Thread: Ricko's Hijack This log - need help
View Single Post
Old 09-23-2005, 10:30 PM   #9 (permalink)
Ricko
Registered User
 
Join Date: Aug 2005
Posts: 7
OS: XP


Latest
Hello -
1. Installed Cleanup and cleaned out Temp files
2. Installed Ewido suite and scanned with log
3. Ran Hijackthis checkmarked files and saved log
(checkmarked those 3 files but they still came up in the log)

Logs below:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:10:05 p.m., 24/09/2005
+ Report-Checksum: 1A875589

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2E246FAE-8420-11D9-870D-000C2917DE7F} -> Dialer.Generic : Ignored
HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{09CA52B3-703C-4B17-9690-C13F736E3DCD} -> Dialer.Generic : Ignored
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP2\A0005507.exe -> Not-A-Virus.Hoax.Renos.f : Ignored
HKLM\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Best Search Engine!!! -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-1060284298-1965331169-682003330-1004\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1060284298-1965331169-682003330-1004\Software\Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
HKU\S-1-5-21-1060284298-1965331169-682003330-1004_Classes\CLSID\{0656A137-B161-CADD-9777-E37A75727E78} -> Dialer.Generic : Cleaned with backup
C:\WINDOWS\system\svchost.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Backdoor.Agent.iw : Cleaned with backup
C:\WINDOWS\sys1632.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys176.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1721.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4616.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys4640.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys473.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1034.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys1044.exe -> Trojan.Crypt.i : Cleaned with backup
C:\WINDOWS\sys115.exe -> Trojan.Crypt.i : Cleaned with backup
C:\Program Files\AdventurePinballDemo\System\vjxsm32.dll -> TrojanDownloader.Murlo.ar : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005373.dll -> Spyware.Azesearch : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005374.dll -> Spyware.Zbar : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005377.dll -> Spyware.Zbar : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005378.dll -> Spyware.Zbar : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005382.exe -> TrojanDropper.Small.aad : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005384.dll -> Spyware.Azesearch : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005385.dll -> Spyware.Zbar : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005386.exe -> TrojanDropper.Small.aad : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005388.dll -> Spyware.Zbar : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005389.dll -> Spyware.Azesearch : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP1\A0005390.exe -> TrojanDropper.Small.aad : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP2\A0005492.exe -> Trojan.Crypt.i : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP2\A0005498.exe -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP2\A0005508.exe -> TrojanDownloader.Agent.qx : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP2\A0005509.exe -> TrojanDownloader.Agent.qx : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP61\A0014121.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP61\A0014139.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP63\A0014164.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP63\A0014165.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP63\A0014191.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP63\A0014192.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP63\A0014224.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP63\A0014225.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014239.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014240.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014252.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014253.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014270.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014271.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014294.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP64\A0014295.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014312.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014313.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014327.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014328.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014348.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014349.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014361.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014362.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014378.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014379.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014394.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP65\A0014395.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP66\A0014412.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP66\A0014413.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP66\A0014429.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP66\A0014430.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014453.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014454.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014480.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014481.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014498.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014499.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014519.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014520.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014539.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP67\A0014540.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP68\A0014556.DLL -> Backdoor.Agent.iw : Cleaned with backup
C:\System Volume Information\_restore{93EFE94E-284B-4E5F-849A-282CAFB51849}\RP68\A0014557.dll -> Backdoor.Agent.iw : Cleaned with backup
C:\eied_s7.cab/eied_s7_c_127.exe -> TrojanDownloader.Mediket.ao : Error during cleaning


::Report End
-------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 4:17:08 p.m., on 24/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\Anvshell.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\System32\carpserv.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\ahead\InCD\InCD.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFAGENT.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Eraser\eraser.exe
C:\Program Files\OpenOffice.org1.0.1\program\soffice.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Hijack This\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://mail.yahoo.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [Anvshell] C:\WINDOWS\Anvshell.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CARPService] carpserv.exe
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe" /disabled
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFTRAY.EXE
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide
O4 - Startup: OpenOffice.org 1.0.1.lnk = C:\Program Files\OpenOffice.org1.0.1\program\quickstart.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted IP range: 67.19.178.84
O15 - Trusted IP range: 67.19.178.84 (HKLM)
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/viewers/ipixx.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://jcs.chat.dcn.yahoo.com/v45/yacscom.cab
O21 - SSODL: Adventure Pinball Demo - {52CC1746-64FC-95C7-4EC1-729CB4A78D4C} - c:\program files\adventurepinballdemo\system\vjxsm32.dll (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - McAfee, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: svchost.exe (moto) - Unknown owner - C:\WINDOWS\svchost.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\MCAFEE.COM\PERSON~1\MPFSERVICE.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

END
Ricko is offline