Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

it's broken [RESOLVED]


  • This topic is locked This topic is locked

#1
Esther47

Esther47

    Member

  • Member
  • PipPip
  • 11 posts
:tazz: Logfile of HijackThis v1.99.1
Scan saved at 8:27:28 PM, on 8/13/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\PROGRA~1\COMMON~1\AOL\110105~1\EE\AOLHOS~1.EXE
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\110105~1\EE\AOLServiceHost.exe
c:\progra~1\intern~1\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\PROGRA~1\AMERIC~1.0A\waol.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\AMERIC~1.0A\shellmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\dwwin.exe
c:\progra~1\intern~1\iexplore.exe
C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temporary Internet Files\Content.IE5\MQMTHD82\HijackThis[3].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zulfcihpx...v8Un97Dko9.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {E31FAE7C-C06E-C80D-6695-31071E447CC6} - C:\DOCUME~1\DONOVA~1\APPLIC~1\DENTMU~1\SaveDvd.exe
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [vunj] C:\WINDOWS\opwn.exe
O4 - HKLM\..\Run: [uuxpc] C:\WINDOWS\mwenog.exe
O4 - HKLM\..\Run: [tynigqtr] C:\WINDOWS\kgjtkfbj.exe
O4 - HKLM\..\Run: [tpimkik] C:\WINDOWS\upaxtufgd.exe
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [qwvpcfsxxgdg] C:\WINDOWS\System32\niqimxp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [pqjj] C:\WINDOWS\repd.exe
O4 - HKLM\..\Run: [PopUpCopCloser] C:\PROGRA~1\POPUPCOP\PCCloser.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mvpzfz] C:\WINDOWS\iwegcmxsz.exe
O4 - HKLM\..\Run: [mvblhebr] C:\WINDOWS\kcej.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [lgfbtiey] C:\WINDOWS\ffmqbjgs.exe
O4 - HKLM\..\Run: [lchrds] C:\WINDOWS\jkuxty.exe
O4 - HKLM\..\Run: [jloebuhcj] C:\WINDOWS\ngibv.exe
O4 - HKLM\..\Run: [ithr] C:\WINDOWS\nnwilq.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101051735\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [hole fast bows start] C:\Documents and Settings\All Users\Application Data\heartonceholefast\loudsettings.exe
O4 - HKLM\..\Run: [gdyledcz] C:\WINDOWS\gdyledcz.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [view joy the send] C:\Documents and Settings\All Users\Application Data\Fordmemoviewjoy\Dent1.exe
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [Error Nuker] F:\program files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [FordFile] C:\DOCUME~1\DONOVA~1\APPLIC~1\OOZEAD~1\Link Memo Inter.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\PROGRA~1\AMERIC~1.0A\AOL.EXE" -b
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Event Reminder.lnk = F:\program files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download Picture to Organizer - file://F:\Program Files\PictureWorks\MediaCenter\pages\cfile.htm
O8 - Extra context menu item: Send as NetCard - file://F:\Program Files\PictureWorks\MediaCenter\pages\sendnetcard.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\program files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Canasta by pogo - http://canasta.pogo....a-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol128.pogo.c...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...544/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Unknown owner - C:\Program Files\Norton Internet Security\NISUM.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • 0

Advertisements


#2
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Lets do this mang!!!

Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.

Notes
Before you do anything else, please create a folder for HijackThis and put it in a permanent folder (like C:\HJT) instead of the Temp folder. This is required because HijackThis will create backups and we don't want them to be deleted.

Downloads
Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, EXIT


Boot Into Safe Mode
Restart your computer and boot into Safe Mode by hitting the F8 key repeatedly until a menu shows up (and choose Safe Mode from the list). In some systems, this may be the F5 key, so try that if F8 doesn't work.


Ewido
Run Ewido Security Suite . Set the program up as follows:
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
  • Binder
  • Crypter
  • Archives
  • Click on Start Scan
  • Let the program scan the machine
    While the scan is in progress you will be prompted to clean the first file. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the window (this way you don't have to sit and watch ewido) click OK
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report
  • Save the report to your desktop.
View Hidden Files and Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is enabled. Also make sure that the System Files and Folders are showing / visible. Uncheck the Hide protected operating system files option.


Potential Uninstallations
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs:

WildTangent - This is an online gaming package that is installed by a number of third party applications and even OEMs, ISPs and AIM. The games aspect of this is really rather cool. The being installed without you asking for it isn't cool at all. They collect information about you and your usage. We recommend uninstalling it.

Spyware & Adware Removal

Kazaa - this is a must!!!! UNinstall!!!!

WeatherBug - it's adware. If you didn't install this yourself, uninstall it. If you did install it yourself, you may keep it and ignore any fixes/deletions listed below. For a safer alternative please see Here
[/b]


Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.zulfcihpx...v8Un97Dko9.html
O2 - BHO: (no name) - {E31FAE7C-C06E-C80D-6695-31071E447CC6} - C:\DOCUME~1\DONOVA~1\APPLIC~1\DENTMU~1\SaveDvd.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [vunj] C:\WINDOWS\opwn.exe
O4 - HKLM\..\Run: [uuxpc] C:\WINDOWS\mwenog.exe
O4 - HKLM\..\Run: [tynigqtr] C:\WINDOWS\kgjtkfbj.exe
O4 - HKLM\..\Run: [tpimkik] C:\WINDOWS\upaxtufgd.exe
O4 - HKLM\..\Run: [qwvpcfsxxgdg] C:\WINDOWS\System32\niqimxp.exe
O4 - HKLM\..\Run: [pqjj] C:\WINDOWS\repd.exe
O4 - HKLM\..\Run: [mvpzfz] C:\WINDOWS\iwegcmxsz.exe
O4 - HKLM\..\Run: [mvblhebr] C:\WINDOWS\kcej.exe
O4 - HKLM\..\Run: [lgfbtiey] C:\WINDOWS\ffmqbjgs.exe
O4 - HKLM\..\Run: [lchrds] C:\WINDOWS\jkuxty.exe
O4 - HKLM\..\Run: [jloebuhcj] C:\WINDOWS\ngibv.exe
O4 - HKLM\..\Run: [ithr] C:\WINDOWS\nnwilq.exe
O4 - HKLM\..\Run: [hole fast bows start] C:\Documents and Settings\All Users\Application Data\heartonceholefast\loudsettings.exe
O4 - HKLM\..\Run: [gdyledcz] C:\WINDOWS\gdyledcz.exe
O4 - HKLM\..\Run: [view joy the send] C:\Documents and Settings\All Users\Application Data\Fordmemoviewjoy\Dent1.exe
O4 - HKLM\..\Run: [KAZAA] C:\PROGRAM FILES\KAZAA\KAZAA.EXE /SYSTRAY
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [Spyware & Adware Removal] "C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint
O4 - HKCU\..\Run: [FordFile] C:\DOCUME~1\DONOVA~1\APPLIC~1\OOZEAD~1\Link Memo Inter.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)

Please remember to close all other windows, including browsers then click Fix checked.


File/Folder Deletions
Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist.

For all files looking like XXXXXX~1.xxx (x being a letter) look for the first folder or file which have XXXXXX as their first 6 letters
Example: C:\DOCUME~1\ ==> C:\Documents and Settings\


C:\DOCUME~1\DONOVA~1\APPLIC~1\DENTMU~1\
C:\Program Files\WildTangent\
C:\WINDOWS\opwn.exe
C:\WINDOWS\mwenog.exe
C:\WINDOWS\kgjtkfbj.exe
C:\WINDOWS\upaxtufgd.exe
C:\WINDOWS\System32\niqimxp.exe
C:\WINDOWS\repd.exe
C:\WINDOWS\iwegcmxsz.exe
C:\WINDOWS\kcej.exe
C:\WINDOWS\ffmqbjgs.exe
C:\WINDOWS\jkuxty.exe
C:\WINDOWS\ngibv.exe
C:\WINDOWS\nnwilq.exe
C:\Documents and Settings\All Users\Application Data\heartonceholefast\
C:\WINDOWS\gdyledcz.exe
C:\Documents and Settings\All Users\Application Data\Fordmemoviewjoy\
C:\PROGRAM FILES\KAZAA\
C:\Program Files\Spyware & Adware Removal\
C:\DOCUME~1\DONOVA~1\APPLIC~1\OOZEAD~1\
C:\Program Files\AWS\WeatherBug\

Reboot your system in Normal Mode.


Further Scanning
Please run a Scan at the Following site
Panda ActiveScan

Make sure that you choose the "fix" or "clean" option when available
at the end of this scan you will be given then option to save a log from the scan -SAVE THAT LOG- and post it here

Please post a fresh HijackThis log & the Log from Panda, as well as the log from Ewido so that we can check if your system is clean.

Edited by skate_punk_21, 13 August 2005 - 07:47 PM.

  • 0

#3
Esther47

Esther47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:58:07 PM, 8/14/2005
+ Report-Checksum: 3CF5C762

+ Scan result:

C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0019534.dll -> Spyware.WildTangent : Cleaned with backup


::Report End

Edited by skate_punk_21, 14 August 2005 - 05:49 PM.

  • 0

#4
Esther47

Esther47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
:tazz:
  • 0

#5
Esther47

Esther47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Incident Status Location

Adware:adware/blazefind No disinfected C:\WINDOWS\key2.txt
Possible Virus. No disinfected C:\Program Files\Shockwave.com\Magic Ball\MagicBall.exe
Adware:adware/transponder No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\dummy.htm
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\matdqijv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\pauepzwt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\ydogdxov.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\eoudghku.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\lrjtvagi.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\sta5E.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\bldamqsy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\tdpahktz.exe
Possible Virus. No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\HDeskSetup_n.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\1f6bff25.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\1e4c4b4e.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\hxtpidjh.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\da9320c0.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\sta7.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\1e5d4cbb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\staEF.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\da9377f2.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\sta2B.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\1e7730f8.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\wqjhcvdz.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\dtpxfbux.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\lmagwast.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\usshguzd.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\dxadhjwg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\myibfwtb.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\ezvxcnro.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\aebfsisn.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\xtqsxcor.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\nxdvebrt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\bdpdaowq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\lefqbiaa.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\meugtpqt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\ihfgxknz.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\1f260794.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\Inside Program.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\objrbtjz.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\wzjkjqiq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\rgyiitmq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\1e5cf43a.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\wdwmqxab.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\shgjryri.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\ajhdlfxv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\szkuwvqc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\okshksju.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\vkmltobu.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\hhabhnam.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\myxuancp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\nndknopc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\znaazdap.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\zgnnmmoc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\lcmscsfw.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\eeeectou.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\jemcdyom.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\locbnsuj.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\frstqmmg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\oprumwuq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\znbuyxsg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\ldtpjjed.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\ktllnnoh.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\lsrpjljp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\zkshenjv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\yftniife.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\njjjzbwl.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\raykktbc.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\bouvtyeo.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\tzdlymam.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\orkeyxfp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\1c664255.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\ucyqabxy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\fgseephe.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temp\qnbbfbxz.exe
Adware:Adware/MediaTickets No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temporary Internet Files\Content.IE5\6R4J34P4\symantec[1].css
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Local Settings\Temporary Internet Files\Content.IE5\PV7LRTZ4\upAYB[1].int
Possible Virus. No disinfected C:\Documents and Settings\DONOVAN WAITHE\My Documents\Mah Jong key\MahJong_kg.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Desktop\backups\backup-20050814-134026-330.dll
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\dohdldqy.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\Creative Logo Less.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\datafaceteamthunk.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\noeqyokt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\kanyuesz.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\zptjpfns.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\gmmjtllq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\zkaavavt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\tjavywed.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\jbtxvjpt.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\hiuijrji.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\vcqqlmqw.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\hgesxcpp.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\fvioeent.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\fkwnzxhx.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\erzoqgbq.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\Link Memo Inter.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\hkkrmhqv.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\xwllcrez.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\lwoxsoln.exe
Adware:Adware/Lop No disinfected C:\Documents and Settings\DONOVAN WAITHE\Application Data\OOZEADMINSOFT\faierzce.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001369.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001370.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001371.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001372.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001373.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001374.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001375.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001376.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001377.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001378.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001379.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001380.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001381.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001382.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001383.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP2\A0001384.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015507.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015508.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015509.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015510.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015511.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015512.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015513.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015514.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015515.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015516.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015517.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015518.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015519.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015520.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015521.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015522.exe
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0015523.exe
Possible Virus. No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0020610.dll
Possible Virus. No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0020611.dll
Adware:Adware/Lop No disinfected C:\System Volume Information\_restore{6064814B-4677-4867-AA90-2B3157BA715E}\RP11\A0021571.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\build web.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\Meetante.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\Eachuser.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\amen five.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\licensemove.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\Userintra.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\junk meet.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\StopPure.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\amen road.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\Settings bows.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\Inside mode.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\magstime.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\NameBat.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\Dent1.exe
Adware:Adware/Lop No disinfected C:\Recycled\Dc100\Proc32.exe
Logfile of HijackThis v1.99.1
Scan saved at 5:00:56 PM, on 8/14/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
c:\program files\mcafee.com\agent\mcagent.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe
C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\Program Files\Ahead\InCD\InCD.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\COMMON~1\AOL\110105~1\EE\AOLHOS~1.EXE
C:\WINDOWS\system32\rundll32.exe
C:\PROGRA~1\COMMON~1\AOL\110105~1\EE\AOLServiceHost.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe
C:\Program Files\America Online 9.0a\waol.exe
C:\Program Files\America Online 9.0a\shellmon.exe
C:\Documents and Settings\DONOVAN WAITHE\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [STOPzilla] C:\Program Files\STOPzilla!\Stopzilla.exe /autostart
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [PopUpCopCloser] C:\PROGRA~1\POPUPCOP\PCCloser.exe
O4 - HKLM\..\Run: [Pop-Up Stopper] "C:\PROGRA~1\PANICW~1\POP-UP~1\dpps2.exe"
O4 - HKLM\..\Run: [OmgStartup] C:\Program Files\Common Files\Sony Shared\OpenMG\OmgStartup.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [iamapp] C:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101051735\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CountrySelection] pctptt.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Error Nuker] F:\program files\Error Nuker\bin\ErrorNuker.exe autostart
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [AOLCC] "C:\Program Files\AOL Computer Check-Up\ACCAgnt.exe" /startup
O4 - HKCU\..\Run: [AOL Fast Start] "C:\Program Files\America Online 9.0a\AOL.EXE" -b
O4 - Global Startup: Photo Loader supervisory.lnk = C:\Program Files\CASIO\Photo Loader\Plauto.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Event Reminder.lnk = F:\program files\Broderbund\PrintMaster\PMremind.exe
O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\SYSTEM32\spool\drivers\w32x86\3\E_SRCV02.EXE
O4 - Global Startup: EPSON SMART PANEL for Scanner.lnk = C:\Program Files\EPSON\EPSON SMART PANEL for Scanner\espmain.exe
O4 - Global Startup: E-Color.lnk = C:\Program Files\E-Color\Common\IconMgr.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = ?
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: Download Picture to Organizer - file://F:\Program Files\PictureWorks\MediaCenter\pages\cfile.htm
O8 - Extra context menu item: Send as NetCard - file://F:\Program Files\PictureWorks\MediaCenter\pages\sendnetcard.htm
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\program files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\SYSTEM32\SHDOCVW.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.aol.com
O16 - DPF: Canasta by pogo - http://canasta.pogo....a-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - http://game4.pogo.co...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - http://flinger.pogo....r-ob-assets.cab
O16 - DPF: Squelchies by pogo - http://squelchies.po...s-ob-assets.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - http://aolcc.aol.com...kup/qdiagcc.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {B160422D-0A48-11D4-BD9B-00A0C9B0AB7B} (Download Class) - http://expressit.bro...in/Download.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...ta/SymAData.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://aol128.pogo.c...aploader_v5.cab
O16 - DPF: {E77C0D62-882A-456F-AD8F-7C6C9569B8C7} (ActiveDataObj Class) - https://www-secure.s.../ActiveData.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...544/mcfscan.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service
  • 0

#6
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
The Temp folders should be cleaned out periodically as installation programs and hijack programs leave a lot of junk there. Download CleanUp! and install it.

Run CleanUp! Set the program up as follows:
  • Click "Options..."
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files (Please uncheck this option)
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program. Do Not!! Reboot/logoff when prompted.

Please download Trend Micro™ Anti-Spyware for the Web Utility (by clicking the "Scan and Clean your PC" button).
  • Save it to your desktop.
  • Double-click the new icon on your desktop (tmas-web-scan.exe)
  • It will say "Loading TrendMicro definitions".
  • Once the definitions are loaded, the program will appear to close then re-open.
  • Click Start Scan
  • After it's done scanning, click Scan Results
  • Make sure all items found have a check next to them, then click Clean Threats Now.
  • Click Exit.
NOW Reboot your computer. In place of the TrendMicro icon will be a text file called Antispyware.log, please double-click that log and copy the entire contents and paste them here.

Edited by skate_punk_21, 14 August 2005 - 06:24 PM.

  • 0

#7
Esther47

Esther47

    Member

  • Topic Starter
  • Member
  • PipPip
  • 11 posts
Started Scanning
Internet Cookies
Programs in Memory
Windows Registry
Found '' in 'Software\AppConf'
Found 'confset' in 'Software\AppConf'
Found '' in 'SOFTWARE\FocusInteractive'
Found '' in 'Software\MyWebSearch'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning
  • 0

#8
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Start HijackThis Fix
Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any)

O4 - HKLM\..\Run: [PTSNOOP] ptsnoop.exe

Please remember to close all other windows, including browsers then click Fix checked.

Tell me if that helps, then we will attack your BlueScreen Problem
  • 0

#9
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Congratulations Your Log is Clean!!:grin:


System Restore

Turn off System Restore by Clicking Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK.

Reboot your System.

Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK.


Preventative Measures

This is a good time to set up protection against further attacks. Read How Did I Get Infected In The First Place?.

Also Consider...
  • SpywareBlaster to help prevent spyware from installing in the first place.
  • SpywareGuard to catch and block spyware before it can execute.
  • IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
You should also have a good firewall. Here are 3 free ones available for personal use:
How is she running now? Any further problems? If not, Good work, and Happy Computing!

Please reply once more so we know you have read these measures
  • 0

#10
skate_punk_21

skate_punk_21

    Malware Removal Expert

  • Retired Staff
  • 1,049 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP