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\System32\mgabg.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\windows\qrkignd.exe
C:\Program Files\Common Files\Symantec Shared\NMain.exe
C:\PROGRA~1\NORTON~1\navw32.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\totalcmd\TOTALCMD.EXE
C:\DOCUME~1\zinuq\LOCALS~1\Temp\_tc\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\he-il\msntb.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [osxppha] c:\windows\qrkignd.exe
O4 - HKCU\..\Run: [rslnjmf] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [pniqfsj] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [hjitqhp] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [yluqoor] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [xbbqmcp] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [vavxurj] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [snxrkjh] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [nvlabet] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [nfnhldr] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [kjakvhp] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [lldkyvf] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [fmnvvof] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [ddwobmg] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [ygvfxku] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [cuakfwd] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [xalmicq] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [ryrfxlj] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [mgmpfvv] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [txaiocl] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [hoywrli] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [bulpdqf] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [wycsojr] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [dbgibek] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [yhguvum] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [wbykaij] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [kaemtfv] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [mnlwkdn] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [vrpjiav] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [uocttut] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [jufltxm] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [tfssaao] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [kqkfgod] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [esaload] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [xxjdpnp] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [ryhgped] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [stsimeo] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [dithacn] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [wbqugkv] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [pvfluyj] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [jsxwywq] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [vrmllbr] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [ochxmse] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [nbljeul] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [woimwdx] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [yhaqvyx] c:\windows\ayvmnwv.exe
O4 - HKCU\..\Run: [gdjwqpl] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [kqiegsx] c:\windows\qoqwmvr.exe
O4 - HKCU\..\Run: [rlrkbjl] c:\windows\ihgfnjg.exe
O4 - HKCU\..\Run: [cuyxldk] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ndglvvk] c:\windows\plwamgy.exe
O4 - HKCU\..\Run: [uyprqmx] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [ghxfbgw] c:\windows\wtislsk.exe
O4 - HKCU\..\Run: [qlqlivg] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [qkwwjtp] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [wjxfwsl] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [yhpoqyi] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [bfiwueb] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [oyhgorm] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [ojeatnh] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [gbybsww] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [kmlnyfo] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [hiuwwua] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [yefmiaa] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [kwndlba] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [kefjxrw] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [eagpmjw] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [isteqtj] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [nwoydhc] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [mueygpy] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [gboyhre] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [bhhsopu] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [jnhdpxd] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [xpnsvgf] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [jbvbgcq] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [iqqwjcd] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [vbijecn] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [uwpxovc] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [jxgubhu] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [aekhwjg] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [aycjrir] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [lkajxav] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [qpjidkj] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [hekinek] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ilbvbdi] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [npglwxe] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [oijynvr] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [saaxlep] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [meyyomf] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [jftaiya] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [rovkyms] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [tftiujg] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [rocesjm] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [awsvvje] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [celjccq] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ndybuxe] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [gxoekwb] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [fdiqelq] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [sfjkwrk] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [blpelok] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [aswufap] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [ncdpmjp] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [jomekhl] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [eesrxsy] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [ckniywo] c:\windows\tyrhlso.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.micro...si/mcsimenu.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...ab?947140089546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

Pls!
it's driving me crazy!
10X
  • 0

Advertisements


#2
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Welcome P-Nuts to Geeks to Go!

HijackThis is being run from a temporary folder.
Please create a new folder for it and place the program into that new folder.

***

Please read this post completely, it may make it easier for you if you copy and paste this post to a new text document or print it for reference later.

***

This will likely be a few step process in removing the malware that has infected your system. I encourage you to stick with it and follow my directions as closely as possible so as to avoid complicating the problem further.

***

Download about:buster by RubbeRDuckY.
Download CWShredder.
Download SpSeHjfix.
Download and install CleanUp! Here

Save all of these files somewhere you will remember like to the Desktop.

***

Unzip SpSeHjfix to its own folder (ie c:\SpSeHjfix)

***

Run the CleanUp! installer. You dont need to do anything with it right now.

***

Update About:Buster
  • Unzip the contents of AboutBuster.zip and an AboutBuster directory will be created.
  • Navigate to the AboutBuster directory and double-click on AboutBuster.exe.
  • Click "OK" at the prompt with instructions.
  • Click "Update" and then "Check For Update" to begin the update process.
  • If any updates exist please download them by clicking "Download Update" then click the X to close that window.
  • Now close About:Buster
***

Update CWShredder
  • Open CWShredder and click I AGREE
  • Click Check For Update
  • Close CWShredder
***

Download SmitRem to your desktop.
Right click on the file and extract it to it's own folder on the desktop.

***

Place a shortcut to Panda ActiveScan on your desktop.

***

If you have not already installed Ad-Aware SE 1.06, please download and install AdAware SE 1.06.
Check Here on how setup and use it - please make sure you update it first.

***

Download the Killbox.
Unzip it to the desktop

Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\windows\qrkignd.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.


Boot into Safe Mode:
Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.

***

Open HijackThis
Place a check against each of the following, making sure you get them all and not any others by mistake:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://abcsearch4u.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://abcsearch4u.com/

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://abcsearch4u.com/

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://abcsearch4u.com/sp.htm

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://abcsearch4u.com/

O4 - HKLM\..\Run: [intell32.exe] C:\WINDOWS\System32\intell32.exe

Close all programs leaving only HijackThis running.
Click on Fix Checked when finished and exit HijackThis.

***

Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
The tool will create a log named smitfiles.txt in the root of your drive, eg; Local Disk C: or partition where your operating system is installed.
Post me the contents of the smitfiles.txt log as you post back.

***

Please run About:Buster:
  • Click Start and then OK to allow AboutBuster to scan for Alternate Data Streams.
  • Click Yes to allow it to shutdown explorer.exe.
  • It will begin to check your computer for malicious files. If it asks if you would like to do a second pass, allow it to do so.
  • When it has finished, click Save Log. Make sure you save it as I may need a copy of it later.
  • Reboot your computer into safe mode again
Run about:buster again following the same instructions as above, this time without the restart at the end.

***

Now run CWShredder. Click I Agree, then Fix and then Next, let it fix everything it asks about.

***

Now run SpSeHjfix. A log will be saved in the same folder that you put the exe into. Please post the results of that log in your next reply.

***

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.
When it’s done, press Close.
Reboot your computer back into safe mode.

***

Open Ad-aware and do a full scan. Remove all it finds.

***

Now open Ewido Security Suite:* Click on scanner
* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop
Reboot your computer.

***

Next go to Control Panel click Display > Desktop > Customize Desktop > Web > Uncheck "Security Info" if present.

***

Reboot back into Windows and click the Panda ActiveScan shortcut, then do a full system scan. Make sure the autoclean box is checked!
Save the scan log and post it along with a new HijackThis Log, the contents of the smitfiles.txt log and the Ewido Log by using Add Reply.
Let me know if any problems persist.
  • 0

#3
P-Nuts

P-Nuts

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
here is the logs:

i still got the norton msg that i infected with W32.desktophijack Virus
buster

after the scan (didn't find nothing) i got this:

run-time error '339':
Component 'comctl32.ocx' or one of its depedencies not correctly registerd: a file is missing or invalid

ad-aware:


Ad-Aware SE Build 1.06r1
Logfile Created on:??? ????? 27 ???? 2005 17:22:01
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R57 26.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Malware.Psguard(TAC index:7):90 total references
MRU List(TAC index:0):8 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-07-2005 17:22:01 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\zinuq\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\zinuq\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 372
ThreadCreationTime : 27-07-2005 15:20:37
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 420
ThreadCreationTime : 27-07-2005 15:20:40
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 444
ThreadCreationTime : 27-07-2005 15:20:41
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 27-07-2005 15:20:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 27-07-2005 15:20:43
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 27-07-2005 15:20:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 720
ThreadCreationTime : 27-07-2005 15:20:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 812
ThreadCreationTime : 27-07-2005 15:20:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 840
ThreadCreationTime : 27-07-2005 15:20:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1288
ThreadCreationTime : 27-07-2005 15:20:57
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [totalcmd.exe]
FilePath : C:\totalcmd\
ProcessID : 1460
ThreadCreationTime : 27-07-2005 15:21:07
BasePriority : Normal
FileVersion : 6.03
ProductVersion : 6.03
ProductName : Total Commander
CompanyName : C. Ghisler & Co.
FileDescription : Total Commander 32 bit international version, file manager replacement for Windows
InternalName : TOTALCMD
LegalCopyright : Copyright © 1993-2004 Christian Ghisler

#:12 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 1536
ThreadCreationTime : 27-07-2005 15:21:19
BasePriority : Normal


#:13 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1584
ThreadCreationTime : 27-07-2005 15:21:25
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:14 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1660
ThreadCreationTime : 27-07-2005 15:21:40
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{04f3168f-5afc-4531-b3b4-16ca93720415}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{187a8428-bd94-470d-a178-a2347f940519}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2865930b-4588-4ff3-8227-6d4f66c92c7a}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2fe2edc0-9e62-4f34-8a73-bc66dae48ef3}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}

Malware.Psguard Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}
Value : No

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3a3a8c24-8ff0-4140-9731-54d9483ea70b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3a906593-b4bd-48ed-84b0-3249bed65ef9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{49b72a72-01f5-4ae8-bbd7-daa67f1e303b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ae3aca6-1be3-4443-98dd-effcfa793d35}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{787dec39-69d0-40b3-b173-e0411c59b300}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79ddf2ef-d881-464b-b2af-5af8816a3964}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{813c8e86-4c90-4617-b59e-e130cc068140}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{89133bce-57d0-4d2b-afaf-a97b74ad704e}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8f40cc34-fe77-4618-aa3d-bd2efacaa8dc}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9f89e240-06a6-4e1c-ba84-f267de7db391}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b60a0e56-548d-40ae-9383-d752531f653f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b67b0756-2528-4996-b4bd-c993614cc0b6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bcc51ea9-6340-4ebe-8736-13a752ecb0be}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e9719d38-ec55-4c8b-9df0-080ade95a9fa}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4b3e25a-33b4-4647-9a78-b627dde211a6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{08101c3e-6c90-439e-9734-6e4dd1b53b69}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{09b90087-4ffa-4a44-be69-da117a710f07}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1449f89c-ad28-427a-97ff-1d5bd812ea43}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c08d3d0-1e04-4dde-ab0a-75355ea2585e}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{20f8b70d-9f16-4dcb-8788-90a0498e46b9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28fedb90-53c7-4928-994a-cee782606507}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a350193-c7f7-4e10-b347-02ff4c3cc4e9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4723879b-8f52-4be7-9994-626afa539366}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b6a3434-8625-4abf-b79d-09d98c2498c4}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b6c0168-baac-4c7c-911e-0132590f5661}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8ec33b7d-9953-4edb-ace2-d4c105968601}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a00e2305-7001-4200-ba00-5779f9a3e7d3}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a917b2f3-a9bf-477c-a0e3-0382d0376159}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b26b5883-f15f-4283-b3d5-a1728077de47}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b803d266-a08d-4a4c-9604-6d35689abe09}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cb9385ab-8541-4b2f-a363-48f64c612993}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cf1674cc-ec9a-4aee-996e-65a8f7c0b0e4}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d5d6e9b5-30d5-4457-ac8b-399205f50411}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d6a7d177-0b2f-4283-b2e8-b6310a45e606}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e0d6c30a-b9a3-4181-8099-3b0d5a2b98af}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f100a342-3ac5-47ff-b5b3-fcdb6fc9f016}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f4364eec-31f5-4b8b-a7e0-3b6394c9d23f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{982392f9-9c65-48b4-b667-3459c46630d1}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{f61d1ce1-5199-4b57-b59e-c6819ea92f3b}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 50
Objects found so far: 58


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 58



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : FREE Access to 800 Paid sites.url
TAC Rating : 7
Category : Misc
Comment : Problematic URL discovered: http://getthis4free.com/
Object : C:\Documents and Settings\zinuq\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundcollection

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundcollection.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundobject

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundobject.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessescollection

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessescollection.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessinfo

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessinfo.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.license

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.license.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.options

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.options.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.quarantine

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.quarantine.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.realtime

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.realtime.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.rtobject

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.rtobject.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.safemode

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.safemode.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scaner

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scaner.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scanstatistic

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scanstatistic.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.theapp

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.theapp.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.update

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.update.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.updateinfo

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.updateinfo.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.versioninfo

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.versioninfo.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.window

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.window.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowcollection

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowcollection.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowlayer

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowlayer.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\shudderltd

Malware.Psguard Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Display Inline Images

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 40
Objects found so far: 99

17:28:34 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:33.305
Objects scanned:109781
Objects identified:91
Objects ignored:0
New critical objects:91


hack:

Logfile of HijackThis v1.99.1
Scan saved at 17:02:18, on 27/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
E:\eyalvirus\fix\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\he-il\msntb.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [osxppha] c:\windows\qrkignd.exe
O4 - HKCU\..\Run: [rslnjmf] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [pniqfsj] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [hjitqhp] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [yluqoor] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [xbbqmcp] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [vavxurj] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [snxrkjh] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [nvlabet] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [nfnhldr] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [kjakvhp] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [lldkyvf] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [fmnvvof] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [ddwobmg] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [ygvfxku] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [cuakfwd] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [xalmicq] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [ryrfxlj] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [mgmpfvv] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [txaiocl] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [hoywrli] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [bulpdqf] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [wycsojr] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [dbgibek] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [yhguvum] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [wbykaij] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [kaemtfv] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [mnlwkdn] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [vrpjiav] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [uocttut] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [jufltxm] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [tfssaao] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [kqkfgod] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [esaload] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [xxjdpnp] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [ryhgped] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [stsimeo] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [dithacn] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [wbqugkv] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [pvfluyj] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [jsxwywq] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [vrmllbr] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [ochxmse] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [nbljeul] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [woimwdx] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [yhaqvyx] c:\windows\ayvmnwv.exe
O4 - HKCU\..\Run: [gdjwqpl] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [kqiegsx] c:\windows\qoqwmvr.exe
O4 - HKCU\..\Run: [rlrkbjl] c:\windows\ihgfnjg.exe
O4 - HKCU\..\Run: [cuyxldk] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ndglvvk] c:\windows\plwamgy.exe
O4 - HKCU\..\Run: [uyprqmx] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [ghxfbgw] c:\windows\wtislsk.exe
O4 - HKCU\..\Run: [qlqlivg] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [qkwwjtp] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [wjxfwsl] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [yhpoqyi] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [bfiwueb] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [oyhgorm] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [ojeatnh] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [gbybsww] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [kmlnyfo] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [hiuwwua] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [yefmiaa] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [kwndlba] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [kefjxrw] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [eagpmjw] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [isteqtj] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [nwoydhc] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [mueygpy] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [gboyhre] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [bhhsopu] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [jnhdpxd] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [xpnsvgf] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [jbvbgcq] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [iqqwjcd] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [vbijecn] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [uwpxovc] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [jxgubhu] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [aekhwjg] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [aycjrir] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [lkajxav] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [qpjidkj] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [hekinek] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ilbvbdi] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [npglwxe] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [oijynvr] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [saaxlep] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [meyyomf] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [jftaiya] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [rovkyms] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [tftiujg] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [rocesjm] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [awsvvje] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [celjccq] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ndybuxe] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [gxoekwb] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [fdiqelq] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [sfjkwrk] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [blpelok] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [aswufap] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [ncdpmjp] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [jomekhl] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [eesrxsy] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [ckniywo] c:\windows\tyrhlso.exe
O4 - HKCU\..\Run: [hpeoqdu] c:\windows\tyrhlso.exe
O4 - HKCU\..\Run: [dlsfjxx] c:\windows\tyrhlso.exe
O4 - HKCU\..\Run: [agalqca] c:\windows\tyrhlso.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.micro...si/mcsimenu.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...ab?947140089546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
[b]
[u]panda scan:



Incident Status Location

Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\TYRHLSO.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\GENBWJR.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\WTISLSK.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\HEMIMTO.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\PLWAMGY.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\YVCPMHD.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\IHGFNJG.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\QOQWMVR.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\SRKUNKK.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\AYVMNWV.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\CSPBBWD.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\TBFBYNB.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\HOGXQIP.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\HSYIYPD.EXE
Adware:Adware/Startpage.WH No disinfected C:\windows\gpkehcu.exe
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\desktop.exe
Adware:adware/findspy No disinfected C:\DOCUMENTS AND SETTINGS\ZINUQ\FAVORITES\ FREE Access to 800 Paid sites.url
  • 0

#4
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Let's cure the error on About:Buster.

Download comctl32.ocx
Place this in your C:\Windows\System32-folder or C:\Windows\System-folder (depending what OS)

Go to start > run and type: regsvr32 COMCTL32.OCX
You should see a message saying "DllRegisterServer ... succeeded" afterwards

***

Did you have AdAware clean all it found?

***

The Panda file is missing a part, can you repost it?

***

Can I see the smitfilex.txt and the log made by Ewido?
  • 0

#5
P-Nuts

P-Nuts

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
thank you for comment, here is the logs again.

ad-aware.txt-


Ad-Aware SE Build 1.06r1
Logfile Created on:??? ????? 27 ???? 2005 17:22:01
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R57 26.07.2005
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Malware.Psguard(TAC index:7):90 total references
MRU List(TAC index:0):8 total references
Possible Browser Hijack attempt(TAC index:3):1 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


27-07-2005 17:22:01 - Scan started. (Full System Scan)

MRU List Object Recognized!
Location: : C:\Documents and Settings\zinuq\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\zinuq\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-1844237615-1563985344-1708537768-1003\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 372
ThreadCreationTime : 27-07-2005 15:20:37
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 420
ThreadCreationTime : 27-07-2005 15:20:40
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 444
ThreadCreationTime : 27-07-2005 15:20:41
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 488
ThreadCreationTime : 27-07-2005 15:20:43
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 500
ThreadCreationTime : 27-07-2005 15:20:43
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 660
ThreadCreationTime : 27-07-2005 15:20:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 720
ThreadCreationTime : 27-07-2005 15:20:45
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 812
ThreadCreationTime : 27-07-2005 15:20:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 840
ThreadCreationTime : 27-07-2005 15:20:46
BasePriority : Normal
FileVersion : 5.1.2600.0 (xpclient.010817-1148)
ProductVersion : 5.1.2600.0
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1288
ThreadCreationTime : 27-07-2005 15:20:57
BasePriority : Normal
FileVersion : 6.00.2800.1106 (xpsp1.020828-1920)
ProductVersion : 6.00.2800.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:11 [totalcmd.exe]
FilePath : C:\totalcmd\
ProcessID : 1460
ThreadCreationTime : 27-07-2005 15:21:07
BasePriority : Normal
FileVersion : 6.03
ProductVersion : 6.03
ProductName : Total Commander
CompanyName : C. Ghisler & Co.
FileDescription : Total Commander 32 bit international version, file manager replacement for Windows
InternalName : TOTALCMD
LegalCopyright : Copyright © 1993-2004 Christian Ghisler

#:12 [winword.exe]
FilePath : C:\Program Files\Microsoft Office\Office10\
ProcessID : 1536
ThreadCreationTime : 27-07-2005 15:21:19
BasePriority : Normal


#:13 [ctfmon.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1584
ThreadCreationTime : 27-07-2005 15:21:25
BasePriority : Normal
FileVersion : 5.1.2600.1106 (xpsp1.020828-1920)
ProductVersion : 5.1.2600.1106
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:14 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1660
ThreadCreationTime : 27-07-2005 15:21:40
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 8


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{04f3168f-5afc-4531-b3b4-16ca93720415}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{057e242f-2947-4e0a-8e61-a11345d97ea6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{187a8428-bd94-470d-a178-a2347f940519}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2865930b-4588-4ff3-8227-6d4f66c92c7a}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{2fe2edc0-9e62-4f34-8a73-bc66dae48ef3}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}

Malware.Psguard Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{357a87ed-3e5d-437d-b334-deb7eb4982a3}
Value : No

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3a3a8c24-8ff0-4140-9731-54d9483ea70b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{3a906593-b4bd-48ed-84b0-3249bed65ef9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{49b72a72-01f5-4ae8-bbd7-daa67f1e303b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{6ae3aca6-1be3-4443-98dd-effcfa793d35}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{787dec39-69d0-40b3-b173-e0411c59b300}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{79ddf2ef-d881-464b-b2af-5af8816a3964}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{813c8e86-4c90-4617-b59e-e130cc068140}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{89133bce-57d0-4d2b-afaf-a97b74ad704e}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{8f40cc34-fe77-4618-aa3d-bd2efacaa8dc}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{9f89e240-06a6-4e1c-ba84-f267de7db391}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b60a0e56-548d-40ae-9383-d752531f653f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{b67b0756-2528-4996-b4bd-c993614cc0b6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{bcc51ea9-6340-4ebe-8736-13a752ecb0be}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{e9719d38-ec55-4c8b-9df0-080ade95a9fa}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : clsid\{f4b3e25a-33b4-4647-9a78-b627dde211a6}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{08101c3e-6c90-439e-9734-6e4dd1b53b69}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{09b90087-4ffa-4a44-be69-da117a710f07}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1449f89c-ad28-427a-97ff-1d5bd812ea43}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{1c08d3d0-1e04-4dde-ab0a-75355ea2585e}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{206538f7-f98c-4a46-a7d4-4a37fcdc932b}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{20f8b70d-9f16-4dcb-8788-90a0498e46b9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{28fedb90-53c7-4928-994a-cee782606507}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{2c462d06-3ba0-48bb-9282-bb6519fe86e9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{3a350193-c7f7-4e10-b347-02ff4c3cc4e9}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{4723879b-8f52-4be7-9994-626afa539366}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{7b6a3434-8625-4abf-b79d-09d98c2498c4}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8b6c0168-baac-4c7c-911e-0132590f5661}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{8ec33b7d-9953-4edb-ace2-d4c105968601}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a00e2305-7001-4200-ba00-5779f9a3e7d3}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a20f5672-7486-4d27-bd2b-e555e4692c5f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{a917b2f3-a9bf-477c-a0e3-0382d0376159}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b26b5883-f15f-4283-b3d5-a1728077de47}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{b803d266-a08d-4a4c-9604-6d35689abe09}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{c6e2a22c-b3a8-43a4-b5ec-a5bb671ab3f7}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cb9385ab-8541-4b2f-a363-48f64c612993}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{cf1674cc-ec9a-4aee-996e-65a8f7c0b0e4}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d5d6e9b5-30d5-4457-ac8b-399205f50411}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{d6a7d177-0b2f-4283-b2e8-b6310a45e606}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{e0d6c30a-b9a3-4181-8099-3b0d5a2b98af}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f100a342-3ac5-47ff-b5b3-fcdb6fc9f016}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : interface\{f4364eec-31f5-4b8b-a7e0-3b6394c9d23f}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{982392f9-9c65-48b4-b667-3459c46630d1}

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : typelib\{f61d1ce1-5199-4b57-b59e-c6819ea92f3b}

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 50
Objects found so far: 58


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58



Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58


Deep scanning and examining files (E:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for E:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 58


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 58



Possible Browser Hijack attempt Object Recognized!
Type : File
Data : FREE Access to 800 Paid sites.url
TAC Rating : 7
Category : Misc
Comment : Problematic URL discovered: http://getthis4free.com/
Object : C:\Documents and Settings\zinuq\Favorites\




Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundcollection

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundcollection.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundobject

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.foundobject.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessescollection

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessescollection.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessinfo

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.killedprocessinfo.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.license

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.license.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.options

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.options.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.quarantine

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.quarantine.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.realtime

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.realtime.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.rtobject

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.rtobject.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.safemode

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.safemode.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scaner

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scaner.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scanstatistic

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.scanstatistic.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.theapp

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.theapp.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.update

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.update.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.updateinfo

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.updateinfo.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.versioninfo

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : avecore.versioninfo.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.window

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.window.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowcollection

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowcollection.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowlayer

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_CLASSES_ROOT
Object : wndlayer.windowlayer.1

Malware.Psguard Object Recognized!
Type : Regkey
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\shudderltd

Malware.Psguard Object Recognized!
Type : RegValue
Data :
TAC Rating : 7
Category : Malware
Comment :
Rootkey : HKEY_LOCAL_MACHINE
Object : software\microsoft\internet explorer\main
Value : Display Inline Images

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 40
Objects found so far: 99

17:28:34 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:33.305
Objects scanned:109781
Objects identified:91
Objects ignored:0
New critical objects:91


hack.txt-

Logfile of HijackThis v1.99.1
Scan saved at 17:02:18, on 27/07/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\explorer.exe
E:\eyalvirus\fix\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 ME\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\he-il\msntb.dll (file missing)
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [osxppha] c:\windows\qrkignd.exe
O4 - HKCU\..\Run: [rslnjmf] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [pniqfsj] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [hjitqhp] c:\windows\gpkehcu.exe
O4 - HKCU\..\Run: [yluqoor] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [xbbqmcp] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [vavxurj] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [snxrkjh] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [nvlabet] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [nfnhldr] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [kjakvhp] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [lldkyvf] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [fmnvvof] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [ddwobmg] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [ygvfxku] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [cuakfwd] c:\windows\hsyiypd.exe
O4 - HKCU\..\Run: [xalmicq] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [ryrfxlj] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [mgmpfvv] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [txaiocl] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [hoywrli] c:\windows\hogxqip.exe
O4 - HKCU\..\Run: [bulpdqf] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [wycsojr] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [dbgibek] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [yhguvum] c:\windows\tbfbynb.exe
O4 - HKCU\..\Run: [wbykaij] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [kaemtfv] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [mnlwkdn] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [vrpjiav] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [uocttut] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [jufltxm] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [tfssaao] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [kqkfgod] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [esaload] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [xxjdpnp] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [ryhgped] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [stsimeo] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [dithacn] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [wbqugkv] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [pvfluyj] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [jsxwywq] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [vrmllbr] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [ochxmse] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [nbljeul] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [woimwdx] c:\windows\cspbbwd.exe
O4 - HKCU\..\Run: [yhaqvyx] c:\windows\ayvmnwv.exe
O4 - HKCU\..\Run: [gdjwqpl] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [kqiegsx] c:\windows\qoqwmvr.exe
O4 - HKCU\..\Run: [rlrkbjl] c:\windows\ihgfnjg.exe
O4 - HKCU\..\Run: [cuyxldk] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ndglvvk] c:\windows\plwamgy.exe
O4 - HKCU\..\Run: [uyprqmx] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [ghxfbgw] c:\windows\wtislsk.exe
O4 - HKCU\..\Run: [qlqlivg] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [qkwwjtp] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [wjxfwsl] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [yhpoqyi] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [bfiwueb] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [oyhgorm] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [ojeatnh] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [gbybsww] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [kmlnyfo] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [hiuwwua] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [yefmiaa] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [kwndlba] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [kefjxrw] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [eagpmjw] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [isteqtj] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [nwoydhc] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [mueygpy] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [gboyhre] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [bhhsopu] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [jnhdpxd] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [xpnsvgf] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [jbvbgcq] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [iqqwjcd] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [vbijecn] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [uwpxovc] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [jxgubhu] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [aekhwjg] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [aycjrir] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [lkajxav] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [qpjidkj] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [hekinek] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ilbvbdi] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [npglwxe] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [oijynvr] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [saaxlep] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [meyyomf] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [jftaiya] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [rovkyms] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [tftiujg] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [rocesjm] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [awsvvje] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [celjccq] c:\windows\yvcpmhd.exe
O4 - HKCU\..\Run: [ndybuxe] c:\windows\srkunkk.exe
O4 - HKCU\..\Run: [gxoekwb] c:\windows\hemimto.exe
O4 - HKCU\..\Run: [fdiqelq] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [sfjkwrk] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [blpelok] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [aswufap] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [ncdpmjp] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [jomekhl] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [eesrxsy] c:\windows\genbwjr.exe
O4 - HKCU\..\Run: [ckniywo] c:\windows\tyrhlso.exe
O4 - HKCU\..\Run: [hpeoqdu] c:\windows\tyrhlso.exe
O4 - HKCU\..\Run: [dlsfjxx] c:\windows\tyrhlso.exe
O4 - HKCU\..\Run: [agalqca] c:\windows\tyrhlso.exe
O8 - Extra context menu item: &יצא ל- Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: מחקר - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.micro...si/mcsimenu.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...ab?947140089546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivi...n/ravonline.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: MGABGEXE - Matrox Graphics Inc. - C:\WINDOWS\System32\mgabg.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Panda Process Protection Service (PavPrSrv) - Panda Software - C:\Program Files\Common Files\Panda Software\PavShld\pavprsrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

panda scan.txt-

Incident Status Location

Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\TYRHLSO.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\GENBWJR.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\WTISLSK.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\HEMIMTO.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\PLWAMGY.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\YVCPMHD.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\IHGFNJG.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\QOQWMVR.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\SRKUNKK.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\AYVMNWV.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\CSPBBWD.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\TBFBYNB.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\HOGXQIP.EXE
Adware:Adware/Startpage.WH No disinfected C:\WINDOWS\HSYIYPD.EXE
Adware:Adware/Startpage.WH No disinfected C:\windows\gpkehcu.exe
Adware:adware program No disinfected C:\WINDOWS\SYSTEM32\desktop.exe
Adware:adware/findspy No disinfected C:\DOCUMENTS AND SETTINGS\ZINUQ\FAVORITES\ FREE Access to 800 Paid sites.url
Adware:adware/cws No disinfected C:\DOCUMENTS AND SETTINGS\ZINUQ\FAVORITES\! Smart Security.url
  • 0

#6
g2i2r4

g2i2r4

    retired HiJack Helper

  • Retired Staff
  • 5,080 posts
Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\SYSTEM32\desktop.exe
C:\DOCUMENTS AND SETTINGS\ZINUQ\FAVORITES\ FREE Access to 800 Paid sites.url
C:\DOCUMENTS AND SETTINGS\ZINUQ\FAVORITES\! Smart Security.url

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer NO until after you've pasted the last file name, at which time you should answer Yes.

If your computer does not restart automatically, please restart it manually.

***

Did you remove all items in red found bij AdAware?

***
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Open ADS Spy"
  • Click on "Scan"
  • select all streams found
  • delete them
  • close HijackThis.
***

Run About:Buster. Keep running it till it no longer finds files or streams.

***

Run Ewido to do a full scan. Save that log and post it here. Also post me a fresh HijackThis log to check.



EDIT:
As there has been no reply from the original poster for more than two weeks this topic is now closed.

If you are the original poster and still need assistance, please send me a PM.

Edited by g2i2r4, 14 August 2005 - 02:23 PM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP