Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

About Blank [CLOSED]


  • This topic is locked This topic is locked

#16
cbussey

cbussey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
I ran spy subtract and it came up with some threats this is the log that came out I don't know if this is anything that you have seen or not...but i thought it might help. Ill get right on the other scans.

--------------------------------- SpySubtract session started ---------------------------------
Machine=YOUR-KYBTG65GXE
Time=Fri Aug 19 18:53:48 2005
Product Version=3, 0, 0, 29
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
--------------------------------- SpySubtract session ended ---------------------------------

--------------------------------- SpySubtract session started ---------------------------------
Machine=YOUR-KYBTG65GXE
Time=Fri Aug 19 19:14:11 2005
Product Version=3, 0, 0, 29
OS Version=Microsoft Windows XP Home Edition Service Pack 2 (Build 2600)

Started Scanning
Programs in Memory
Finished Scanning
Started Scanning
Internet Cookies
Internet Cookies: Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'about.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'adknowledge.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'bravenet.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'burstnet.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'casalemedia.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'dist.belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'insightexpressai.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'realmedia.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Internet Cookies: Found 'serving-sys.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'www.burstbeacon.com' in 'Internet Explorer Cache'
Internet Cookies: Found 'zedo.com' in 'Internet Explorer Cache'
CoolWebSearch Variants (CWShredder)
Programs in Memory
Windows Registry
Windows Registry: Found '' in 'SOFTWARE\Classes\CLSID\{FE151F00-353B-C722-83B9-392A8A0FE913}'
Windows Registry: Found '' in 'CLSID\{FE151F00-353B-C722-83B9-392A8A0FE913}'
Windows Registry: Found '' in 'Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}'
Windows Registry: Found '' in 'Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}'
Windows Registry: Found '' in 'SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}'
Internet URL Shortcuts
Internet URL Shortcuts: Found 'Ab scissor.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Broadband comparison.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Credit counseling.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Credit report.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Crm software.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Debt credit card.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Escorts.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Fha.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Health insurance.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Help desk software.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Insurance home.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Loan for debt consolidation.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Loan for people with bad credit.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Marketing email.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Mortgage insurance.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Nevada corporations.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Online Betting Site.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Online gambling casino.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Online instant loan.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Order phentermine.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Payroll advance.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Personal loans online.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Personal loans with bad credit.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Prescription Drugs Rx Online.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Refinancing my mortgage.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Tahoe vacation rental.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Unsecured bad credit loans.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'Videos.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Found 'What is hydrocodone.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Files and Directories
Files and Directories: Found 'iun6002.exe' in 'C:\WINDOWS'
Files and Directories: Found 'msbb_gdf.dat' in 'C:\WINDOWS'
Files and Directories: Found 'sdkor.dll' in 'C:\WINDOWS'
Files and Directories: Found 'searchen.dat' in 'C:\WINDOWS'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Internet Cookies: Cleaned 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'about.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'ad.yieldmanager.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'adknowledge.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'bravenet.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'burstnet.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'casalemedia.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'dist.belnk.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'insightexpressai.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'realmedia.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'server.iad.liveperson.net' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'serving-sys.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'www.burstbeacon.com' in 'Internet Explorer Cache'
Internet Cookies: Cleaned 'zedo.com' in 'Internet Explorer Cache'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\CLSID\{FE151F00-353B-C722-83B9-392A8A0FE913}'
Windows Registry: Cleaned '' in 'CLSID\{FE151F00-353B-C722-83B9-392A8A0FE913}'
Windows Registry: Cleaned '' in 'Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}'
Windows Registry: Cleaned '' in 'Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{549F957D-2F89-11D6-8CFE-00C04F52B225}'
Windows Registry: Cleaned '' in 'SOFTWARE\Classes\Interface\{549F957F-2F89-11D6-8CFE-00C04F52B225}'
Internet URL Shortcuts: Cleaned 'Ab scissor.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Broadband comparison.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Credit counseling.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Credit report.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Crm software.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Debt credit card.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Escorts.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Fha.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Health insurance.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Help desk software.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Insurance home.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Loan for debt consolidation.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Loan for people with bad credit.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Marketing email.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Mortgage insurance.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Nevada corporations.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Online Betting Site.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Online gambling casino.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Online instant loan.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Order phentermine.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Payroll advance.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Personal loans online.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Personal loans with bad credit.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Prescription Drugs Rx Online.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Refinancing my mortgage.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Tahoe vacation rental.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Unsecured bad credit loans.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'Videos.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Internet URL Shortcuts: Cleaned 'What is hydrocodone.url' in 'C:\Documents and Settings\Cherie\Favorites\Sites about\'
Checking for 'C:\WINDOWS\iun6002.exe' in shortcut areas.
Checking for 'C:\WINDOWS\iun6002.exe' in startup areas.
Files and Directories: Cleaned 'iun6002.exe' in 'C:\WINDOWS'
Files and Directories: Cleaned 'msbb_gdf.dat' in 'C:\WINDOWS'
Files and Directories: Cleaned 'sdkor.dll' in 'C:\WINDOWS'
Files and Directories: Cleaned 'searchen.dat' in 'C:\WINDOWS'
Finished Cleaning
Started Cleaning
Internet Explorer/MSN/AOL Cache
Delete History Items on Startup: Cleaned 'Internet Explorer/MSN/AOL Cache' in ''
Windows Temp Files
Delete History Items on Startup: Cleaned 'Windows Temp Files' in ''
Cookies
Delete History Items on Startup: Cleaned 'Cookies' in ''
Finished Cleaning

Edited by cbussey, 19 August 2005 - 07:02 PM.

  • 0

Advertisements


#17
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
That's excellent actually. What SpySubtract found is cookies. You can change your privacy level to NOT allow session cookies from sites if you don't want them on your machine. Or you can run the SpySubtract OR CleanUp daily to remove them for you. As long as they are being removed..you're ok. If you come across any that refuse to go...that's where you have a problem. :tazz:
  • 0

#18
cbussey

cbussey

    Member

  • Topic Starter
  • Member
  • PipPip
  • 18 posts
Panda scan(my computer)
Incident Status Location

Adware:adware/cws.aboutblank No disinfected C:\WINDOWS\SYSTEM32\sysyr32.dll
Adware:adware/cws.008k No disinfected C:\WINDOWS\iedb.dll
Adware:adware/ncase No disinfected C:\WINDOWS\msbb32.dll
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\msbe.dll
Spyware:spyware/search3 No disinfected C:\PROGRAM FILES\SEARCH3 TOOLBAR
Adware:adware/coupons No disinfected Windows Registry
Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Adware:Adware/SearchAid No disinfected C:\Program Files\PestPatrol\Quarantine\20050328202026734.zip[ietb.dll]
My docs came back clean

local disks:

Incident Status Location

Virus:Eicar.Mod No disinfected C:\Program Files\PestPatrol\Help.chm[HowCanITestDetection.html]
Adware:Adware/SearchAid No disinfected C:\Program Files\PestPatrol\Quarantine\20050328202026734.zip[ietb.dll]
Adware:adware/cws.008k No disinfected C:\WINDOWS\iedb.dll
Adware:adware/ncase No disinfected C:\WINDOWS\msbb32.dll
Spyware:spyware/bargainbuddy No disinfected C:\WINDOWS\msbe.dll
Adware:adware/cws.aboutblank No disinfected C:\WINDOWS\system32\sysyr32.dll



Logfile of HijackThis v1.99.1
Scan saved at 12:25:43 PM, on 8/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Hardware\Mouse\point32.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
C:\PROGRA~1\PESTPA~1\PPControl.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HP\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\HP\Digital Imaging\bin\hposol08.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
C:\Program Files\SpyCatcher\Scheduler daemon.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\system32\drivers\KodakCCS.exe
C:\WINDOWS\System32\ScsiAccess.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\HP\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
C:\WINDOWS\system32\cidaemon.exe
c:\Program Files\InterMute\SpySubtract\SpySub.exe
C:\Program Files\Windows NT\Accessories\WORDPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
c:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.shareware.us/srchasst.html
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [POINTER] point32.exe
O4 - HKLM\..\Run: [NAV CfgWiz] C:\PROGRA~1\NORTON~1\Cfgwiz.exe /R
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [ChkAdmin] C:\PROGRA~1\Compaq\COMPAQ~1\CHKADMIN.EXE
O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\SpyCatcher\DeleteSatellite.exe"
O4 - HKLM\..\Run: [PPMemCheck] C:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [PestPatrol Control Center] C:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: Scheduler.lnk = C:\Program Files\SpyCatcher\Scheduler daemon.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: SpySubtract.lnk = C:\Program Files\InterMute\SpySubtract\SpySub.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar3.dll/cmsearch.html
O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.00.0001.1203\en-us\msntb.dll/search.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar3.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar3.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar3.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar3.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - c:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: Video Poker - http://download.game...ts/y/vpt0_x.cab
O16 - DPF: Yahoo! Blackjack - http://download.game...nts/y/jt0_x.cab
O16 - DPF: Yahoo! Checkers - http://download.game...nts/y/kt4_x.cab
O16 - DPF: Yahoo! Dots - http://download.game...ts/y/dtt1_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://yog55.games.s...og/y/ks12_x.cab
O16 - DPF: Yahoo! Poker - http://download.game...nts/y/pt3_x.cab
O16 - DPF: Yahoo! Spelldown - http://download.game...ts/y/sdt1_x.cab
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://support2.char...oad/tgctlcm.cab
O16 - DPF: {09C6CAC0-936E-40A0-BC26-707480103DC3} - http://www.uproar.co...pside_web18.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {32305793-C19A-48E7-AD2F-D87FF7B264A4} (TenebrilSpywareScanner Control) - http://www.tenebril....TestScanner.ocx
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/...pandaonline.cab
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp...ads/sysinfo.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1....loadManager.ocx
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.game...outLauncher.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://download.game...aploader_v6.cab
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.h.../qdiagh.cab?326
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\acsd.exe
O23 - Service: AutoComplete Service (Autocomplete) - Unknown owner - C:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Compaq Local Alerter (CPQALERT) - Compaq Computer Corporation - C:\Program Files\Compaq\Compaq Management Agents\cpqalert.exe
O23 - Service: cpqdmi - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\cpqdmi.exe
O23 - Service: Compaq DMI Web Agent (cpqWebDmi) - Compaq Computer Corporation - C:\PROGRA~1\Compaq\COMPAQ~1\CPQWEB~1\WebDmi.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Content Monitoring Tool (msCMTSrvc) - Unknown owner - C:\WINDOWS\system32\msCMTSrvc.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: ScsiAccess - Unknown owner - C:\WINDOWS\System32\ScsiAccess.EXE
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Win32Sl (WIN32SL) - Intel - C:\Program Files\Compaq\Compaq Management Agents\Dmi\Win32\bin\Win32sl.exe
  • 0

#19
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Those are some leftovers from the infection. Let's get them out of there! :tazz:

First of all, go to Start>Control Panel>Add and Remove programs, and check to see if there is an option to uninstall Search3 Toolbar If so, please uninstall it. Then close the Control Panel and do the following:
  • Open HiJackThis
  • Click on the "Config..." button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on "Delete File on Reboot"
  • Navigate to this file - C:\WINDOWS\SYSTEM32\sysyr32.dll
  • Double click on that file.
  • HJT asks you if you want to reboot, now. Click "no".
  • Do that for the following files also. When you get to the last one, click "yes" when HJT asks you to reboot.
C:\WINDOWS\iedb.dll
C:\WINDOWS\msbb32.dll
C:\WINDOWS\msbe.dll


Using Windows Explorer, navigate to the following folder and delete it:
C:\Program Files\SEARCH3 TOOLBAR

Clean out your Pest Patrol quarantine. Then if you wish, run another Panda Scan so we can make sure we got it all! :)


One other question, are you running a firewall? IF not, I suggest you get one immediately to help protect you against being re-infected. You can get ZoneAlarm free, as well as Kerio.
  • 0

#20
Kat

Kat

    Retired

  • Retired Staff
  • 19,711 posts
  • MVP
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP