Thread: CWS.Homesearch and Aboutblank
View Single Post
Old 08-26-2005, 11:57 AM   #3 (permalink)
Oller
Registered User
 
Join Date: Aug 2005
Posts: 8
OS: XP


Wink Thanks for helping me tentonbob
Please find below the logfiles for the three searches you instructed. // Oller

TREND MICRO (2nd SCAN)
Started Scanning
Internet Cookies
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'com.com' in 'Internet Explorer Cache'
Found 'mediaplex.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Found 'Counter' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'Dict2Version' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'DictVersion' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'DownloadFlag' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'HPDllVersion' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'InstallDay' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'LastDay' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'LastHPDay' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'LastUpdate' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'ModuleVersion' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'SHVersion' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'SponsorID' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found 'UpdateHour' in 'Software\Microsoft\Windows\CurrentVersion\Explorer\{587DBF2D-9145-4c9e-92C2-1F953DA73773}'
Found '' in 'Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\Range1'
Found '' in 'SOFTWARE\MyWay'
Found '' in 'Software\d78ffc13'
Found '' in 'Software\Microsoft\Internet Explorer\Explorer Bars\{30D02401-6A81-11D0-8274-00C04FD5AE38}'
Internet URL Shortcuts
Files and Directories
Found '' in 'C:\Program Files\MyWay'
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Checking for 'C:\Program Files\MyWay' in shortcut areas.
Checking for 'C:\Program Files\MyWay' in startup areas.
Cleaning 'C:\Program Files\MyWay'
Checking for 'C:\Program Files\MyWay\myBar\History\search' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\History\search' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\History\search'
Checking for 'C:\Program Files\MyWay\myBar\Settings\prevcfg.htm' in shortcut areas.
Checking for 'C:\Program Files\MyWay\myBar\Settings\prevcfg.htm' in startup areas.
Cleaning 'C:\Program Files\MyWay\myBar\Settings\prevcfg.htm'
Finished Cleaning
Started Scanning
Internet Cookies
Found 'doubleclick.net' in 'Internet Explorer Cache'
Found 'tribalfusion.com' in 'Internet Explorer Cache'
Found 'imrworldwide.com' in 'Internet Explorer Cache'
Programs in Memory
Windows Registry
Internet URL Shortcuts
Files and Directories
Finished Scanning
Started Backup
Finished Backup
Started Cleaning
Finished Cleaning


PANDA ACTIVE SCAN
Incident Status Location

Adware:adware/antivirus-gold No disinfected C:\DOCUMENTS AND SETTINGS\OLLE\START MENU\AntivirusGold 2.0.lnk
Adware:adware/searchaid No disinfected Windows Registry
Dialer:dialer.bjp No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\ARCHIVIOSEX.NET
Dialer:dialer.akd No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\DOMAINS\SGRUNT.BIZ
Adware:adware/cws.yexe No disinfected Windows Registry
Virus:Trj/Multidropper.V No disinfected C:\Documents and Settings\Olle\Desktop\DivX\DivX.Pro.v5.1.Incl.Keygen-SSG.ShareReactor.exe[keygen.exe]
Adware:Adware/SearchAid No disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050810154558.zip[winyw32.exe]
Adware:Adware/SearchAid No disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050814232407.zip[winlo.exe]
Adware:Adware/SearchAid No disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050823204317.zip[syslr.exe]
Adware:Adware/SearchAid No disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050825183641.zip[ipst32.exe]
Adware:Adware/SearchAid No disinfected C:\Program Files\CA\eTrust PestPatrol\core\Quarantine\20050825183641.zip[msph32.exe]
HIJACKTHIS
Logfile of HijackThis v1.99.1
Scan saved at 19:41:46, on 2005-08-26
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Sony Corporation\Image Transfer\SonyTray.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\HJT\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.di.se/Nyheter/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://pac.telenet.be:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Image Transfer.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/actives...ree/asinst.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
Oller is offline