Thread: Removal of isrv files
View Single Post
Old 12-05-2005, 08:04 PM   #8 (permalink)
joneu
Registered User
 
Join Date: Dec 2005
Posts: 15
OS: Vista


Still have spyware
Logfile of HijackThis v1.99.1
Scan saved at 10:03:42 PM, on 12/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\NavNT\vptray.exe
C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Trillian\trillian.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitComet\BitComet.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\iTunes\iTunes.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\JONEU~1\LOCALS~1\Temp\Rar$EX00.922\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dell4me.com/myway
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [vptray] C:\Program Files\NavNT\vptray.exe
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Desktop Weather 3] C:\PROGRA~1\THEWEA~1\The Weather Channel.exe
O4 - Startup: Trillian.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel(R) Corporation - C:\Program Files\Intel\NCS\Sync\NetSvc.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe



Incident Status Location

Adware:adware/cws Not disinfected C:\Documents and Settings\jon eu\Favorites\LIVING\Find a Degree.lnk
Adware:adware/isearch Not disinfected C:\WINDOWS\delprot.ini
Adware:adware/dollarrevenue Not disinfected C:\WINDOWS\drsmartload.dat
Adware:adware/maxifiles Not disinfected C:\PROGRAM FILES\COMMON FILES\InetGet
Adware:adware/beginto Not disinfected C:\WINDOWS\SYSTEM32\cache32_rtneg3
Adware:adware/searchresults Not disinfected Windows Registry
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jon eu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-63aec15c.zip[NewSecurityClassLoader.class]
Virus:Exploit/ByteVerify Not disinfected C:\Documents and Settings\jon eu\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\java.jar-8fba448-63aec15c.zip[NewURLClassLoader.class]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip[jtnq0755e.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip[k0080adued080.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip[m4640ejqehoe0.dll]
Adware:Adware/Look2Me Not disinfected C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip[q0nula591d.dll]
Adware:Adware/Sqwire Not disinfected C:\Program Files\Common Files\rzrw\rzrwl.exe
Hacktool:HackTool/EvID Not disinfected C:\Program Files\Common Files\Synacast\SynaLive\EvID4226Patch.exe
Adware:Adware/ISearch Not disinfected C:\WINDOWS\delprot.ini
Virus:Trj/Qhost.Y Not disinfected C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts


---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:20:57 PM, 12/5/2005
+ Report-Checksum: 3DD6D978

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\delprot -> Spyware.iSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\delprot\Security -> Spyware.iSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\delprot\Enum -> Spyware.iSearch : Cleaned with backup
HKU\S-1-5-21-3725871709-3065296762-3132929884-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{52FE5233-367C-4EFB-BDD7-0BE4D212C107} -> Spyware.Begin2Search : Cleaned with backup
HKU\S-1-5-21-3725871709-3065296762-3132929884-1007\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\contextplus.exe -> Trojan.Crypt.t : Cleaned with backup
C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip/dlls/jtnq0755e.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip/dlls/k0080adued080.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip/dlls/m4640ejqehoe0.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\jon eu\Desktop\l2mfix\backup.zip/dlls/q0nula591d.dll -> Spyware.Look2Me : Error during cleaning
C:\Documents and Settings\jon eu\Desktop\l2mfix\dlls\jtnq0755e.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\jon eu\Desktop\l2mfix\dlls\k0080adued080.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\jon eu\Desktop\l2mfix\dlls\m4640ejqehoe0.dll -> Spyware.Look2Me : Cleaned with backup
C:\Documents and Settings\jon eu\Desktop\l2mfix\dlls\q0nula591d.dll -> Spyware.Look2Me : Cleaned with backup
C:\drsmartload1.exe -> Downloader.VB.ri : Cleaned with backup
C:\inrh9400.exe -> Downloader.Small.bke : Cleaned with backup
C:\installer.exe -> Spyware.Look2Me : Cleaned with backup
C:\mte3ndi6odoxng.exe -> Downloader.Small.buy : Cleaned with backup
C:\Program Files\Common Files\Download\freeprodtb.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Download\mc-110-12-0000169.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\InetGet\mc-110-12-0000169.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\rzrw\rzrwa.exe -> Downloader.TSUpdate.l : Cleaned with backup
C:\Program Files\Common Files\rzrw\rzrwd\rzrwc.dll -> Downloader.Small : Cleaned with backup
C:\Program Files\Common Files\rzrw\rzrwm.exe -> Downloader.TSUpdate.n : Cleaned with backup
C:\Program Files\Common Files\rzrw\rzrwp.exe -> Downloader.TSUpdate.f : Cleaned with backup
C:\Program Files\Common Files\Windows\mc-110-12-0000169.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Spyware.Maxifiles : Cleaned with backup
C:\Program Files\Inscomet\Cache\00002c49_438f2159_00053ec6 -> Downloader.Phel.d : Cleaned with backup
C:\Program Files\Inscomet\Cache\00005f1e_438f21b6_000ec82e -> Downloader.Phel.d : Cleaned with backup
C:\Program Files\Mozilla Firefox\extensions\{2bafa858-4ff3-4207-822e-ef46d1b431de}\chrome\isearch.jar/content/isearch/isearch.js -> Spyware.iSearch : Cleaned with backup
C:\RECYCLER\NPROTECT\00000620.TXT -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\RECYCLER\NPROTECT\00000624.TXT -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\stub_113_4_0_4_0.exe -> Downloader.TSUpdate.o : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP395\A0044084.dll -> Spyware.CommAd : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP395\A0044126.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP395\A0044130.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP395\A0044139.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP396\A0044217.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP396\A0044226.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP396\A0044284.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP396\A0044298.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044403.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044417.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044443.dll -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044449.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044462.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044490.dll -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044506.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044519.DLL -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044545.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044558.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044586.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044609.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044610.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044611.dll -> Spyware.Look2Me : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044826.dll -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044904.exe -> Downloader.VB.qr : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044907.exe -> Spyware.Maxifiles : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP397\A0044916.dll -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045419.exe -> Spyware.iSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045421.exe -> Trojan.Isearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045422.dll -> Spyware.iSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045423.dll -> Spyware.iSearch : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045424.sys -> Trojan.Delprot.a : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045427.dll -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045430.dll -> Spyware.Suggestor : Cleaned with backup
C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP398\A0045505.exe -> Adware.Suggestor : Cleaned with backup
C:\WINDOWS\adtech2006.exe -> Hijacker.VB.kc : Cleaned with backup
C:\WINDOWS\SYSTEM32\PWUSTAB.DLL -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\timessquare.exe -> Spyware.Hijacker.StartPage.aw : Cleaned with backup


::Report End


Uninstall list
Ad-Aware SE Professional
Adobe Acrobat 7.0.1 and Reader 7.0.1 Update
Adobe Acrobat 7.0.2 and Reader 7.0.2 Update
Adobe Acrobat 7.0.3 and Reader 7.0.3 Update
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader 7.0
AppRocket
BCM V.92 56K Modem
BitComet 0.60
CleanUp!
Cole2k Media - Codec Pack (Advanced)
Dell Digital Jukebox Driver
Dell Media Experience
Dell Solution Center
Dell Support
DivX Codec
DS21Patch
DVDSentry
EPSON Printer Software
ewido security suite
FaxTools
Google Desktop
Google Toolbar for Internet Explorer
ImageStation Easy Upload Tools
Ink Monitor
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet
Internet Explorer Default Page
joneu is offline