|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-26-2006, 10:03 PM
|
#1 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 6
OS: Windows XP Home Edition SP2
|
Computer deeply infected; HJT log
PLEASE DON'T NOT READ THIS BECAUSE OF THE HIGHLY DETAILED CONTENT. I understand that you guys do this for free, and I highly appreciate all and/or any help I can get.
I am not an expert, but I know alot about computers just by playing with it and surfing the net. Everything that happens to a computer when I'm on it, I know what I did and how to fix it, but this problem lies on my fathers laptop where at least 10 people accessed it without me around. First, my sister managed to get viruses, adware, and spyware on it for she's stupid, along with the other people. It was later that I went on and realized the infections on the computer were routing my ip to bad places where things got worse. After following General Cleaning Instructions multiple times (2-3 truthfully), ZoneAlarm firewall still gave me alerts of my computer directly connecting to strange ip addresses (4 noted in mind, not written down), along with svchost.exe running with 100%. With Process Explorer from http://www.sysinternals.com I've managed to close it, although I have to do it everytime I log on, and this is on a laptop. ONE MORE THING: (dwwin.exe) appears everytime (iexplorer.exe) stays open for at least 15 mins. Error reporting is too complecated for me and this post is big enough. Sorry for the immense detail, I couldn't imagine giving too little so I ended up giving too much. >< Here's the HijackThis log. Located in (C:/HJT/hijackthis.exe). (msconfig.exe) configured in Normal startup so everything is loaded (which I disliked for all the crap they put on here). THANK YOU FOR READING TILL HERE!!  (HijackThis copied EXACTLY as it was saved) Logfile of HijackThis v1.99.1 Scan saved at 11:23:51 PM, on 7/26/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\brsvc01a.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\brss01a.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\WINDOWS\System32\ofps.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\wltrysvc.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\--Computer Fixers--\3. Firewall - not too important, but good to have\Zone Labs\ZoneAlarm\zlclient.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe C:\Program Files\Common Files\Real\Update_OB\realsched.exe C:\Program Files\Synaptics\SynTP\SynTPLpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Dell\Media Experience\PCMService.exe C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\iTunes\iTunesHelper.exe C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe C:\Program Files\iPod\bin\iPodService.exe C:\WINDOWS\System32\DSentry.exe C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe C:\Program Files\Creative\Shared Files\CAMTRAY.EXE C:\Program Files\Dell AIO Printer A960\dlbfbmon.exe C:\WINDOWS\BCMSMMSG.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe c:\progra~1\common~1\instal~1\update~1\isuspm.exe C:\Program Files\Common Files\InstallShield\UpdateService\agent.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.244.149.25:3128 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {249e2583-6642-4987-a6c5-f8254fd248b4} - C:\WINDOWS\system32\mfcCHE.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\--COMP~1\65719~1.BAS\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - blank (file missing) O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\compstuid.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\--Computer Fixers--\3. Firewall - not too important, but good to have\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [WinTasks Traybar] C:\Program Files\--Computer Fixers--\WinTasks\wintasks.exe traybar O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch" O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_02\bin\jusched.exe O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\Media Experience\PCMService.exe" O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe O4 - HKLM\..\Run: [monitor1a] C:\Windows\monitor1a.exe O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [ISUSScheduler] "C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\issch.exe" -start O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe O4 - HKLM\..\Run: [Dell AIO Printer A960] "C:\Program Files\Dell AIO Printer A960\dlbfbmgr.exe" O4 - HKLM\..\Run: [Creative WebCam Tray] C:\Program Files\Creative\Shared Files\CAMTRAY.EXE O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe O4 - HKCU\..\Run: [5e69735e.exe] C:\Documents and Settings\Sonia\Local Settings\Application Data\5e69735e.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://rmlsfl.mlxchange.com/Control/...ctComboBox.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ghettoprincess1866.spaces.msn...d/MsnPUpld.cab O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://rmlsfl.mlxchange.com/Control/MLXClientUtils.cab O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://rmlsfl.mlxchange.com/Control/IRCSharc.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6C34BF9B-8ECC-489B-B056-B28923EE3202}: NameServer = 200.244.149.26,200.244.149.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{D805F1F2-5A84-4CCF-9D42-F64FCCEF5E9A}: NameServer = 200.244.149.26,200.244.149.20 O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - blank (file missing) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - blank O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g29394086.dll O20 - Winlogon Notify: mfcCHE - C:\WINDOWS\SYSTEM32\mfcCHE.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O20 - Winlogon Notify: winbae32 - winbae32.dll (file missing) O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe O23 - Service: OmniForm Printer - Unknown owner - C:\WINDOWS\System32\ofps.exe O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-28-2006, 03:47 PM
|
#2 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Hello and welcome to TSF. I apologize for the delay, we have been very busy lately. I assure you it is not becauese you gave too much detail
 I recommend you Subscribe to this thread so you are notified of any replies via email. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Subscribe. Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions. Downloads(make sure to save these in a permanent location) Cleanup!- Install it. You will use this later. *NOTE* Cleanup deletes EVERYTHING out of temporary folders and does not make backups. Ewido Anti-Malware
When you have finished updating, EXIT Ewido. win32delfkil.exe-Save it on your desktop.
Next, please reboot your computer in Safe Mode by doing the following:
Add/Remove Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs: Websearch WebRebates Viewpoint HijackThis! Open Hijack This and click on Scan. Check the following entries (make sure you do not miss any) R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: (no name) - {249e2583-6642-4987-a6c5-f8254fd248b4} - C:\WINDOWS\system32\mfcCHE.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: ADefaultSearch Class - {944864A5-3916-46E2-96A9-A2E84F3F1208} - blank (file missing) O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00309} - C:\WINDOWS\compstuid.dll O2 - BHO: (no name) - {A4F94C0C-54A7-4DB1-9AF3-B22E63D00310} - C:\WINDOWS\system32\compstuid.dll O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBarBHO.dll O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - blank (file missing) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [websearch] javaw -cp "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch" O4 - HKLM\..\Run: [WebRebates] wjview /cp:p "C:\Program Files\websearch\System\Code" Main lp: "C:\Program Files\websearch O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe O4 - HKLM\..\Run: [p2pnetworking] p2pnetworking.exe O4 - HKLM\..\Run: [monitor1a] C:\Windows\monitor1a.exe O4 - HKCU\..\Run: [clc] C:\WINDOWS\system32\clc.exe O4 - HKCU\..\Run: [5e69735e.exe] C:\Documents and Settings\Sonia\Local Settings\Application Data\5e69735e.exe O18 - Filter: application/x-bt2 - {6E1DDCE8-76BC-4390-9488-806E8FB1AD77} - blank O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g29394086.dll O20 - Winlogon Notify: mfcCHE - C:\WINDOWS\SYSTEM32\mfcCHE.dll O20 - Winlogon Notify: winbae32 - winbae32.dll (file missing) Please remember to close all other windows, including browsers then click Fix checked. File and Folder Deletions Delete the following Files indicated in RED and Folders indicated in BLUE if they still exist. p2pnetworking.exe <Find via Start>Search C:\Windows\monitor1a.exe C:\WINDOWS\g29394086.dll C:\WINDOWS\system32\5e69735e.exe C:\WINDOWS\system32\clc.exe C:\WINDOWS\system32\mfcCHE.dll C:\Documents and Settings\Sonia\Local Settings\Application Data\5e69735e.exe C:\Program Files\Viewpoint C:\Program Files\websearch Tools Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows: *Click "Options..." *Move the arrow down to "Custom CleanUp!" *Put a check next to the following:
Press the CleanUp! button to start the program. If prompted to reboot, click No. Run Ewido with it's updated definitions:(...it's important that all windows must be closed)
Reboot your system in Normal Mode. Online Scans Perform an online scan with Internet Explorer with Panda ActiveScan ** click on "Free use ActiveScan" located on the top right hand corner
In your next post please include:
__________________
|
|
|
|
|
07-31-2006, 12:17 AM
|
#3 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 6
OS: Windows XP Home Edition SP2
|
Sorry took long to reply... lol I was in Sao Paulo for the last three days, just came back into Rio de Janeiro. Anyways, I did all I could, "mcfCHE.dll" gave me problems but with hijackthis I deleted it before startup and got rid of it. Also with the files you told me to take out, I found variations of the "g--numbers--.dll" and removed them too. I know they were variations by the date created and alike names, also how they weren't recognized as important files. Only problem I actually had is with that Panda scan. Not only didn't it scan, but when I allowed the activex to run, it downloaded some virus into my WINDOWS, but my avast! got rid of it as soon as it came up. After that, the scan just wouldn't start, probaly cause of my firewall but I was too mad so I didn't try too hard lol. I'm traumatized from ActiveX related material.
 Is it too big of a problem that I don't have that Panda scan? Here are the other scans you asked for.Ewido Scan: --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 1:01:36 AM 7/31/2006 + Scan result: C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\EARN -> Adware.eZula : Cleaned with backup (quarantined). C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\EARN\EARN website.url -> Adware.eZula : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\LMSetup.exe.tcf -> Adware.MDH : Cleaned with backup (quarantined). C:\Program Files\filesubmit\autumn123.zip\NNWDAC638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Program Files\themexp\Themexp.org File\NNWDAB638.EXE -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\WINDOWS\NDNuninstall7_22.exe -> Adware.NewDotNet : Cleaned with backup (quarantined). C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined). C:\Documents and Settings\monique.HIBREALTY1\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer.1 -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Installer\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller.1 -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CLSID -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Classes\ScreensaversInstaller.Sinstaller\CurVer -> Adware.Screensavers : Cleaned with backup (quarantined). HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ScreensaversInstaller -> Adware.Screensavers : Cleaned with backup (quarantined). C:\Program Files\MaxSpeed -> Adware.SideFind : Cleaned with backup (quarantined). C:\Documents and Settings\-Frank-\Local Settings\Application Data\5e69735e.exe.tcf -> Adware.SmartSearch : Cleaned with backup (quarantined). C:\Documents and Settings\Adilson\Local Settings\Application Data\5e69735e.exe.tcf -> Adware.SmartSearch : Cleaned with backup (quarantined). C:\Documents and Settings\monique.HIBREALTY1\Local Settings\Application Data\5e69735e.exe.tcf -> Adware.SmartSearch : Cleaned with backup (quarantined). C:\Downloads\Chainz2_Setup-dm[1].exe.tcf -> Adware.Trymedia : Cleaned with backup (quarantined). C:\Downloads\ChuzzleSetup-dm[1].exe.tcf -> Adware.Trymedia : Cleaned with backup (quarantined). C:\Downloads\GoldMinerSetup-dm[1].exe.tcf -> Adware.Trymedia : Cleaned with backup (quarantined). C:\HJT\backups\backup-20060730-223559-572.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026572.dll -> Downloader.ConHook.aa : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ddaba.exe -> Downloader.ConHook.ab : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ursrrop.dll -> Downloader.ConHook.ab : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0025571.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0025638.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026790.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026791.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026793.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026794.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026795.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026796.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026797.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026798.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026799.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026800.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026801.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026802.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026804.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026805.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026806.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026807.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026808.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026809.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026810.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026811.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026812.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026813.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026814.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026815.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026816.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026817.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026818.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026819.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026820.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026821.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026822.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026823.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026824.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026825.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026826.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026827.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026828.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026829.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026830.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026831.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026832.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026833.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026834.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026835.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\WINDOWS\cpblpbc25.log -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\WINDOWS\cpblpbc26.log -> Downloader.Delf.aeo : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\admparsel.dll.tcf -> Downloader.Delf.ako : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026803.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined). C:\Program Files\Common Files\Y1123OA.exe -> Downloader.PurityScan.cq : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ld100.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ld101.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ld102.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\ld104.tmp -> Downloader.Zlob.vr : Cleaned with backup (quarantined). C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP26\A0022299.dll -> Hijacker.Agent.ct : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\clbcatix.dll -> Hijacker.Agent.ct : Cleaned with backup (quarantined). C:\WINDOWS\wisterd.exe -> Logger.Banker.bjs : Cleaned with backup (quarantined). C:\WINDOWS\brad.exe -> Logger.Banker.bkq : Cleaned with backup (quarantined). C:\WINDOWS\Downloaded Program Files\popcaploader.dll.tcf -> Not-A-Virus.Downloader.Win32.PopCap.b : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@247realmedia[1].txt.bak -> TrackingCookie.247realmedia : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@247realmedia[2].txt.bak -> TrackingCookie.247realmedia : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ads.addynamix[1].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@ads.addynamix[1].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@ads.addynamix[2].txt.bak -> TrackingCookie.Addynamix : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@z1.adserver[1].txt.bak -> TrackingCookie.Adserver : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@z1.adserver[1].txt.bak -> TrackingCookie.Adserver : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@z1.adserver[2].txt.bak -> TrackingCookie.Adserver : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@adtech[1].txt.bak -> TrackingCookie.Adtech : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@servedby.advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@servedby.advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@servedby.advertising[1].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@servedby.advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@servedby.advertising[2].txt.bak -> TrackingCookie.Advertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@atdmt[1].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@atdmt[2].txt.bak -> TrackingCookie.Atdmt : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@bfast[1].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@bfast[1].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@bfast[2].txt.bak -> TrackingCookie.Bfast : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@bluestreak[1].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@bluestreak[2].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@bluestreak[1].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@bluestreak[2].txt.bak -> TrackingCookie.Bluestreak : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@casalemedia[1].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@casalemedia[2].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@casalemedia[1].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@casalemedia[2].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@casalemedia[2].txt.bak -> TrackingCookie.Casalemedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@centrport[1].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@centrport[1].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@centrport[2].txt.bak -> TrackingCookie.Centrport : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@clickagents[1].txt.bak -> TrackingCookie.Clickagents : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@clickagents[2].txt.bak -> TrackingCookie.Clickagents : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@commission-junction[1].txt.bak -> TrackingCookie.Commission-junction : Cleaned. C:\Program Files\SpyHunter\Backup\sonia@commission-junction[2].txt.bak -> TrackingCookie.Commission-junction : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@data.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@twci.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@data.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@data.coremetrics[2].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@test.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@twci.coremetrics[1].txt.bak -> TrackingCookie.Coremetrics : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@www.directnetadvertising[1].txt.bak -> TrackingCookie.Directnetadvertising : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@doubleclick[2].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@doubleclick[2].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@doubleclick[1].txt.bak -> TrackingCookie.Doubleclick : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@fastclick[2].txt.bak -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@fastclick[2].txt.bak -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\SpyHunter\Backup\sonia@fastclick[1].txt.bak -> TrackingCookie.Fastclick : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@gator[1].txt.bak -> TrackingCookie.Gator : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@webpdp.gator[1].txt.bak -> TrackingCookie.Gator : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@ehg-ati.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-ati.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-cafepress.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-fxcm.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-newegg.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-newegg.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-sigames.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-sonycomputer.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-technuity.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-techtarget.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-tigerdirect.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-tigerdirect.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@ehg-tigerdirect2.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@hg1.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-affinitynet.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-affinitynet.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-aha.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-aol.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-bcstore.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-bestbuy.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-comcast.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-commjun.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-dig.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-foxsports.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-gbcsign.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-ingersollrand.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-interlandinc.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-interval.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-lioninc.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-lioninc.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-lowermybills.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-realtytimes.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-realtytimes.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-realtytrac.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-sonycomputer.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-vonage.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-wachovia.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-z57.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@ehg-zoomerang.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@hg1.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@hg1.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@phg.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@phg.hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\sonia@ehg-bestbuy.hitbox[1].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\sonia@hitbox[2].txt.bak -> TrackingCookie.Hitbox : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@counter2.hitslink[2].txt.bak -> TrackingCookie.Hitslink : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@linksynergy[1].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@linksynergy[2].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@linksynergy[2].txt.bak -> TrackingCookie.Linksynergy : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@mediaplex[2].txt.bak -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\SpyHunter\Backup\sonia@mediaplex[1].txt.bak -> TrackingCookie.Mediaplex : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@qksrv[1].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@qksrv[2].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\sonia@qksrv[1].txt.bak -> TrackingCookie.Qksrv : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@ads.realcastmedia[2].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@ads.realcastmedia[1].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@ads.realcastmedia[2].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\adilson@www.realcastmedia[2].txt.bak -> TrackingCookie.Realcastmedia : Cleaned with backup (quarantined). C:\Program Files\SpyHunter\Backup\-frank-@revenue[1].txt.bak -> TrackingCookie.Revenue : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@revenue[1].txt.bak -> TrackingCookie.Revenue : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@revenue[2].txt.bak -> TrackingCookie.Revenue : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@spylog[2].txt.bak -> TrackingCookie.Spylog : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@spylog[1].txt.bak -> TrackingCookie.Spylog : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@spylog[2].txt.bak -> TrackingCookie.Spylog : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@targetnet[2].txt.bak -> TrackingCookie.Targetnet : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@targetnet[1].txt.bak -> TrackingCookie.Targetnet : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@targetnet[2].txt.bak -> TrackingCookie.Targetnet : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@trafficmp[2].txt.bak -> TrackingCookie.Trafficmp : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@trafficmp[1].txt.bak -> TrackingCookie.Trafficmp : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@trafficmp[2].txt.bak -> TrackingCookie.Trafficmp : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@valueclick[1].txt.bak -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@valueclick[2].txt.bak -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@valueclick[1].txt.bak -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@valueclick[2].txt.bak -> TrackingCookie.Valueclick : Cleaned. C:\Program Files\SpyHunter\Backup\-frank-@statse.webtrendslive[2].txt.bak -> TrackingCookie.Webtrendslive : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@statse.webtrendslive[1].txt.bak -> TrackingCookie.Webtrendslive : Cleaned. C:\Program Files\SpyHunter\Backup\adilson@statse.webtrendslive[2].txt.bak -> TrackingCookie.Webtrendslive : Cleaned. C:\Program Files\SpyHunter\Backup\sonia@ads.x10[1].txt.bak -> TrackingCookie.X10 : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\winbae32.dll.tcf -> Trojan.Agent.vg : Cleaned with backup (quarantined). C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined). ::Report end "C:\Windelf.txt" scan: ************************ * WIN32DELFKIL LOGFILE * ************************ by Marckie BEFORE RUNNING WIN32DELFKIL *************************** File(s) found in Windows directory ---------------------------------- g12705419.dll g13906246.dll g1404229.dll g15107513.dll g18657437.dll g18714259.dll g19915597.dll g199887.dll g22263022.dll g23464790.dll g24665437.dll g29394086.dll g31919407.dll g33120154.dll g34320730.dll g37922549.dll g38748988.dll g39125319.dll g39949514.dll g40323672.dll g41150100.dll g43926833.dll g44752320.dll g45128281.dll g45953267.dll g47153403.dll g5004115.dll g50755712.dll g51613486.dll g51955788.dll g52814232.dll g54014759.dll g57617529.dll g58819598.dll g60053732.dll g6208016.dll g63650063.dll g64851922.dll g66054751.dll g69661527.dll g70862564.dll g72067527.dll g81196674.dll g86244222.dll g87445520.dll g93169460.dll compstuid.dll File(s) found in system32 folder -------------------------------- compstuid.dll Export SharedTaskScheduler key ------------------------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" "{259BA022-2005-45E9-A965-10EDB9C00605}"="Windows Updater" "{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}"="Master Browseui" sharedtaskkey: 259BA022-2005-45E9-A965-10EDB9C00605 --------------------------------------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}] @="C:\\WINDOWS\\g29394086.dll" "ThreadingModel"="Apartment" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{259BA022-2005-45E9-A965-10EDB9C00605}\InprocServer32] @="C:\\WINDOWS\\g29394086.dll" "ThreadingModel"="Apartment" sharedtaskkey: 0B5F7FDF-0717-45BF-B49D-695F3168C7FE --------------------------------------------------- REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B5F7FDF-0717-45BF-B49D-695F3168C7FE}] Notify key ---------- subkey cfgmngr32 is present! AFTER RUNNING WIN32DELFKIL ************************** File(s) found in Windows directory ---------------------------------- g12705419.dll g13906246.dll g1404229.dll g15107513.dll g18657437.dll g18714259.dll g19915597.dll g199887.dll g22263022.dll g23464790.dll g24665437.dll g29394086.dll g31919407.dll g33120154.dll g34320730.dll g37922549.dll g38748988.dll g39125319.dll g39949514.dll g40323672.dll g41150100.dll g43926833.dll g44752320.dll g45128281.dll g45953267.dll g47153403.dll g5004115.dll g50755712.dll g51613486.dll g51955788.dll g52814232.dll g54014759.dll g57617529.dll g58819598.dll g60053732.dll g6208016.dll g63650063.dll g64851922.dll g66054751.dll g69661527.dll g70862564.dll g72067527.dll g81196674.dll g86244222.dll g87445520.dll g93169460.dll File(s) found in system32 folder -------------------------------- Export SharedTaskScheduler key ------------------------------ REGEDIT4 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler] "{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader" "{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon" Notify key ---------- And Hijackthis! scan: Logfile of HijackThis v1.99.1 Scan saved at 1:56:44 AM, on 7/31/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe C:\Program Files\Alwil Software\Avast4\ashServ.exe C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\guard.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\WINDOWS\System32\svchost.exe C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe C:\WINDOWS\System32\wltrysvc.exe C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\System32\bcmwltry.exe C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe C:\Program Files\Alwil Software\Avast4\ashWebSv.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\WINDOWS\system32\svchost.exe C:\Documents and Settings\-Frank-\Desktop\CTL+ALT+DEL.exe C:\HJT\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 200.244.149.25:3128 R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file) O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\--COMP~1\65719~1.BAS\SPYBOT~1\SDHelper.dll O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe O4 - HKLM\..\Run: [!ewido] "C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\ewido.exe" /minimized O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {4989312D-58CF-11D5-A7D7-00E02911103E} (Interealty MultiSelect) - http://rmlsfl.mlxchange.com/Control/...ctComboBox.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ghettoprincess1866.spaces.msn...d/MsnPUpld.cab O16 - DPF: {6FD482A3-7B57-438B-B040-52CAA30147EE} (MLXchange Client Utils) - http://rmlsfl.mlxchange.com/Control/MLXClientUtils.cab O16 - DPF: {83AB6E4D-CDD7-11D3-B5E7-00104B9AFF6E} (GeacRevw Control) - http://rmlsfl.mlxchange.com/Control/IRCSharc.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yaho...ymmapi_416.dll O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://www.popcap.com/games/popcaploader_v6.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{6C34BF9B-8ECC-489B-B056-B28923EE3202}: NameServer = 200.244.149.26,200.244.149.20 O17 - HKLM\System\CCS\Services\Tcpip\..\{D805F1F2-5A84-4CCF-9D42-F64FCCEF5E9A}: NameServer = 200.244.149.26,200.244.149.20 O18 - Protocol: bt2 - {1730B77B-F429-498F-9B15-4514D83C8294} - blank (file missing) O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing) O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing) O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\--Computer Fixers--\ewido anti-spyware 4.0\guard.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe Thanks for the help you've given so far. There was a ton of adware and spyware that ewido took out. Also, so far the Spooler Subsystem App didn't fail this time it started up, and svchost.exe didn't run at 100%, two threads in it I mean. lol I don't think I mentioned the Spooler service failing before, but I just remembered. Sorry if that causes inconvienience. I'm looking forward for your next post Vikesrock8411! (p.s.- This thread has been suscribed since the start.  )
|
|
|
|
|
07-31-2006, 01:56 AM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
The "Virus" that Avast detected was Panda's definition file. Panda does not encrypt the file containing their virus definitions so some AVs including Avast detect it as a virus. Let's run this alternate online scan.
Please open IE and go to Kaspersky WebScanner Next Click on Kaspersky Online Scanner You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
* Turn off the real time scanner of any existing antivirus program while performing the online scan
__________________
|
|
|
|
|
07-31-2006, 10:33 AM
|
#5 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 6
OS: Windows XP Home Edition SP2
|
My bad then, about before. Anyways here's the Kapersky Scan.
------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER REPORT Monday, July 31, 2006 12:31:01 PM Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600) Kaspersky Online Scanner version: 5.0.83.0 Kaspersky Anti-Virus database last update: 31/07/2006 Kaspersky Anti-Virus database records: 210985 ------------------------------------------------------------------------------- Scan Settings: Scan using the following antivirus database: extended Scan Archives: true Scan Mail Bases: true Scan Target - My Computer: C:\ D:\ F:\ Scan Statistics: Total number of scanned objects: 85649 Number of viruses found: 16 Number of infected objects: 21 / 0 Number of suspicious objects: 0 Duration of the scan process: 01:19:11 Infected Object Name / Virus Name / Last Action C:\Documents and Settings\-Frank-\Cookies\index.dat Object is locked skipped C:\Documents and Settings\-Frank-\Desktop\The_Melancholy_of_Suzumiya_Haruhi_v01_c01[EBL].zip Object is locked skipped C:\Documents and Settings\-Frank-\Desktop\[ASH_&_Shi-Fa]_Cluster_Edge_-_01_[2236B8EB].avi Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\History\History.IE5\MSHist012006072420060731\index.dat Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\History\History.IE5\MSHist012006073120060801\index.dat Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\Temp\Perflib_Perfdata_998.dat Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\Temp\~DFBD0E.tmp Object is locked skipped C:\Documents and Settings\-Frank-\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\-Frank-\ntuser.dat Object is locked skipped C:\Documents and Settings\-Frank-\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\Adilson\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\2b111ab0eda16bd9fcacbdae8a92157b_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\3698b1562418b43409a39f13516ca426_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\87c7469c0ae839acbac182b37a78c61c_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\eeb704270e38206cdfb80f09087b8bdf_1dce0e75-1303-433a-bfc1-6b582bd25551 Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat Object is locked skipped C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped C:\Documents and Settings\monique.HIBREALTY1\Local Settings\Temporary Internet Files\AntiPhishing\6729BBF9-D54C-48CB-A4D7-AD400339D808.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat Object is locked skipped C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\aswMaiSv.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped C:\Program Files\Alwil Software\Avast4\DATA\report\Resident protection.txt Object is locked skipped C:\Program Files\LimeWire\Incomplete\T-3218956-Wicked Remix.wma Infected: Trojan-Downloader.WMA.Wimad.d skipped C:\Program Files\SpyHunter\Backup\eZinstall[1].exe.bak/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped C:\Program Files\SpyHunter\Backup\eZinstall[1].exe.bak WiseSFX: infected - 1 skipped C:\Program Files\SpyHunter\Backup\MY2NS.EXE.bak Infected: not-a-virus:AdWare.Win32.MyWay.b skipped C:\Program Files\SpyHunter\Backup\whInstaller.exe.bak Infected: not-a-virus:AdWare.Win32.WebHancer.290 skipped C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.Accoona.b skipped C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe WiseSFX: infected - 1 skipped C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe WiseSFX Dropper: infected - 1 skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP27\A0022325.exe Infected: Trojan-Dropper.Win32.WinAD.e skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0025572.dll Infected: Trojan-Downloader.Win32.Delf.aeo skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026838.dll Infected: Trojan-Downloader.Win32.ConHook.aa skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026839.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026840.dll Object is locked skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026841.exe Infected: Trojan-Spy.Win32.Banker.bkq skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026842.exe Infected: Trojan-Downloader.Win32.ConHook.ac skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026843.dll Infected: Trojan-Downloader.Win32.ConHook.ab skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026844.exe Infected: Trojan-Spy.Win32.Banker.bjs skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026846.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026847.EXE Infected: not-a-virus:AdWare.Win32.NewDotNet skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026848.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\A0026849.exe Infected: not-a-virus:AdWare.Win32.NewDotNet.e skipped C:\System Volume Information\_restore{B37680B2-BA0A-4E5D-BF30-83E44C588624}\RP28\change.log Object is locked skipped C:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped C:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB835732$\xpsp2res.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped C:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped C:\WINDOWS\$NtUninstallQ329115$\reg00003 Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped C:\WINDOWS\Internet Logs\fwdbglog.txt Object is locked skipped C:\WINDOWS\Internet Logs\fwpktlog.txt Object is locked skipped C:\WINDOWS\Internet Logs\IAMDB.RDB Object is locked skipped C:\WINDOWS\Internet Logs\THEREALTYBRANCH.ldb Object is locked skipped C:\WINDOWS\Internet Logs\tvDebug.log Object is locked skipped C:\WINDOWS\SchedLgU.Txt Object is locked skipped C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped C:\WINDOWS\Sti_Trace.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\Antivirus.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bak Infected: Trojan.Win32.Qhost skipped C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped C:\WINDOWS\Temp\Perflib_Perfdata_108.dat Object is locked skipped C:\WINDOWS\Temp\ZLT00085.TMP Object is locked skipped C:\WINDOWS\Temp\ZLT00088.TMP Object is locked skipped C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped C:\WINDOWS\WIADEBUG.LOG Object is locked skipped C:\WINDOWS\WIASERVC.LOG Object is locked skipped C:\WINDOWS\WindowsUpdate.log Object is locked skipped Scan process completed. |
|
|
|
|
07-31-2006, 12:55 PM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Don;t worry about the Panda thing, you are much better off safe then sorry.
Delete the following files: C:\Program Files\LimeWire\Incomplete\T-3218956-Wicked Remix.wma C:\Program Files\SpyHunter\Backup\eZinstall[1].exe.bak C:\Program Files\SpyHunter\Backup\MY2NS.EXE.bak C:\Program Files\SpyHunter\Backup\whInstaller.exe.bak C:\Program Files\themexp\Themexp.org File\atoolbar400135.exe C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts.bak How is the PC running now?
__________________
|
|
|
|
|
07-31-2006, 02:07 PM
|
#7 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 6
OS: Windows XP Home Edition SP2
|
A hell lot better than before. Spooler service doesn't seem to fail anymore, svchost.exe running normal, firewalls not telling me about strange ips my trying to connect with my pc, and yeah, it's great. Thanks alot. Now I can access my bank in peace knowing my computer is safe. Thanks again. Hopefully we won't be meeting each other again too soon.
|
|
|
|
|
07-31-2006, 02:38 PM
|
#8 (permalink) |
|
Analyst, Security Team
Join Date: Jun 2005
Posts: 3,065
OS: Windows XP
|
Ewido removed 2 trojans known as Trojan.banker It is very possible that your Firewall caught all activity attmepted by these trojans, but I would closely examine any bank and credit card statements and change all passwrods on these sites.
Your log appears to be clean. If you still have any problems let me know and we will work on diagnosing those through other means. If not, there are just a few more things to go through to finish this off and help prevent future infections. Please post one more time even if you have no problems so we can mark this thread as resolved. Setting a new Restore Point Go to Start >> Run - type control sysdm.cpl,,4 & press Enter.
Windows Update Make sure to get the latest updates for Windows and Internet Explorer at Microsoft Update Site. Prevention A good virus scanner is a necessity in today's computer environment. Many virus scanners include active components that protect you from infection without even running a scan. Some good free antivirus programs include: AVG Free Avast! Home Edition (Antivirus & Firewall) AntiVir A firewall is the first line of defense standing between the internet and your computer. Some good free firewalls are: Zone Alarm Outpost Tiny Personal Firewall Sunbelt Kerio Personal Firewall Adaware SE and Spybot SD are a pair of anti-spyware scanners that should be run every week or two. Although there is some overlap there are many pieces of malware that is caught by one of these and not the other, therefore it is recommended you use both to compliment each other. Spybot also contains two other useful pieces. The first is "Immunize", this helps protect your computer against known exploits. The second is "TeaTimer", with this feature enabled you will receive notifications of all changes to the registry such as programs adding themselves to start-up and you default search page being changed. Spyware Blaster is a powerful tool that prevents "drive-by" downloads and other unwanted installations. It also uses no system resources, run it once and you're all set. Spyware Guard Is a realtime protection engine to guard your computer from spyware. This program does for spyware what an antivirus program does for viruses. IE-Spyad is a program that only needs to be run once to protect you from many malicious sites. It adds domains of known adware companies into the Restricted List of Internet Explorer, preventing them from performing malicious actions on your PC. The MVPS HOSTS file is a file you can download and use to replace your regular hosts file. It prevents many sites from performing malicious actions by blocking the sites from ever being accessed. Together these programs form a powerful barrier between the Internet and your computer. However, all the programs stand alone and feel free to eliminate any you are not comfortable with. Any protection you add to your PC is better than no protection at all. Alternative Programs Here are some alternatives that are either less suceptible than others to malware or don't contain malware where similar programs do. Trillian or Miranda-IM - These are Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN) Desktop Weather - Free taskbar weather program that is free, malware free, and resource light. Firefox - This is an increasingly popular alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
__________________
|
|
|
|
|
07-31-2006, 10:19 PM
|
#9 (permalink) |
|
Registered User
Join Date: Jul 2006
Posts: 6
OS: Windows XP Home Edition SP2
|
Yep, thought about changing it, guess I will since I was told by a professional. Thanks for all your hard work, and the extra sites you put in there. Thanks a million.
EDIT: Thread resolved.
Last edited by Mukanshin; 07-31-2006 at 10:20 PM. |
|
|
|
| Thread Tools | |
|
|
