Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Hacktool.Rootkit [RESOLVED]

Started by robinson , Oct 21 2005 12:52 PM

  • This topic is locked This topic is locked

#1
robinson
Posted 21 October 2005 - 12:52 PM

robinson

    Member

  • Member
  • PipPip
  • 10 posts
Yesterday I started having problems out of nowhere. When I tried starting a PC game that I have been regularly playing, I immediately received a windows pop up bar saying "Error: loader couldn't initialize service!" and at the same time I receive a warning from Norton about the Hacktool.Rootkit virus.

It says it is infecting C:\WINDOWS\system32\svkp.sys. I have tried everything that the Norton anti-virus software suggests, as well as their website with no luck of resolving this issue.

I am quite confused and worried about this virus. I read the provided information about the specs of the virus and it appears to be quite negative, providing access to an outside user etc. Also, I don't understand why Norton could not resolve the issue as the virus is 4 years old.

Any help or guidance you can provide will be highly appreciated.

Thanks!
  • 0

Advertisements

#2
didom
Posted 22 October 2005 - 06:07 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Run Panda's online virus scan and perform a full system scan: Panda ActiveScan

Save the scan log and post it along with a new HijackThis Log in your next reply.
  • 0

#3
robinson
Posted 24 October 2005 - 10:59 AM

robinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:52:42 PM, on 23/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...chlft.html?p=DC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/homepage.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=33568
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129854086546
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
  • 0

#4
didom
Posted 24 October 2005 - 11:18 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
I also asked for a Panda ActiveScan log....
  • 0

#5
robinson
Posted 24 October 2005 - 11:26 AM

robinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Incident Status Location

Spyware:Cookie/24/7 Realmedia Reported C:\Documents and Settings\Brent\Cookies\brent@247realmedia[2].txt
Spyware:Cookie/2o7.net Reported C:\Documents and Settings\Brent\Cookies\brent@2o7[2].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Brent\Cookies\brent@adrevolver[2].txt
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Brent\Cookies\brent@adrevolver[3].txt
Spyware:Cookie/PointRoll Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Brent\Cookies\brent@advertising[1].txt
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Reported C:\Documents and Settings\Brent\Cookies\brent@ask[1].txt
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Brent\Cookies\brent@atdmt[2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Brent\Cookies\brent@belnk[1].txt
Spyware:Cookie/Bfast Reported C:\Documents and Settings\Brent\Cookies\brent@bfast[2].txt
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Brent\Cookies\brent@bluestreak[1].txt
Spyware:Cookie/bravenetA Reported C:\Documents and Settings\Brent\Cookies\brent@bravenet[1].txt
Spyware:Cookie/Bs.serving-sys Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\Brent\Cookies\brent@burstnet[2].txt
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Brent\Cookies\brent@casalemedia[1].txt
Spyware:Cookie/CentrPort Reported C:\Documents and Settings\Brent\Cookies\brent@centrport[2].txt
Spyware:Cookie/Imrworldwide Reported C:\Documents and Settings\Brent\Cookies\brent@cgi-bin[1].txt
Spyware:Cookie/Clickbank Reported C:\Documents and Settings\Brent\Cookies\brent@clickbank[1].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\Brent\Cookies\brent@com[2].txt
Spyware:Cookie/Hitslink Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/cs.sexcounter Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/360i Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Reported C:\Documents and Settings\Brent\Cookies\brent@did-it[1].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Brent\Cookies\brent@doubleclick[1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Reported C:\Documents and Settings\Brent\Cookies\brent@fastclick[2].txt
Spyware:Cookie/FortuneCity Reported C:\Documents and Settings\Brent\Cookies\brent@fortunecity[2].txt
Spyware:Cookie/GoStats Reported C:\Documents and Settings\Brent\Cookies\brent@gostats[2].txt
Spyware:Cookie/go Reported C:\Documents and Settings\Brent\Cookies\brent@go[2].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\brent@hitbox[2].txt
Spyware:Cookie/Screensavers Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Linksynergy Reported C:\Documents and Settings\Brent\Cookies\brent@linksynergy[2].txt
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Brent\Cookies\brent@maxserving[2].txt
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\Brent\Cookies\brent@mediaplex[1].txt
Spyware:Cookie/OfferOptimizer Reported C:\Documents and Settings\Brent\Cookies\brent@offeroptimizer[1].txt
Spyware:Cookie/Outster Reported C:\Documents and Settings\Brent\Cookies\brent@outster[2].txt
Spyware:Cookie/Paypopup Reported C:\Documents and Settings\Brent\Cookies\brent@paypopup[2].txt
Spyware:Cookie/Overture Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Reported C:\Documents and Settings\Brent\Cookies\brent@questionmarket[1].txt
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Brent\Cookies\brent@realmedia[1].txt
Spyware:Cookie/WUpd Reported C:\Documents and Settings\Brent\Cookies\brent@revenue[2].txt
Spyware:Cookie/Searchportal Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.LivepersonReported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Brent\Cookies\brent@serving-sys[2].txt
Spyware:Cookie/SpyLog Reported C:\Documents and Settings\Brent\Cookies\brent@spylog[1].txt
Spyware:Cookie/Statcounter Reported C:\Documents and Settings\Brent\Cookies\brent@statcounter[1].txt
Spyware:Cookie/Clicktracks Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/MammamediasolutionsReported C:\Documents and Settings\Brent\Cookies\brent@targetnet[2].txt
Spyware:Cookie/Tickle Reported C:\Documents and Settings\Brent\Cookies\brent@tickle[1].txt
Spyware:Cookie/Toplist Reported C:\Documents and Settings\Brent\Cookies\brent@toplist[1].txt
Spyware:Cookie/Tradedoubler Reported C:\Documents and Settings\Brent\Cookies\brent@tradedoubler[2].txt
Spyware:Cookie/Traffic MarketplaceReported C:\Documents and Settings\Brent\Cookies\brent@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Reported C:\Documents and Settings\Brent\Cookies\brent@tribalfusion[1].txt
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Brent\Cookies\brent@valueclick[1].txt
Spyware:Cookie/Weborama Reported C:\Documents and Settings\Brent\Cookies\brent@weborama[1].txt
Spyware:Cookie/BurstBeacon Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogramReported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Reported C:\Documents and Settings\Brent\Cookies\brent@xiti[1].txt
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Reported C:\Documents and Settings\Brent\Cookies\brent@zedo[2].txt
Spyware:Cookie/24/7 Realmedia Reported C:\Documents and Settings\Brent\Cookies\brent@247realmedia[2].txt
Spyware:Cookie/2o7.net Reported C:\Documents and Settings\Brent\Cookies\brent@2o7[2].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Brent\Cookies\brent@adrevolver[2].txt
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\Brent\Cookies\brent@adrevolver[3].txt
Spyware:Cookie/PointRoll Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Brent\Cookies\brent@advertising[1].txt
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Ask Reported C:\Documents and Settings\Brent\Cookies\brent@ask[1].txt
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Brent\Cookies\brent@atdmt[2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Brent\Cookies\brent@belnk[1].txt
Spyware:Cookie/Bfast Reported C:\Documents and Settings\Brent\Cookies\brent@bfast[2].txt
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Brent\Cookies\brent@bluestreak[1].txt
Spyware:Cookie/bravenetA Reported C:\Documents and Settings\Brent\Cookies\brent@bravenet[1].txt
Spyware:Cookie/Bs.serving-sys Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\Brent\Cookies\brent@burstnet[2].txt
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Brent\Cookies\brent@casalemedia[1].txt
Spyware:Cookie/CentrPort Reported C:\Documents and Settings\Brent\Cookies\brent@centrport[2].txt
Spyware:Cookie/Imrworldwide Reported C:\Documents and Settings\Brent\Cookies\brent@cgi-bin[1].txt
Spyware:Cookie/Clickbank Reported C:\Documents and Settings\Brent\Cookies\brent@clickbank[1].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\Brent\Cookies\brent@com[2].txt
Spyware:Cookie/Hitslink Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/cs.sexcounter Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/360i Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/did-it Reported C:\Documents and Settings\Brent\Cookies\brent@did-it[1].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Brent\Cookies\brent@doubleclick[1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/FastClick Reported C:\Documents and Settings\Brent\Cookies\brent@fastclick[2].txt
Spyware:Cookie/FortuneCity Reported C:\Documents and Settings\Brent\Cookies\brent@fortunecity[2].txt
Spyware:Cookie/GoStats Reported C:\Documents and Settings\Brent\Cookies\brent@gostats[2].txt
Spyware:Cookie/go Reported C:\Documents and Settings\Brent\Cookies\brent@go[2].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\brent@hitbox[2].txt
Spyware:Cookie/Screensavers Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Linksynergy Reported C:\Documents and Settings\Brent\Cookies\brent@linksynergy[2].txt
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Brent\Cookies\brent@maxserving[2].txt
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\Brent\Cookies\brent@mediaplex[1].txt
Spyware:Cookie/OfferOptimizer Reported C:\Documents and Settings\Brent\Cookies\brent@offeroptimizer[1].txt
Spyware:Cookie/Outster Reported C:\Documents and Settings\Brent\Cookies\brent@outster[2].txt
Spyware:Cookie/Paypopup Reported C:\Documents and Settings\Brent\Cookies\brent@paypopup[2].txt
Spyware:Cookie/Overture Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Hitbox Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/QuestionMarket Reported C:\Documents and Settings\Brent\Cookies\brent@questionmarket[1].txt
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Brent\Cookies\brent@realmedia[1].txt
Spyware:Cookie/WUpd Reported C:\Documents and Settings\Brent\Cookies\brent@revenue[2].txt
Spyware:Cookie/Searchportal Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Server.iad.LivepersonReported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Brent\Cookies\brent@serving-sys[2].txt
Spyware:Cookie/SpyLog Reported C:\Documents and Settings\Brent\Cookies\brent@spylog[1].txt
Spyware:Cookie/Statcounter Reported C:\Documents and Settings\Brent\Cookies\brent@statcounter[1].txt
Spyware:Cookie/Clicktracks Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/WebtrendsLive Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/MammamediasolutionsReported C:\Documents and Settings\Brent\Cookies\brent@targetnet[2].txt
Spyware:Cookie/Tickle Reported C:\Documents and Settings\Brent\Cookies\brent@tickle[1].txt
Spyware:Cookie/Toplist Reported C:\Documents and Settings\Brent\Cookies\brent@toplist[1].txt
Spyware:Cookie/Tradedoubler Reported C:\Documents and Settings\Brent\Cookies\brent@tradedoubler[2].txt
Spyware:Cookie/Traffic MarketplaceReported C:\Documents and Settings\Brent\Cookies\brent@trafficmp[1].txt
Spyware:Cookie/Tribalfusion Reported C:\Documents and Settings\Brent\Cookies\brent@tribalfusion[1].txt
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Brent\Cookies\brent@valueclick[1].txt
Spyware:Cookie/Weborama Reported C:\Documents and Settings\Brent\Cookies\brent@weborama[1].txt
Spyware:Cookie/BurstBeacon Reported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/myaffiliateprogramReported C:\Documents and Settings\Brent\Cookies\[email protected][2].txt
Spyware:Cookie/Xiti Reported C:\Documents and Settings\Brent\Cookies\brent@xiti[1].txt
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Brent\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Reported C:\Documents and Settings\Brent\Cookies\brent@zedo[2].txt
Spyware:Cookie/24/7 Realmedia Reported C:\Documents and Settings\Cathy\Cookies\cathy@247realmedia[1].txt
Spyware:Cookie/2o7.net Reported C:\Documents and Settings\Cathy\Cookies\cathy@2o7[2].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Cathy\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Reported C:\Documents and Settings\Cathy\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Cathy\Cookies\cathy@advertising[2].txt
Spyware:Cookie/Ask Reported C:\Documents and Settings\Cathy\Cookies\cathy@ask[2].txt
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Cathy\Cookies\cathy@atdmt[2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Cathy\Cookies\[email protected][2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Cathy\Cookies\cathy@belnk[1].txt
Spyware:Cookie/Bluestreak Reported C:\Documents and Settings\Cathy\Cookies\cathy@bluestreak[2].txt
Spyware:Cookie/Bs.serving-sys Reported C:\Documents and Settings\Cathy\Cookies\[email protected][2].txt
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Cathy\Cookies\cathy@casalemedia[2].txt
Spyware:Cookie/CentrPort Reported C:\Documents and Settings\Cathy\Cookies\cathy@centrport[2].txt
Spyware:Cookie/Imrworldwide Reported C:\Documents and Settings\Cathy\Cookies\cathy@cgi-bin[1].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\Cathy\Cookies\cathy@com[2].txt
Spyware:Cookie/Coremetrics Reported C:\Documents and Settings\Cathy\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Cathy\Cookies\[email protected][2].txt
Spyware:Cookie/Doubleclick Reported C:\Documents and Settings\Cathy\Cookies\cathy@doubleclick[1].txt
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Cathy\Cookies\cathy@maxserving[2].txt
Spyware:Cookie/Mediaplex Reported C:\Documents and Settings\Cathy\Cookies\cathy@mediaplex[1].txt
Spyware:Cookie/QuestionMarket Reported C:\Documents and Settings\Cathy\Cookies\cathy@questionmarket[1].txt
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\Cathy\Cookies\cathy@realmedia[1].txt
Spyware:Cookie/WUpd Reported C:\Documents and Settings\Cathy\Cookies\cathy@revenue[1].txt
Spyware:Cookie/Searchportal Reported C:\Documents and Settings\Cathy\Cookies\[email protected][1].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Cathy\Cookies\[email protected][1].txt
Spyware:Cookie/Server.iad.LivepersonReported C:\Documents and Settings\Cathy\Cookies\[email protected][1].txt
Spyware:Cookie/Serving-sys Reported C:\Documents and Settings\Cathy\Cookies\cathy@serving-sys[1].txt
Spyware:Cookie/Statcounter Reported C:\Documents and Settings\Cathy\Cookies\cathy@statcounter[2].txt
Spyware:Cookie/Tradedoubler Reported C:\Documents and Settings\Cathy\Cookies\cathy@tradedoubler[1].txt
Spyware:Cookie/Valueclick Reported C:\Documents and Settings\Cathy\Cookies\cathy@valueclick[1].txt
Spyware:Cookie/Adserver Reported C:\Documents and Settings\Cathy\Cookies\[email protected][1].txt
Spyware:Cookie/Zedo Reported C:\Documents and Settings\Cathy\Cookies\cathy@zedo[1].txt
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\Dave\Cookies\dave@maxserving[2].txt
Spyware:Cookie/2o7.net Reported C:\Documents and Settings\Scott\Cookies\scott@2o7[1].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
Spyware:Cookie/PointRoll Reported C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
Spyware:Cookie/Advertising Reported C:\Documents and Settings\Scott\Cookies\scott@advertising[2].txt
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\Scott\Cookies\scott@apmebf[1].txt
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
Spyware:Cookie/Falkag Reported C:\Documents and Settings\Scott\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Reported C:\Documents and Settings\Scott\Cookies\scott@atdmt[2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\Scott\Cookies\scott@belnk[2].txt
Spyware:Cookie/BurstNet Reported C:\Documents and Settings\Scott\Cookies\scott@burstnet[2].txt
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\Scott\Cookies\scott@casalemedia[2].txt
Spyware:Cookie/CentrPort Reported C:\Documents and Settings\Scott\Cookies\scott@centrport[2].txt
Spyware:Cookie/Imrworldwide Reported C:\Documents and Settings\Scott\Cookies\scott@cgi-bin[2].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\Scott\Cookies\scott@com[2].txt
Spyware:Cookie/Coremetrics Reported C:\Documents and Settings\Scott\Cookies\[email protected][1].txt
  • 0

#6
didom
Posted 24 October 2005 - 12:22 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Download CCleaner and install it.

Start Ccleaner. click "Options", click the "Advanced" tab
Uncheck: "Only delete files older than 48 hrs.", click Ok
Click "Cleaner" and click Run Cleaner (bottom right).

Then reboot your computer.

Please download RootKitRevealer from here:
http://www.sysintern...kitrevealer.zip
Unzip it to the desktop, run it, and click Scan. This will generate a log file; please post the entire contents of the log file here for me to see.
  • 0

#7
robinson
Posted 24 October 2005 - 01:06 PM

robinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
HKLM\SOFTWARE\Classes\webcal\URL Protocol 04/06/2005 7:16 AM 13 bytes Data mismatch between Windows API and raw hive data.
C:\Program Files\Norton Internet Security\Norton AntiVirus\Savrt\0321NAV~.TMP 24/10/2005 2:53 PM 0 bytes Hidden from Windows API.
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb 24/10/2005 2:46 PM 64.00 KB Visible in Windows API, but not in MFT or directory index.
C:\WINDOWS\system32\wbem\Logs\wmiprov.log 24/10/2005 2:49 PM 67 bytes Hidden from Windows API.
  • 0

#8
didom
Posted 25 October 2005 - 02:40 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Download and Save Blacklight to your desktop:

Double-click blbeta.exe then accept the agreement, leave [X]scan through Windows Explorer checked, click > scan then > next

You'll see a list of all items found. There will also be a log on your desktop with the name fsbl.xxxxxxx.log (the xxxxxxx stand for numbers).

Copy and paste this log in your next reply. Don't choose the rename option yet! I want to see the log first, because legitimate items can also be present there, such as "wbemtest.exe"
  • 0

#9
robinson
Posted 25 October 2005 - 04:01 PM

robinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
10/25/05 17:58:15 [Info]: BlackLight Engine 1.0.24 initialized
10/25/05 17:58:15 [Info]: OS: 5.1 build 2600 (Service Pack 2)
10/25/05 17:58:15 [Note]: 4019 4
10/25/05 17:58:15 [Note]: 4005 0
10/25/05 17:58:21 [Note]: 4006 0
10/25/05 17:58:21 [Note]: 4011 2772
10/25/05 17:58:22 [Note]: FSRAW library version 1.7.1013
10/25/05 17:59:20 [Note]: 4007 0
  • 0

#10
didom
Posted 26 October 2005 - 09:13 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Those logs look clean :tazz:

Please post a fresh HJT log and tell me how your computer is running.
  • 0

Advertisements

#11
robinson
Posted 26 October 2005 - 11:41 AM

robinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
My computer has been running better now, a bit smoother. I am going to attempt starting the program that triggered the virus in the first place (PC game).

Do you recommend any anti-virus programs I should download so in the future something like this could be avoided? (I already have Norton Internet Security.) Thanks for all your help! :tazz:


Logfile of HijackThis v1.99.1
Scan saved at 1:41:41 PM, on 26/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\AdBlocking\NSMdtr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.ca/myway
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://bfc.myway.com...chlft.html?p=DC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/homepage.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.sympatico.ca/homepage.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.sympatico.ca/homepage.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=33568
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Dell Photo AIO Printer 922] "C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe"
O4 - HKLM\..\Run: [DLBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLBTtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage) - http://go.microsoft....204&clcid=0x409
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1129854086546
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/...mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/...ro.cab34246.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/.../default/gf.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/...aploader_v6.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: dlbt_device - Dell - C:\WINDOWS\system32\dlbtcoms.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: PPPoE Service (PPPoEService) - Unknown owner - C:\PROGRA~1\SYMPAT~1\ACCESS~1\app\pppoeservice.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe :)

Edited by robinson, 26 October 2005 - 11:44 AM.

  • 0

#12
didom
Posted 26 October 2005 - 11:46 AM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Did you installed MyWebSearch/MySearch yourself?

Because the toolbar is open to debate: http://castlecops.co...eSrcAs_dll.html
  • 0

#13
robinson
Posted 26 October 2005 - 02:52 PM

robinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
No, I definitely did not install that.
  • 0

#14
didom
Posted 26 October 2005 - 03:14 PM

didom

    Member 1K

  • Member
  • PipPipPipPip
  • 1,919 posts
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.
  • 0

#15
robinson
Posted 26 October 2005 - 08:19 PM

robinson

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
A Tale in the Desert
ABBYY FineReader 5.0 Sprint Plus
Access Manager
Ad-Aware SE Personal
Adobe Acrobat - Reader 6.0.2 Update
Adobe Reader 6.0.1
AOL You've Got Pictures Screensaver
ATI Control Panel
ATI Display Driver
CC_ccProxyExt
ccCommon
CCleaner (remove only)
ccPxyCore
Classic PhoneTools
Conexant D850 56K V.9x DFVc Modem
Dell Driver Reset Tool
Dell Media Experience
Dell Photo AIO Printer 922
Dell Picture Studio v3.0
Dell Support 5.0.0 (630)
Digital Line Detect
ESSAdpt
ESSANUP
ESSCAM
ESSCDBK
ESScore
ESSgui
ESShelp
ESSini
ESSPCD
ESSSONIC
ESSvpaht
ESSvpot
Google Earth
Gothic II
HijackThis 1.99.1
HLPIndex
HLPRFO
Intel® PRO Network Adapters and Drivers
Intel® PROSet for Wired Connections
Internet Explorer Default Page
Jasc Paint Shop Photo Album
Jasc Paint Shop Photo Album 5
Jasc Paint Shop Pro 8 Dell Edition
Jasc Paint Shop Pro Studio, Dell Editon
Jasc Paint Shop Pro Studio.01 , Dell Edition 1.0.1.1 Patch
Java 2 Runtime Environment, SE v1.4.2_03
Kodak EasyShare software
KSU
Learn2 Player (Uninstall Only)
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Macromedia Shockwave Player
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Office Basic Edition 2003
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Modem Helper
MSN
MSN Messenger 7.0
MSRedist
My Way Search Assistant
NetWaiting
Norton AntiSpam
Norton AntiSpam
Norton AntiVirus 2005
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security
Norton Internet Security 2005 (Symantec Corporation)
Norton Security Center
Norton WMI Update
Norton WMI Update
Notifier
OTtBP
OTtBPSDK
Panda ActiveScan
Panda spyXposer
PCDADDIN
PCDHELP
PCDLNCH
Photo Click
PowerDVD 5.5
QuickTime
RealPlayer Basic
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
SFR
SFR2
Sonic DLA
Sonic MyDVD LE
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
SPBBC
Symantec Script Blocking Installer
SymNet
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Viewpoint Media Player
VPRINTOL
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP