Thread: HJT Log Help!
View Single Post
Old 09-02-2005, 01:31 PM   #16 (permalink)
misterando
Registered User
 
Join Date: Feb 2005
Posts: 55
OS: xp


Hey Subs,

Thanks....Im just freaking out a little.

Here are the logs and scans ( I dont have time to do the kapersky scan yet....I have to work till midnight tonight, but will do the scan then)

Heres what I have for now....also the kapersky scan looks like it got stuck at 2%......just the timer on the thing is counting nothing else seems to be moving.....)

Also, my background is black and a PSgurad icon and program was installed on my desktop i cant get rid of it....i think its virus related./..



HJT
Logfile of HijackThis v1.99.0
Scan saved at 3:31:24 PM, on 9/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton Internet Security\NISUM.EXE
C:\Program Files\Norton Internet Security\ccPxySvc.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\RioMSC.exe
C:\WINDOWS\System32\snmp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\Explorer.EXE
C:\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Andy\Application Data\Mozilla\Profiles\default\i1e1rrfu.slt\prefs.js)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mmtask.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} (Shutterfly Picture Upload Plugin) - http://web1.shutterfly.com/downloads/Uploader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10...o.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/sh...19/mcgdmgr.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Companion) - http://us.dl1.yimg.com/download.comp...io5_3_12_0.cab
O18 - Filter hijack: application/octet-stream - {6585E5B4-4D2A-4A1D-A219-4102C64BA999} - (no file)
O23 - Service: Symantec Event Manager - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Proxy Service - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPxySvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel NCS NetService - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton Internet Security Accounts Manager - Symantec Corporation - C:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: NVIDIA Driver Helper Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Rio MSC Manager - Digital Networks North America, Inc. - C:\WINDOWS\System32\RioMSC.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) - Unknown - %ProgramFiles%\WinPcap\rpcapd.exe (file missing)
O23 - Service: ScriptBlocking Service - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe



About
AboutBuster 5.0 reference file 28
Scan started on [7/25/2005] at [10:49:48 AM]
------------------------------------------------
Removed Stream! C:\WINDOWS\{B6656B57-15D6-4E8F-AFAD-58AA2E3486CF}.dat:kiyhbw
Removed Stream! C:\WINDOWS\{B6656B57-15D6-4E8F-AFAD-58AA2E3486CF}.dat:rhgczm
------------------------------------------------
Removed File! : C:\Windows\System32\kytvu.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 10:50:01 AM


AboutBuster 5.0 reference file 28
Scan started on [7/25/2005] at [11:00:49 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
No Files Found!
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 11:01:04 AM


AboutBuster 5.0 reference file 28
Scan started on [8/20/2005] at [6:05:17 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\Q816982.log:dyzbyw
Removed Stream! C:\WINDOWS\Q817606.log:wykgsg
------------------------------------------------
Removed File! : C:\Windows\System32\fdeom.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 6:05:31 PM


AboutBuster 5.0 reference file 28
Scan started on [8/31/2005] at [3:11:22 PM]
------------------------------------------------
Removed Stream! C:\WINDOWS\Greenstone.bmp:skblqn
Removed Stream! C:\WINDOWS\imsins.BAK:klmykq
------------------------------------------------
Removed File! : C:\Windows\System32\fhaww.dll
Removed File! : C:\Windows\System32\hlmzk.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:11:36 PM


AboutBuster 5.0 reference file 28
Scan started on [9/1/2005] at [4:50:11 AM]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\Windows\System32\fhaww.dll
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 4:50:25 AM


AboutBuster 5.0 reference file 31
Scan started on [9/2/2005] at [3:25:39 PM]
------------------------------------------------
No Ads Found!
------------------------------------------------
Removed File! : C:\Windows\oiklv.dat
Removed File! : C:\Windows\xkpae.dat
Removed File! : C:\Windows\System32\ckirj.dat
Removed File! : C:\Windows\System32\ddeem.dat
Removed File! : C:\Windows\System32\lpztz.dat
------------------------------------------------
Scan was COMPLETED SUCCESSFULLY at 3:26:19 PM


Ewido
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:34:26 AM, 8/31/2005
+ Report-Checksum: C61E039A

+ Scan result:

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OSA.exe -> TrojanDownloader.Delf.ks : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Andy\Application Data\Mozilla\Profiles\default\i1e1rrfu.slt\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cityclub.gamingpromo[2].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cz11.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cz4.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cz5.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cz6.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cz7.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@cz9.clickzs[2].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@e-2dj6wfkockcpmhp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@gamingpromo[1].txt -> Spyware.Cookie.Gamingpromo : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@image.masterstats[1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@stat.onestat[2].txt -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Andy\Cookies\andy@vip.clickzs[1].txt -> Spyware.Cookie.Clickzs : Cleaned with backup
C:\WINDOWS\notepad.com -> TrojanDownloader.Delf.ks : Cleaned with backup
C:\WINDOWS\SYSTEM32\notepad.com -> TrojanDownloader.Delf.ks : Cleaned with backup
C:\WINDOWS\SYSTEM32\svcnt32.exe -> TrojanDownloader.Delf.ks : Cleaned with backup


::Report End
misterando is offline