Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

PS Gaurd help

Started by dcantwell , Sep 30 2005 07:33 AM

  • Please log in to reply

#1
dcantwell
Posted 30 September 2005 - 07:33 AM

dcantwell

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:27:20 AM, on 9/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\mdm.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.215.199.18:1080
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://www.reallusio...f/CrazyTalk.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard..../wowbeta/si.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe




Incident Status Location

Adware:adware/securityerror No disinfected C:\WINDOWS\SYSTEM32\ot.ico
Adware:adware/sahagent No disinfected Windows Registry
Hacktool:DDos/Boxed.E No disinfected C:\Documents and Settings\All Users\Documents\INSTALL.EXE
Hacktool:DDos/Boxed.E No disinfected C:\Documents and Settings\Dave\My Documents\My Music\INSTALL.EXE
Hacktool:DDos/Boxed.E No disinfected C:\Documents and Settings\Dave\My Documents\My Pictures\INSTALL.EXE
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP806\A0044041.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP807\A0044114.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP807\A0044130.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044141.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044148.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044200.tlb
Possible Virus. No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044203.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044217.exe
Adware:Adware/StartPage.DD No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044218.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044219.exe
Adware:Adware/IST.YourSiteBar No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044220.exe
Virus:W32/Smitfraud.E Disinfected C:\WINDOWS\$NtUninstallKB896727-IE6SP1-20050719.165959$\wininet.dll
Virus:Trj/Downloader.EZE Disinfected C:\WINDOWS\SYSTEM32\1024\ld72CB.tmp
Virus:Trj/Downloader.EZE Disinfected C:\WINDOWS\SYSTEM32\1024\ldAA07.tmp
Adware:Adware/PsGuard No disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:24:36 AM, 9/30/2005
+ Report-Checksum: C09265AE

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\.Owner -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
C:\Documents and Settings\All Users\Documents\msinstl.exe -> Trojan.Zapchast : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\[email protected][2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\My Music\msinstl.exe -> Trojan.Zapchast : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\My Pictures\msinstl.exe -> Trojan.Zapchast : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044153.exe -> TrojanDownloader.Zlob.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044154.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044202.exe -> TrojanDownloader.Zlob.aq : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteehz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteirh32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\oleext.dll_tobedeleted -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\SYSTEM32\ysbinstall_1000489_3.exe -> TrojanDownloader.IstBar.ja : Cleaned with backup


::Report End


I followed the steps in another topic..... everything seems fine so far... although i didin't really start using my computer yet.....

IF anyone notices anything i need to get rid of, it would be a big help!
Thanks!
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP