Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Ugh...Now my daughter's computer has the bug!


  • Please log in to reply

#1
donchka

donchka

    Member

  • Member
  • PipPip
  • 14 posts
Hi guys! You helped me a few weeks ago with my computer. Now, something has found it's way onto my daughter's computer. I would appreciate your assistance once again.

I've run all that is listed. Here is my log:

Logfile of HijackThis v1.99.1
Scan saved at 5:31:03 PM, on 9/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\Wintab32.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\aim\aim.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.broadwayworld.com/index.cfm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.neopets.com/
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.../7_1/home.html"); (C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Profiles\default\rr4q9sph.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%206%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Profiles\default\rr4q9sph.slt\prefs.js)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Netscape - {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} - C:\WINDOWS\DOWNLO~1\netscape.dll
O3 - Toolbar: Zango Toolbar - {EA0D26BD-9029-431A-86E0-83152D67828A} - C:\Program Files\Zango Programs\Zango Toolbar\ZangoTB.dll
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AdaptecDirectCD] C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
O4 - HKLM\..\Run: [Zango SiteFinder] "C:\Program Files\Zango SiteFinder\ZangoSiteFinder.exe"
O4 - HKLM\..\Run: [Media Gateway] C:\Program Files\Media Gateway\MediaGateway.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AOL Instant Messenger (SM) - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: LiveWorld EZTalk 3.0 - http://bizchat.livew...ezmed/ezmed.cab
O16 - DPF: {4E7BD74F-2B8D-469E-D7EE-FE6FA781BF33} (Netscape) - http://downloads.net...ar/netscape.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1093216829421
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {8FCDF9D9-A28B-480F-8C3D-581F119A8AB8} - http://static.zangoc.../bridge-c18.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
O23 - Service: Wintab32 - Unknown owner - C:\WINDOWS\System32\Wintab32.exe


And here is the ewido report I did before HT:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:27:47 PM, 9/28/2005
+ Report-Checksum: FDB3A94D

+ Scan result:

HKLM\SOFTWARE\Classes\Toolbar.BarControl\Clsid\\ -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/mfc42.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/msvcrt.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/olepro32.dll\\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKU\S-1-5-21-2614902147-1270689400-2038945071-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{36A59337-6EEF-40AE-94B1-ED443A0C4740} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-2614902147-1270689400-2038945071-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E0CE16CB-741C-4B24-8D04-A817856E07F4} -> Spyware.Roimoi : Cleaned with backup
:mozilla.6:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
:mozilla.67:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.68:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.69:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Qksrv : Cleaned with backup
:mozilla.70:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.76:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Realmedia : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.90:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.101:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.112:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.149:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.150:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.151:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.152:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.153:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Valued Customer\Application Data\Mozilla\Firefox\Profiles\default.zki\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Valued Customer\Application Data\rpen.exe -> Spyware.PurityScan : Cleaned with backup
C:\Documents and Settings\Valued Customer\Cookies\valued customer@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Valued Customer\Cookies\valued customer@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Program Files\Zango SiteFinder\fuidupnd.DLL -> Spyware.ClearSearch : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Cleaned with backup
C:\WINDOWS\system32\nеtdde.exe -> Spyware.PurityScan : Cleaned with backup


::Report End

So, what now chief? :-)
  • 0

Advertisements


#2
donchka

donchka

    Member

  • Topic Starter
  • Member
  • PipPip
  • 14 posts
Waiting patiently...
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP