Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

PS Gaurd help


  • Please log in to reply

#1
dcantwell

dcantwell

    New Member

  • Member
  • Pip
  • 1 posts
Logfile of HijackThis v1.99.1
Scan saved at 9:27:20 AM, on 9/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\System32\mdm.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 65.215.199.18:1080
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_03\bin\npjpi150_03.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\PROGRA~1\AWS\WEATHE~1\Weather.exe (HKCU)
O16 - DPF: {01111F00-3E00-11D2-8470-0060089874ED} - http://supportsoft.a...ad/tgctlins.cab
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} (Musicnotes Viewer) - http://www.musicnote...ad/mnviewer.cab
O16 - DPF: {1CC506A7-1B8D-11D4-BDD5-0060977007E0} (CrazyTalk Player) - http://www.reallusio...f/CrazyTalk.cab
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.co...date/EARTPX.cab
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard..../wowbeta/si.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.ofoto.com..._1/axofupld.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.co...ty4PatcherX.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe




Incident Status Location

Adware:adware/securityerror No disinfected C:\WINDOWS\SYSTEM32\ot.ico
Adware:adware/sahagent No disinfected Windows Registry
Hacktool:DDos/Boxed.E No disinfected C:\Documents and Settings\All Users\Documents\INSTALL.EXE
Hacktool:DDos/Boxed.E No disinfected C:\Documents and Settings\Dave\My Documents\My Music\INSTALL.EXE
Hacktool:DDos/Boxed.E No disinfected C:\Documents and Settings\Dave\My Documents\My Pictures\INSTALL.EXE
Adware:Adware/PsGuard No disinfected C:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Desktop.htt
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP806\A0044041.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP807\A0044114.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP807\A0044130.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044141.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044148.tlb
Adware:Adware/PsGuard No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044200.tlb
Possible Virus. No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044203.exe
Spyware:Spyware/New.net No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044217.exe
Adware:Adware/StartPage.DD No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044218.exe
Adware:Adware/EliteBar No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044219.exe
Adware:Adware/IST.YourSiteBar No disinfected C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044220.exe
Virus:W32/Smitfraud.E Disinfected C:\WINDOWS\$NtUninstallKB896727-IE6SP1-20050719.165959$\wininet.dll
Virus:Trj/Downloader.EZE Disinfected C:\WINDOWS\SYSTEM32\1024\ld72CB.tmp
Virus:Trj/Downloader.EZE Disinfected C:\WINDOWS\SYSTEM32\1024\ldAA07.tmp
Adware:Adware/PsGuard No disinfected C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Application Data\Microsoft\Internet Explorer\Desktop.htt

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:24:36 AM, 9/30/2005
+ Report-Checksum: C09265AE

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\.Owner -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/HDPlugin1015.dll\\{DBAE7000-01EC-4162-8FEB-8A27AC937CA0} -> Spyware.Gator : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\.Owner -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MiniBugTransporter.dll\\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
C:\Documents and Settings\All Users\Documents\msinstl.exe -> Trojan.Zapchast : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Dave\Cookies\dave@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\My Music\msinstl.exe -> Trojan.Zapchast : Cleaned with backup
C:\Documents and Settings\Dave\My Documents\My Pictures\msinstl.exe -> Trojan.Zapchast : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044153.exe -> TrojanDownloader.Zlob.ap : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP808\A0044154.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP811\A0044202.exe -> TrojanDownloader.Zlob.aq : Cleaned with backup
C:\WINDOWS\NDNuninstall4_85.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteehz32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\eliteirh32.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\oleext.dll_tobedeleted -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\SYSTEM32\ysbinstall_1000489_3.exe -> TrojanDownloader.IstBar.ja : Cleaned with backup


::Report End


I followed the steps in another topic..... everything seems fine so far... although i didin't really start using my computer yet.....

IF anyone notices anything i need to get rid of, it would be a big help!
Thanks!
  • 0

Advertisements







Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP