6:58 AM: |··· Start of Session, Thursday, August 11, 2005 ···|
6:58 AM: Spy Sweeper started
6:58 AM: Sweep initiated using definitions version 512
6:58 AM: Starting Memory Sweep
6:59 AM: Memory Sweep Complete, Elapsed Time: 00:00:40
6:59 AM: Starting Registry Sweep
6:59 AM: Registry Sweep Complete, Elapsed Time:00:00:13
6:59 AM: Starting Cookie Sweep
6:59 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:59 AM: Starting File Sweep
7:01 AM: File Sweep Complete, Elapsed Time: 00:01:15
7:01 AM: Full Sweep has completed. Elapsed time 00:02:14
7:01 AM: Traces Found: 0
********
6:49 AM: |··· Start of Session, Thursday, August 11, 2005 ···|
6:49 AM: Spy Sweeper started
6:49 AM: Sweep initiated using definitions version 512
6:49 AM: Starting Memory Sweep
6:50 AM: Memory Sweep Complete, Elapsed Time: 00:00:59
6:50 AM: Starting Registry Sweep
6:50 AM: Found Adware: drsnsrch.com hijack
6:50 AM: HKU\S-1-5-21-2052111302-842925246-1060284298-1003\software\microsoft\search assistant\ || defaultsearchurl (ID = 128205)
6:50 AM: Found System Monitor: networkessentials
6:50 AM: HKLM\software\microsoft\windows\currentversion\uninstall\cdm\ (2 subtraces) (ID = 136172)
6:50 AM: HKLM\software\novo\ (23 subtraces) (ID = 136175)
6:50 AM: HKLM\software\np\ (2 subtraces) (ID = 136176)
6:50 AM: Found Adware: purityscan
6:50 AM: HKCR\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (5 subtraces) (ID = 137348)
6:50 AM: HKCR\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (5 subtraces) (ID = 137349)
6:50 AM: HKLM\software\classes\interface\{3517fb25-305d-4012-b531-186e3851e7ed}\ (5 subtraces) (ID = 137678)
6:50 AM: HKLM\software\classes\interface\{4781daa6-4de5-47a1-b02a-945f0d017a9e}\ (5 subtraces) (ID = 137679)
6:50 AM: Found Adware: roings search enhancment
6:50 AM: HKLM\software\mm\ (1 subtraces) (ID = 140211)
6:50 AM: Found Adware: abetterinternet
6:50 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-842925246-1060284298-500\software\aurora\ (18 subtraces) (ID = 360174)
6:50 AM: HKU\WRSS_Profile_S-1-5-21-2052111302-842925246-1060284298-501\software\aurora\ (26 subtraces) (ID = 360174)
6:50 AM: Found Adware: drsnsrch hijacker
6:50 AM: HKCR\dsrch.band\ (5 subtraces) (ID = 509134)
6:50 AM: HKCR\dsrch.bottomframe\ (5 subtraces) (ID = 509135)
6:50 AM: HKCR\dsrch.leftframe\ (5 subtraces) (ID = 509136)
6:50 AM: HKCR\dsrch.popupbrowser\ (5 subtraces) (ID = 509137)
6:50 AM: HKCR\dsrch.popupwindow\ (5 subtraces) (ID = 509138)
6:50 AM: HKCR\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509139)
6:50 AM: HKCR\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509140)
6:50 AM: HKCR\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509141)
6:50 AM: HKCR\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509142)
6:50 AM: Found Adware: ieplugin
6:50 AM: HKCR\typelib\{8f73ac0f-5769-4282-8762-b396a3bff377}\ (9 subtraces) (ID = 509153)
6:50 AM: HKU\S-1-5-21-2052111302-842925246-1060284298-1003\software\dsrch\ (11 subtraces) (ID = 509156)
6:50 AM: HKLM\software\classes\dsrch.band\ (5 subtraces) (ID = 509171)
6:50 AM: HKLM\software\classes\dsrch.bottomframe\ (5 subtraces) (ID = 509172)
6:50 AM: HKLM\software\classes\dsrch.leftframe\ (5 subtraces) (ID = 509179)
6:50 AM: HKLM\software\classes\dsrch.popupbrowser\ (5 subtraces) (ID = 509185)
6:50 AM: HKLM\software\classes\dsrch.popupwindow\ (5 subtraces) (ID = 509191)
6:50 AM: HKLM\software\classes\clsid\{8b51fc2f-c687-40a3-b54a-bb9ebf8d407f}\ (11 subtraces) (ID = 509198)
6:50 AM: HKLM\software\classes\clsid\{ce27d4df-714b-4427-95eb-923fe53adf8e}\ (13 subtraces) (ID = 509210)
6:50 AM: HKLM\software\classes\clsid\{e2d2fe40-5674-4b77-802b-ec86b6c2c41d}\ (13 subtraces) (ID = 509224)
6:50 AM: HKLM\software\classes\clsid\{e311d3a5-4a3b-4e49-9e0a-b40fae1f0b28}\ (11 subtraces) (ID = 509238)
6:50 AM: HKCR\dsrch.band\clsid\ (1 subtraces) (ID = 509361)
6:50 AM: HKCR\dsrch.band\curver\ (1 subtraces) (ID = 509362)
6:50 AM: HKCR\dsrch.bottomframe\clsid\ (1 subtraces) (ID = 509363)
6:50 AM: HKCR\dsrch.bottomframe\curver\ (1 subtraces) (ID = 509364)
6:50 AM: HKCR\dsrch.leftframe\clsid\ (1 subtraces) (ID = 509365)
6:50 AM: HKCR\dsrch.leftframe\curver\ (1 subtraces) (ID = 509366)
6:50 AM: HKCR\dsrch.popupbrowser\clsid\ (1 subtraces) (ID = 509367)
6:50 AM: HKCR\dsrch.popupbrowser\curver\ (1 subtraces) (ID = 509368)
6:50 AM: HKCR\dsrch.popupwindow\clsid\ (1 subtraces) (ID = 509369)
6:50 AM: HKCR\dsrch.popupwindow\curver\ (1 subtraces) (ID = 509370)
6:50 AM: HKCR\dsrch.bottomframe.1\ (3 subtraces) (ID = 512699)
6:50 AM: HKCR\dsrch.leftframe.1\ (3 subtraces) (ID = 512706)
6:50 AM: HKCR\dsrch.popupbrowser.1\ (3 subtraces) (ID = 512713)
6:50 AM: HKCR\dsrch.popupwindow.1\ (3 subtraces) (ID = 512720)
6:50 AM: HKCR\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 512747)
6:50 AM: HKLM\software\classes\dsrch.bottomframe.1\ (3 subtraces) (ID = 513076)
6:50 AM: HKLM\software\classes\dsrch.leftframe.1\ (3 subtraces) (ID = 513080)
6:50 AM: HKLM\software\classes\dsrch.popupbrowser.1\ (3 subtraces) (ID = 513084)
6:50 AM: HKLM\software\classes\dsrch.popupwindow.1\ (3 subtraces) (ID = 513088)
6:50 AM: HKLM\software\classes\clsid\{00f1d395-4744-40f0-a611-980f61ae2c59}\ (11 subtraces) (ID = 513114)
6:50 AM: Registry Sweep Complete, Elapsed Time:00:00:14
6:50 AM: Starting Cookie Sweep
6:50 AM: Cookie Sweep Complete, Elapsed Time: 00:00:00
6:50 AM: Starting File Sweep
6:54 AM: m67m.inf (ID = 74028)
6:56 AM: Found Adware: shopathomeselect
6:56 AM: bah2gl9g.dat (ID = 121494)
6:56 AM: shex.exe (ID = 94438)
6:56 AM: File Sweep Complete, Elapsed Time: 00:06:12
6:56 AM: Full Sweep has completed. Elapsed time 00:07:35
6:56 AM: Traces Found: 368
6:57 AM: Removal process initiated
6:57 AM: Quarantining All Traces: drsnsrch.com hijack
6:57 AM: Quarantining All Traces: networkessentials
6:57 AM: Quarantining All Traces: purityscan
6:57 AM: Quarantining All Traces: roings search enhancment
6:57 AM: Quarantining All Traces: abetterinternet
6:57 AM: Quarantining All Traces: drsnsrch hijacker
6:57 AM: Quarantining All Traces: ieplugin
6:57 AM: Quarantining All Traces: shopathomeselect
6:57 AM: Removal process completed. Elapsed time 00:00:08
6:58 AM: |··· End of Session, Thursday, August 11, 2005 ···|
********
6:36 AM: |··· Start of Session, Thursday, August 11, 2005 ···|
6:36 AM: Spy Sweeper started
------------------------------------------------------------------------------------------
Incident Status Location
Adware:adware/superspider No disinfected C:\WINDOWS\SYSTEM32\services
Spyware:spyware/media-motor No disinfected Windows Registry
Hacktool:Hacktool/Processor No disinfected C:\Documents and Settings\All Users\Desktop\nailfix\Process.exe
Possible Virus. No disinfected C:\Program Files\TrojanHunter 4.2\Tools\Process Viewer\ProcessViewer.exe
-----------------------------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 8:06:22 AM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft IntelliPoint\point32.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe
C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe
E:\progra~1\steam\steam.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.comcast.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Comcast
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: 3DNA Toolbar - {2ECB7FB2-0333-416F-92FD-4904AD49252B} - C:\WINDOWS\system32\3DNATO~1.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - E:\Program Files\Norton SystemWorks\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\Smtray.exe
O4 - HKLM\..\Run: [CTSysVol] E:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] E:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [SBDrvDet] C:\Program Files\Creative\SB Drive Det\SBDrvDet.exe /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [LiveNote] livenote.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [ccRegVfy] "C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [IntelliPoint] "C:\Program Files\Microsoft IntelliPoint\point32.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [vidctrl] C:\WINDOWS\system32\vidctrl\vidctrl.exe
O4 - HKLM\..\Run: [myziju] c:\windows\system32\zjpekav.exe r
O4 - HKLM\..\Run: [rmwfkq] c:\windows\system32\jfhkaer.exe r
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Steam] "e:\progra~1\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ASUS SmartDoctor] E:\Program Files\ASUS\SmartDoctor\\SmartDoctor.exe /start
O4 - HKCU\..\Run: [Creative MediaSource Go] E:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe /SCB
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2004\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [Shrkvkar] C:\WINDOWS\system32\w?nlogon.exe
O4 - HKCU\..\Run: [Wioa] C:\Program Files\cdme\teib.exe
O8 - Extra context menu item: Download &All by FD - fdiectx2.htm
O8 - Extra context menu item: Download with &FD - fdiectx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: ComcastHSI - {669B269B-0D4E-41FB-A3D8-FD67CA94F646} - http://www.comcast.net/ (file missing)
O9 - Extra button: Support - {8828075D-D097-4055-AA02-2DBFA9D85E8A} - http://www.comcastsupport.com/ (file missing)
O9 - Extra button: Help - {97809617-3937-4F84-B335-9BB05EF1A8D4} - http://online.comcast.net/help/ (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative....015/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {82F2D6B2-6C58-4404-A930-9DB0FD90D4B1} (Driver_Detective_v43_Non_Member.DD_v43) - http://www.drivershq..._Non_Member.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative....15014/CTPID.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - E:\Program Files\Norton SystemWorks\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Speed Disk service - Symantec Corporation - E:\PROGRA~1\NORTON~1\SPEEDD~1\nopdb.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2004\WinStylerThemeSvc.exe