I've followed another topic to rid myself of the spysheriff malware yesterday. However, there seems to be a few things leftover. I was hoping you could help me out. Here's the hijack this log, followed by a ewido report:
By the way, could you also tell me if it's alright to run ewido and McAfee virus shield simultaneously? (I understand it can be bad to run multiple anti-virus apps at the same time).
Thanks for any / all your help!!!!
Logfile of HijackThis v1.99.1
Scan saved at 7:49:20 AM, on 05/10/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
D:\WINDOWS\Mixer.exe
D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
D:\WINDOWS\System32\RUNDLL32.EXE
D:\WINDOWS\System32\cmd32.exe
D:\WINDOWS\System32\ctfmon.exe
D:\WINDOWS\System32\w?nlogon.exe
D:\Program Files\raup\eltu.exe
D:\WINDOWS\System32\z16.exe
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\ewido\security suite\ewidoguard.exe
D:\WINDOWS\System32\nvsvc32.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Internet Explorer\iexplore.exe
D:\WINDOWS\system32\NOTEPAD.EXE
C:\unzipped\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O2 - BHO: (no name) - {8758AC2C-4CB1-6414-C80E-48A6FCFC62CC} - D:\WINDOWS\System32\nuudqwmh.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - D:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NeroCheck] D:\WINDOWS\System32\NeroCheck.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] D:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] D:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] D:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [iRiver Updater] \Updater.exe
O4 - HKLM\..\Run: [ControlPanel] D:\WINDOWS\System32\cmd32.exe internat.dll,LoadKeyboardProfile
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Oate] "D:\Program Files\oara\mlsn.exe" -vt mt
O4 - HKCU\..\Run: [Lqymrc] D:\WINDOWS\System32\w?nlogon.exe
O4 - HKCU\..\Run: [Sbci] "D:\Program Files\raup\eltu.exe" -vt mt
O4 - HKCU\..\Run: [aupd] D:\WINDOWS\System32\sysvcs.exe
O4 - Startup: PowerReg Scheduler V3.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = D:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.asdbiz.biz
O15 - Trusted Zone: *.blazefind.com
O15 - Trusted Zone: *.clickspring.net
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.mt-download.com
O15 - Trusted Zone: *.my-internet.info
O15 - Trusted Zone: *.searchbarcash.com
O15 - Trusted Zone: *.searchmiracle.com
O15 - Trusted Zone: *.skoobidoo.com
O15 - Trusted Zone: *.slotch.com
O15 - Trusted Zone: *.slotchbar.com
O15 - Trusted Zone: *.windupdates.com
O15 - Trusted Zone: *.xxxtoolbar.com
O15 - Trusted Zone: *.asdbiz.biz (HKLM)
O15 - Trusted Zone: *.blazefind.com (HKLM)
O15 - Trusted Zone: *.clickspring.net (HKLM)
O15 - Trusted Zone: *.flingstone.com (HKLM)
O15 - Trusted Zone: *.mt-download.com (HKLM)
O15 - Trusted Zone: *.my-internet.info (HKLM)
O15 - Trusted Zone: *.searchbarcash.com (HKLM)
O15 - Trusted Zone: *.searchmiracle.com (HKLM)
O15 - Trusted Zone: *.skoobidoo.com (HKLM)
O15 - Trusted Zone: *.slotch.com (HKLM)
O15 - Trusted Zone: *.slotchbar.com (HKLM)
O15 - Trusted Zone: *.windupdates.com (HKLM)
O15 - Trusted Zone: *.xxxtoolbar.com (HKLM)
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - D:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\System32\nvsvc32.exe
and the ewido report, which i've just completed now:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:18:14 AM, 05/10/2005
+ Report-Checksum: E8649970
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{39DA2444-065F-47CB-B27C-CCB1A39C06B7} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9EB320CE-BE1D-4304-A081-4B4665414BEF} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1 -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\MEDIATICKETSINSTALLER.MediaTicketsInstallerCtrl.1\CLSID\\ -> Spyware.PurityScan : Cleaned with backup
[268] D:\WINDOWS\System32\nuudqwmh.dll -> Spyware.PurityScan : Error during cleaning
D:\Documents and Settings\dug\Cookies\dug@2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
D:\Documents and Settings\dug\Cookies\[email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\dug\Cookies\dug@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
D:\Documents and Settings\dug\Cookies\dug@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
D:\Documents and Settings\dug\Cookies\[email protected][1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
D:\Documents and Settings\dug\Cookies\dug@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
D:\Documents and Settings\dug\Cookies\dug@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
D:\Documents and Settings\dug\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
D:\Documents and Settings\dug\Local Settings\Temp\stealth.yopt -> Dialer.Generic : Cleaned with backup
D:\WINDOWS\system32\__delete_on_reboot__nuudqwmh.dll -> Spyware.PurityScan : Cleaned with backup
::Report End