If this is no good, i'm calling a friend.
My hijack log [RESOLVED]
Started by
jerryrm
, Aug 18 2005 10:06 AM
#16
Posted 06 September 2005 - 02:11 PM
If this is no good, i'm calling a friend.
#17
Posted 08 September 2005 - 12:03 PM
Thank you, I will get the other logs up shortly... again thank you for all of your help!
#18
Posted 08 September 2005 - 12:32 PM
My Ewido log:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:27:25 PM, 9/8/2005
+ Report-Checksum: AD074335
+ Scan result:
HKLM\SOFTWARE\3721 -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist\Modules -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive\scrblock -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\CnsMinEx -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMinCg -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\List -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Reset -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Tips -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsUrl -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\InputCns -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
::Report End
Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 2:29:29 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125671019375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125675082375
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 2:27:25 PM, 9/8/2005
+ Report-Checksum: AD074335
+ Scan result:
HKLM\SOFTWARE\3721 -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist\Modules -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive\scrblock -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\CnsMinEx -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMinCg -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CLSID -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live\CurVer -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{7CA83CF1-3AEA-42D0-A4E3-1594FC6E48B2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{ABEC6103-F6AC-43A3-834F-FB03FBA339A2} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B83FC273-3522-4CC6-92EC-75CC86678DA4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CLSID\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CLSID -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\CnsHelper.CH\CurVer -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\AutoUpdate -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Enable -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Hint -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\List -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Menu -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Reset -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\ResetCatch -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\!CNS\Tips -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Error during cleaning
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsUrl -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\InputCns -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
::Report End
Hijack log:
Logfile of HijackThis v1.99.1
Scan saved at 2:29:29 PM, on 9/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Microsoft Office\Office10\WINWORD.EXE
C:\Program Files\ewido\security suite\SecuritySuite.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\downlo~1\cnshook.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\downlo~1\CnsMin.dll,Rundll32
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKLM\..\Run: [helper.dll] C:\WINDOWS\system32\rundll32.exe C:\PROGRA~1\3721\helper.dll,Rundll32
O4 - HKLM\..\RunOnce: [CnsMinEx.dll] regsvr32.exe /s
O4 - HKLM\..\RunOnce: [CnsHook.dll] regsvr32 /s C:\WINDOWS\downlo~1\CnsHook.dll
O4 - HKLM\..\RunOnce: [cnshint.dll] regsvr32 /s C:\WINDOWS\downlo~1\cnshint.dll
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Quick Search (Yisou.com) - res://C:\WINDOWS\downlo~1\CnsMinEx.dll/1003
O9 - Extra button: Short Message - {00000000-0000-0001-0001-596BAEDD1289} - http://sms.3721.com/ie/index.htm (file missing)
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.mail.yahoo.com/promo/rd1 (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://hot.3721.com/rd/shop_btn.htm (file missing)
O9 - Extra button: 3721 Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://assistant.372...ndex.htm?fb=Cns (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.rd.yahoo.c...nger.yahoo.com/ (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://assistant.372...ity1.htm?fb=Cns (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://assistant.372...ean1.htm?fb=Cns (file missing)
O11 - Options group: [!CNS] Chinese keywords
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125671019375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125675082375
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
#19
Posted 08 September 2005 - 12:33 PM
pandascan still isn't working
thanks again for all of your help
thanks again for all of your help
#20
Posted 08 September 2005 - 03:01 PM
I dont know how we didnt try this, but after installing the software myself, it has become apparent to me we can uninstall this program from add/remove.
so open your control panel, go to add/remove, and kill that bugger!!!!!!!
reboot, Run ewido once more..
and post a new log. lets see how this goes!
so open your control panel, go to add/remove, and kill that bugger!!!!!!!
reboot, Run ewido once more..
and post a new log. lets see how this goes!
Edited by skate_punk_21, 08 September 2005 - 03:03 PM.
#21
Posted 08 September 2005 - 10:13 PM
i know its been a long journey but i just installed this guy on my machine and tracked its installation. we'll get something fixed up here..
#22
Posted 09 September 2005 - 05:55 AM
My ewido log... I think it worked!
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:53:08 AM, 9/9/2005
+ Report-Checksum: 67077D5D
+ Scan result:
HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
::Report End
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 7:53:08 AM, 9/9/2005
+ Report-Checksum: 67077D5D
+ Scan result:
HKLM\SOFTWARE\Classes\Interface\{BE08F6BC-C3E6-4149-BEB1-CB449E1B372E} -> Spyware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{4158DB95-DE71-41FF-BEA1-2C3D1C679DF1} -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721 -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\3721\CnsMin\Variant -> Spyware.CnsMin : Cleaned with backup
HKU\S-1-5-21-1547161642-1383384898-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D157330A-9EF3-49F8-9A67-4141AC41ADD4} -> Spyware.CnsMin : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
::Report End
#23
Posted 09 September 2005 - 05:56 AM
They should totally give you a raise!
#24
Posted 09 September 2005 - 08:08 AM
LOL I know eh?!?!?!?!?!
post a new log and we'll see if its really gone.
Calvin
post a new log and we'll see if its really gone.
Calvin
#25
Posted 10 September 2005 - 06:39 AM
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:37:23 AM, 9/10/2005
+ Report-Checksum: C8484E05
+ Scan result:
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Local Settings\Temporary Internet Files\Content.IE5\4ZUNQTUD\cnsminex2[1].htm -> Trojan.Smitfraud : Cleaned with backup
::Report End
---------------------------------------------------------
+ Created on: 8:37:23 AM, 9/10/2005
+ Report-Checksum: C8484E05
+ Scan result:
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron johnson@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Cookies\aaron [email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Aaron Johnson\Local Settings\Temporary Internet Files\Content.IE5\4ZUNQTUD\cnsminex2[1].htm -> Trojan.Smitfraud : Cleaned with backup
::Report End
#26
Posted 10 September 2005 - 08:41 AM
LOL - HijackThis Log please haha
#27
Posted 10 September 2005 - 09:13 AM
LOL... sorry
Logfile of HijackThis v1.99.1
Scan saved at 11:11:41 AM, on 9/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125671019375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125675082375
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:11:41 AM, on 9/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe
C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
C:\WINDOWS\MXOALDR.EXE
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Aaron Johnson\Desktop\Tifany\HijackThis.exe
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\tbmon.exe"
O4 - HKLM\..\Run: [MaxtorOneTouch] C:\PROGRA~1\Maxtor\OneTouch\Utils\OneTouch.exe
O4 - HKLM\..\Run: [MXO Auto Loader] C:\WINDOWS\MXOALDR.EXE
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SpamBlocker] C:\Program Files\SpamBlockerUtility\Bin\4.6.1.0\SbOEAddOn.exe
O4 - HKLM\..\Run: [Spam Blocker for Outlook Express] C:\PROGRA~1\SPAMBL~1\Bin\461~1.0\SBInst.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1125671019375
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1125675082375
O16 - DPF: {8C875948-9C60-4381-9248-0DF180542D53} (SbInstObj) - http://installs.spam...ckerutility.cab
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
#28
Posted 10 September 2005 - 10:03 AM
I definetly have to Remember that!!!! (when all else fails, is it uninstallable? LOL)
Congratulations Your Log is Clean!!
If you are still having trouble, please dont continue with these instructions just yet. LET ME KNOW!
Otherwise, we have a few clean up items to deal with.
1. System Restore
Now that we know your system is clean, we want to purge any potentially infected restore points. To do that, complete the following:
Turn off System Restore by Clicking Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK.
To re-enable this function - simply uncheck this same box, and click "apply" and "ok"
2. Reset Hidden Files & Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is UNchecked. Also make sure that the System Files and Folders are invisible. CHECK the Hide protected operating system files option.
Also Consider...
How is she running now? Any further problems? If not, Good work, and Happy Computing!
Please reply once more so we know you have read these measures.
Congratulations Your Log is Clean!!
If you are still having trouble, please dont continue with these instructions just yet. LET ME KNOW!
Otherwise, we have a few clean up items to deal with.
1. System Restore
Now that we know your system is clean, we want to purge any potentially infected restore points. To do that, complete the following:
Turn off System Restore by Clicking Start > right-click My Computer and then click Properties. Click the System Restore tab > Check "Turn off System Restore" or "Turn off System Restore on all drives". Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this. Click OK.
To re-enable this function - simply uncheck this same box, and click "apply" and "ok"
2. Reset Hidden Files & Folders
Go to My Computer >Tools >Folder Options >View tab and make sure that Show hidden files and folders is UNchecked. Also make sure that the System Files and Folders are invisible. CHECK the Hide protected operating system files option.
Also Consider...
- SpywareBlaster to help prevent spyware from installing in the first place.
- SpywareGuard to catch and block spyware before it can execute.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
How is she running now? Any further problems? If not, Good work, and Happy Computing!
Please reply once more so we know you have read these measures.
#29
Posted 10 September 2005 - 10:45 AM
Thank you again so much!! My computer is running beautifully!!
#30
Posted 10 September 2005 - 11:03 AM
NNOOOOOO wait!!
My computer isn't working at all now!
I had to use a different computer to get on the net
My computer isn't working at all now!
I had to use a different computer to get on the net
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users