Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Adware.DollarRevenue Problem
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 08-31-2006, 08:05 PM   #1 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 4
OS: xp


Adware.DollarRevenue Problem
Infected with the title problem.
Followed all procedures listed before posting a thread. Any help will be greatly appreciated.

Logfile of HijackThis v1.99.1
Scan saved at 9:56:10 PM, on 8/31/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\rundll.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149098152939
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153349320685
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
Tony S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 08-31-2006, 11:16 PM   #2 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Hello ,welcome

Please download Combofix: http://download.bleepingcomputer.com/sUBs/combofix.exe
and save to the desktop.

1. Double click on combo.exe & follow the prompts.
2. When finished, it will produce a logfile located at C:\ComboFix.txt.
3. Post the contents of that log in your next reply with a new hijackthis log.

Notes:
* Do not mouseclick combofix's window while it is running. That may cause your system to stall/hang.
* Do not proceed with the rest of the fix if you fail to run combofix
* Disable script blocking if you have NAV installed so it will not interfere with the fix. Trojan Hunter has been reported to detect combofix as Worm.Qiv.100.
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-01-2006, 09:17 AM   #3 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 4
OS: xp


Dad - 06-09-01 11:13:12.07
ComboFix 06.08.30BT - Running from: C:\Documents and Settings\Dad\Desktop

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrff_14.exe
C:\drsmartload849a849i.exe
C:\kybrdff_14.exe
C:\MTE3NDI6ODoxNg.exe
C:\nwnmff_14.exe
C:\mte3ndi6odoxng.exe


((((((((((((((((((((((((((((((( Files Created from 2006-08-01 to 2006-09-01 ))))))))))))))))))))))))))))))))))


2006-08-31 23:37 200,704 --a------ C:\fb.exe
2006-08-29 15:51 365,568 --a------ C:\814.exe
2006-08-29 15:51 215,308 --a------ C:\WINDOWS\srvrvxzpep.exe
2006-08-28 19:20 1,390,080 --a------ C:\WINDOWS\system32\sdba.exe
2006-08-28 19:16 298 --a------ C:\da.exe
2006-08-28 18:37 1,390,080 -r-hs---- C:\WINDOWS\rundll.exe
2006-08-21 16:48 53,248 --a------ C:\WINDOWS\uni_ehhhh.exe
2006-08-19 20:17 69,568 --a------ C:\WINDOWS\DZIP.DLL
2006-08-19 20:17 48,896 --a------ C:\WINDOWS\DUNZIP.DLL
2006-08-19 20:17 158,224 --a------ C:\WINDOWS\LLATSNI.EXE
2006-08-05 18:44 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-31 22:17 -------- d-------- C:\Program Files\UltimateBet
2006-08-31 21:48 -------- d-------- C:\Program Files\Mozilla Firefox
2006-08-31 20:42 -------- d-------- C:\Program Files\Hijackthis
2006-08-31 20:25 -------- d-------- C:\Documents and Settings\Dad\Application Data\WholeSecurity
2006-08-31 18:47 -------- d-------- C:\Program Files\Common Files\Symantec Shared
2006-08-31 18:47 -------- d-------- C:\Program Files\Common Files\Scanner
2006-08-31 18:47 -------- d-------- C:\Program Files\Common Files
2006-08-31 18:47 -------- d-------- C:\Program Files\CA
2006-08-27 19:45 -------- d-------- C:\Program Files\Rave-MP
2006-08-27 18:50 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-08-25 13:39 -------- d-------- C:\Program Files\Call of Duty Game of the Year Edition
2006-08-18 11:04 -------- d-------- C:\Program Files\WON
2006-08-18 11:04 -------- d-------- C:\Program Files\Common Files\Sierra On-Line
2006-08-18 10:22 -------- d-------- C:\Documents and Settings\Dad\Application Data\Leadertech
2006-08-18 10:17 -------- d-------- C:\Program Files\NovaLogic
2006-08-18 10:03 -------- d-------- C:\Program Files\Activision
2006-08-13 01:17 -------- d-------- C:\Program Files\AIM
2006-08-10 03:03 -------- d-------- C:\Program Files\Internet Explorer
2006-08-05 17:12 -------- d-------- C:\Documents and Settings\Dad\Application Data\Talkback
2006-08-05 17:11 -------- d-------- C:\Documents and Settings\Dad\Application Data\Mozilla
2006-08-05 17:10 -------- d---s---- C:\Documents and Settings\Dad\Application Data\Microsoft
2006-07-29 21:08 -------- d-------- C:\Program Files\Symantec
2006-07-29 21:07 -------- d-------- C:\Program Files\Symantec Client Security
2006-07-29 21:07 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-07-27 11:06 -------- d-------- C:\Program Files\Common Files\AOL
2006-07-27 09:24 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-07-21 21:52 -------- d-------- C:\Program Files\AOL
2006-07-21 21:51 -------- d-------- C:\Program Files\AOD
2006-07-21 04:24 72704 --a------ C:\WINDOWS\system32\hlink.dll
2006-07-15 10:25 -------- d-------- C:\Program Files\CleanUp!
2006-06-15 02:42 83752 --a------ C:\WINDOWS\system32\pds.dll
2006-06-15 02:42 83752 --a------ C:\WINDOWS\system32\nts.dll
2006-06-15 02:42 46896 --a------ C:\WINDOWS\system32\msgsys.dll
2006-06-15 02:41 83696 --a------ C:\WINDOWS\system32\loc32vc0.dll
2006-06-15 02:41 34600 --a------ C:\WINDOWS\system32\cba.dll
2006-06-15 02:40 43760 --a------ C:\WINDOWS\system32\NavLogon.dll
2006-06-02 18:40 871 --a------ C:\Documents and Settings\Dad\Application Data\AdobeDLM.log
2006-06-02 18:40 0 --a------ C:\Documents and Settings\Dad\Application Data\dm.ini


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMan"="SOUNDMAN.EXE"
@=""
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"vptray"="C:\\PROGRA~1\\SYMANT~1\\SYMANT~2\\VPTray.exe"
"eTrustPPAP"="\"C:\\Program Files\\CA\\eTrust PestPatrol\\PPActiveDetection.exe\""

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\Run]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,cc,00,00,00,00,00,00,00,34,03,00,00,de,02,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Completion time: Fri 09/01/2006 11:14:17.50
ComboFix.txt



New Hijacj log

Logfile of HijackThis v1.99.1
Scan saved at 11:15:48 AM, on 9/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\rundll.exe
C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [eTrustPPAP] "C:\Program Files\CA\eTrust PestPatrol\PPActiveDetection.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149098152939
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153349320685
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: rundll.exe - Unknown owner - C:\WINDOWS\rundll.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
Tony S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-01-2006, 05:52 PM   #4 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Just a bit more to do.....


Download and scan with Ewido Anti-Spyware v4.0
1. After download, double click on the file to launch the install process.
2. Choose a language, click "OK" and then click "Next".
3. Read the "License Agreement" and click "I Agree".
4. Accept default installation path: C:\Program Files\ewido anti-spyware 4.0, click "Next", then click "Install".
5. After setup completes, click "Finish" to start the program automatically or launch ewido by double-clicking its icon on your desktop or in the system tray.
6. The main "Status" menu will appear. Select "Change state" to inactivate 'Resident Shield' and 'Automatic Updates'.
7. Then right click on ewdio in the system tray and uncheck "Start with Windows".
8. Go to Start > Run and type: services.msc
  • Press "OK".
  • Click the "Extended tab" and scroll down the list to find ewido anti-spyware 4.0 guard.
  • When you find the guard service, double-click on it.
  • In the Properties Window > General Tab that opens, click the "Stop" button.
  • From the drop-down menu next to "Startup Type", click on "Manual".
  • Now click "Apply", then "OK" and close the Services window.
9. Select the "Update" button and click "Start update". If you are having problems with the updater, manually update with the Ewido Full database installer from here.

Once the updates are installed do the following:
1. Click on the "Scanner" button and choose the "Settings" tab.
  • Under "How to act?", click on "Recommended actions" and choose "Quarantine" to set default action for detected malware.
  • Under "How to Scan?" check all (default).
  • Under "Possibly unwanted software" check all (default).
  • Under "What to Scan?" make sure "Scan every file" is selected (default).
  • Under "Reports" select "Automatically generate report after every scan and UNcheck "Only if threats were found".
2. Click the "Scan" tab to return to scanning options.
3. Click "Complete System Scan" to start.
4. When the scan has finished you will be presented with a list of infected objects found. Click "Apply all actions" to place the files in Quarantine.

IMPORTANT! Do not save the report before you have clicked the Apply all actions button. If you do, the log that is created will indicate "No action taken", making it more difficult to interpret the report. So be sure you save it only AFTER clicking the "Apply all actions" button?

5. Click on "Save Report" to view all completed scans. Click on the most recent scan you just performed and select "Save report as" - the default file name will be in date/time format as follows: Report-Scan-20060620-142816.txt. Save to your desktop. A copy of each report will also be saved in C:\Program Files\ewido anti-spyware 4.0\Reports\
6. Exit Ewido when done and submit the log report in your next response.

Note: Close all open windows, programs, and DO NOT USE the computer while Ewido is scanning. If Explorer or other programs are open during the scan that means certain files will also be in use. Some malware will insert itself and hide in areas that are "protected" by Windows when the files are being used. This can hamper Ewido's ability to clean properly and may result in reinfection.

Note: If Ewido "crashes" or "hangs" during the scan, try scanning again by doing this:
1. Scan one sector of the system at a time by using the "Custom Scan" feature. To do this select Scanner > Custom Scan and click on Add drive/directory/file. Browse to C:\Windows > System, add this folder to the list and click on "Start Scan". When the scan is complete, repeat the Custom Scan but this time, browse to and add the System32 folder. Then keep repeating this procedure until all your folders have been scanned. Make sure you include the Documents & Settings folder.

2. If this still does not help, then turn the ADS scanner off while making a Custom Scan. To do this select Scanner > Scan Settings and untick "Scan in NTFS Alternate Data Streams". Then repeat the steps above for performing a Custom Scan.
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 08:40 AM   #5 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 4
OS: xp


Sorry I did not post sooner- the power has been out.
Ran Ewido- the problem has not showed up today.
Thanks
---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 10:34:01 AM 9/4/2006

+ Scan result:



C:\fb.exe -> Backdoor.IRCBot.ih : No action taken.
C:\814.exe -> Downloader.Dyfuca.fb : No action taken.
C:\Documents and Settings\LocalService\Desktop\TagASaurus.exe -> Hijacker.Small : No action taken.
:mozilla.118:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.121:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Mom\Cookies\mom@coxhsi.112.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ren\Cookies\ren@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Ren\Cookies\ren@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
:mozilla.133:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.134:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.135:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.136:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
:mozilla.129:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.130:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.131:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.132:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
:mozilla.10:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Dad\Cookies\dad@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Ren\Cookies\ren@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
:mozilla.106:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.107:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.108:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.109:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.145:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.146:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.147:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
:mozilla.28:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Com : No action taken.
:mozilla.20:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Ren\Cookies\ren@fastclick[1].txt -> TrackingCookie.Fastclick : No action taken.
:mozilla.137:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.138:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.139:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.140:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.141:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Gamershell : No action taken.
:mozilla.110:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.111:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.113:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Hitbox : No action taken.
C:\Documents and Settings\Mom\Cookies\mom@ehg-verizonwireless.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken.
:mozilla.87:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.88:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
:mozilla.114:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.115:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.116:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
:mozilla.89:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.90:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.91:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.44:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.45:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.46:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.47:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.51:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.52:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.53:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.54:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.55:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.86:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.99:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Trafic : No action taken.
:mozilla.101:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.102:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.103:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.104:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.105:C:\Documents and Settings\Ant\Application Data\Mozilla\Firefox\Profiles\bo7ir2kk.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Dad\Cookies\dad@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Ren\Cookies\ren@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Ren\Cookies\ren@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\uni_ehhhh.exe -> Trojan.VB.tg : No action taken.


::Report end
Tony S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 05:59 PM   #6 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


That looks all ok now so you should be good to go...
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 08:16 PM   #7 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


I missed it.Can you redo the Ewido scan again and make sure to set it to Quarantine and then post the log and a HJT log please.
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-04-2006, 10:02 PM   #8 (permalink)
Security Team (ret.)
 
Pancake's Avatar
 
Join Date: Nov 2003
Location: Victoria.Australia
Posts: 7,404
OS: XP Pro SP3


Hi
Sorry about all these post...

Download SDFix and save it to your desktop.

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
  • In Safe Mode, right click the SDFix.zip folder and choose Extract All,
  • Open the extracted folder and double click RunThis.bat to start the script.
  • Type Y to begin the script.
  • It will remove the Trojan Services then make some repairs to the registry and prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • Your system will take longer that normal to restart as the fixtool will be running and removing files.
  • When the desktop loads the Fixtool will complete the removal and display Finished, then press any key to end the script and load your desktop icons.
  • Finally open the SDFix folder on your desktop and copy and paste the contents of the results file Report.txt back onto the forum with a new HijackThis log
__________________
Eddy
Pancake is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 09-05-2006, 08:18 AM   #9 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 4
OS: xp


Logfile of HijackThis v1.99.1
Scan saved at 10:17:03 AM, on 9/5/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\dcfssvc.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Malicious Scripts Scanner - {55EA1964-F5E4-4D6A-B9B2-125B37655FCB} - C:\Documents and Settings\All Users\Application Data\Prevx\pxbho.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [PrevxOne] C:\Program Files\Prevx1\PXConsole.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\KODAK\Kodak EasyShare software\bin\EasyShare.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra 'Tools' menuitem: UltimateBet - {94148DB5-B42D-4915-95DA-2CBB4F7095BF} - C:\Program Files\UltimateBet\UltimateBet.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1149098152939
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153349320685
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dcfssvc - Eastman Kodak Company - C:\WINDOWS\system32\drivers\dcfssvc.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: IS Service (ISSVC) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Prevx Agent (PREVXAgent) - Unknown owner - C:\Program Files\Prevx1\PXAgent.exe" -f (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe



SDFix: Version 1.20
-------------------------

Scan Time/Date:

09:56 AM
Tue 09/05/2006

Microsoft Windows XP [Version 5.1.2600]

Running from:
C:\Documents and Settings\Dad\Desktop\SDFix\SDFix


Stage One...


Checking Services...

Service Name:
------------------

rundll.exe

File Path:
------------

C:\WINDOWS\rundll.exe

Removing Services:
------------------------

SUCCESS


Repairing Registry...

Restoring Default Hosts File...

Stage One Complete

Rebooting!

Stage Two...

Registry Cleaning Finished...

Checking For Malware Files:
----------------------------------

C:\WINDOWS\rundll.exe

Backing Up and Removing any Files Found....

Final Check:

Remaining Services:
------------------------


Remaining Files:
-------------------




FINISHED
Tony S is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 12:16 AM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85