Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

HJT Log - plumbum


  • This topic is locked This topic is locked
8 replies to this topic

#1 plumbum

plumbum

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 13 July 2005 - 01:13 PM

Logfile of HijackThis v1.99.1
Scan saved at 11:11:55 AM, on 7/13/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe
C:\WINDOWS\System32\ctfmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\conime.exe
C:\Documents and Settings\Arthur\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: 강조 - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: 검색 - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

thanks

BC AdBot (Login to Remove)

 


m

#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 15 July 2005 - 06:32 AM

Hi plumbum and Welcome to the Bleeping Computer!

What are the exact problems you are having??

The file below doesnt look friendly at all

C:\WINDOWS\System32\conime.exe
http://www.liutilities.com/products/wintas...library/conime/

Please have it scanned at these 2 sites

http://www.virustotal.com/flash/index_en.html

http://virusscan.jotti.org/


Then have the entire PC Scanned here
http://www.pandasoftware.com/products/acti...n_principal.htm

Save the Report from the Panda Scan and place it in the Next post along with the Info on the file I asked about!

Edited by Cretemonster, 15 July 2005 - 06:33 AM.


#3 plumbum

plumbum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 24 July 2005 - 02:52 PM

Here's what you requested:

VirusTotal:
This is a report processed by VirusTotal on 07/24/2005 at 19:20:47 (CET) after scanning the file "conime.exe" file.
Antivirus Version Update Result
AntiVir 6.31.1.0 07.22.2005 no virus found
AVG 718 07.22.2005 no virus found
Avira 6.31.1.0 07.22.2005 no virus found
BitDefender 7.0 07.22.2005 no virus found
CAT-QuickHeal 7.03 07.23.2005 no virus found
ClamAV devel-20050712 07.23.2005 no virus found
DrWeb 4.32b 07.24.2005 no virus found
eTrust-Iris 7.1.194.0 07.23.2005 no virus found
eTrust-Vet 11.9.1.0 07.22.2005 no virus found
Fortinet 2.36.0.0 07.23.2005 no virus found
F-Prot 3.16c 07.22.2005 no virus found
Ikarus 2.32 07.22.2005 no virus found
Kaspersky 4.0.2.24 07.24.2005 no virus found
McAfee 4541 07.22.2005 no virus found
NOD32v2 1.1176 07.22.2005 no virus found
Norman 5.70.10 07.21.2005 no virus found
Panda 8.02.00 07.24.2005 no virus found
Sybari 7.5.1314 07.24.2005 no virus found
Symantec 8.0 07.23.2005 no virus found
TheHacker 5.8.2.075 07.23.2005 no virus found
VBA32 3.10.4 07.24.2005 no virus found

Jotti Virusscan:
File: conime.exe
Status: OK (Note: this file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5 054df8f752497c6b74dd7b65cca61132
Packers detected: -
Scanner results
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
Fortinet Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
UNA Found nothing
VBA32 Found nothing

Panda Activescan:

Incident Status Location

Adware:adware/midaddle No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\9.dll
Spyware:spyware/altnet No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\asmfiles.cab
Adware:adware/ncase No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\bb.exe
Adware:adware/gator No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\bundle.inf
Spyware:spyware/cydoor No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\cd_clint.dll
Adware:adware/toprebates No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\djtopr1150.exe
Adware:adware/transponder No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\dummy.htm
Adware:adware/kingporn No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\ExtractDLL.dll
Adware:adware/keenvalue No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\IncrediFindBHOLog.tmp
Adware:adware/p2pnetworking No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\p2psetup.exe
Spyware:spyware/istbar No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\shortcuts.txt
Spyware:spyware/tvmedia No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\TvmUpdater.exe
Adware:adware/ezula No disinfected C:\WINDOWS\SYSTEM32\ezWbr.dll
Spyware:spyware/betterinet No disinfected C:\WINDOWS\INF\biini.inf
Spyware:spyware/localnrd No disinfected C:\WINDOWS\INF\localNrd.inf
Adware:adware/bookedspace No disinfected C:\WINDOWS\bxxs5.dll
Adware:adware/twain-tech No disinfected C:\WINDOWS\multimpp.dll
Spyware:spyware/new.net No disinfected C:\WINDOWS\NDNuninstall5_20.exe
Adware:adware/wintools No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\msiein
Adware:adware/apropos No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\LOCAL SETTINGS\TEMP\~apropos0
Adware:adware/sidesearch No disinfected C:\DOCUMENTS AND SETTINGS\ARTHUR\APPLICATION DATA\Lycos
Adware:adware/portalscan No disinfected HKEY_CURRENT_USER\SOFTWARE\2ND
Adware:adware/statblaster No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MINIGOLF
Adware:adware/exactsearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF}
Adware:adware/beginto No disinfected HKEY_CURRENT_USER\EEENNN
Spyware:spyware/bargainbuddy No disinfected HKEY_LOCAL_MACHINE\SYSTEM\CONTROLSET001\SERVICES\ISEXENG
Adware:adware/memorywatcher No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\MEMORYWATCHER
Adware:adware/savenow No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP MANAGEMENT\ARPCACHE\SAVENOW
Adware:adware/cws No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN\START PAGE_BAK
Adware:adware/sidefind No disinfected HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\INTERNET EXPLORER\EXTENSIONS\CMDMAPPING\{10E42047-DEB9-4535-A118-B3F6EC39B807}
Spyware:spyware/media-motor No disinfected HKEY_CLASSES_ROOT\Interface\{a7d0472e-c1fc-4d8f-aba1-98a7692561bf}
Adware:adware/lop No disinfected HKEY_CLASSES_ROOT\Interface\{a1558b18-f76c-40fe-b358-9e47449f3cfe}
Adware:Adware/Startpage.PX No disinfected C:\Documents and Settings\Arthur\Desktop\backups\backup-20050224-204147-439.dll
Possible Virus. No disinfected C:\Documents and Settings\Arthur\Desktop\backups\backup-20050224-204147-939.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Desktop\backups\backup-20050224-204147-948.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\0.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\04Kp4p.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\0k.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\0rVZ0F9.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\16mgguBYf.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\3ftfwzkbr.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\3NaXi.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\4bSSsRmM0.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\4By1hdA.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\4CqAM.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\5EW.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\5iGVZ5rz.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\6c.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\6je.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\6Lxz2w.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\6pou.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\6zd.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\71.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\7bT7D17r.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\7GWcXO.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\7q60.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\8.dll
Adware:Adware/Adtomi No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\8yur.sys
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\9.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\9hB.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\9shcPx.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\A.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\ACZp.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\ALUOnrWj.dll
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\asmfiles.cab
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\asmfiles.cab[asmps.dll]
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\aU9j6M.dll
Adware:Adware/BlazeFind No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\bar.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\bb.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\bcAD.dll
Adware:Adware/IPInsight No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Belt.ini
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\BmZX.dll
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Bqip.exe
Spyware:Spyware/BargainBuddy No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\cdt_bbi8016.exe
Spyware:Spyware/Cydoor No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\cd_clint.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\CE9IOD.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\cN.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\cY8yapJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\D.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\d0KonvcDO.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\d4ad.dll
Adware:Adware/nCase No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Del1A.tmp
Adware:Adware/nCase No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Del3.tmp
Adware:Adware/nCase No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Del8.tmp
Adware:Adware/nCase No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Del9.tmp
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\DjAZ4to.dll
Adware:Adware/TopRebates No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\djtopr1150.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\dKD9KZl6m.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\dyd.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\EI.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\El6Iy.dll
Spyware:Spyware/SafeSurf No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\ExtractDLL.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Fgn.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\fGy6o.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\fIuQALOa.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Fou7yoUCW.dll
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\fvL2.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\fwOJSs.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\g.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\GHAd.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Gn6BfQ9s.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\GPEk.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\GsHYky8R.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\GSqNASrG.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\gykr.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\GZoG5.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Hkd.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\HR.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\ht.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\IC.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\icCq.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\IeQeCF5d.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\iFVI8xV.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\IM.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Iqbk.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Iv.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\j.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\jAkl3PX.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\JYLjP.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\l.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\laZ2.dll
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\lc.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Lu.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\M.dll
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\MemoryWatcher_b.exe
Adware:Adware/Adtomi No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\msshed32.exe
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\mw.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Mwnxk.dll
Adware:Adware/MemoryWatcher No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\mw_4s_stub.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Ny.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\OD.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\oG.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\oIBh.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\oRwGhqk.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\OyxQUE.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\OYY.dll
Adware:Adware/P2PNetworking No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\p2psetup.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\PdY8auZj.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\PL.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\pPzSk.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\psBO.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\q.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Qk.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\QpY63.dll
Spyware:Spyware/BetterInet No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\randreco.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\rAWeuh.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\rpcRYsN.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\RTMPbg.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\s.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\S4.exe
Adware:Adware/SideSearch No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\SEPinst.exe
Spyware:Spyware/ISTbar No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\shortcuts.txt
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\ShuKlRL7q.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\SJ2sF.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Sm57qzJwS.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\srIzs.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\SY5XWX.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\t.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\T3.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\TKy.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\tn.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\TpiNT4P.dll
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Tvm.upd
Spyware:Spyware/TVMedia No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\TvmUpdater.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\U.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\u60yZ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\uD.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\UG.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\UHG4doJ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Uo3PqCq.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Updater.exe
Adware:Adware/StatBlaster No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\update_1.exe
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\UpQ.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\UR9rVw.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\uuIt9Py.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\uVg.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\Uw0.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\uyjQeyw.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\v.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\vCwwH3.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\VVuXTk.dll
Adware:Adware/Midaddle No disinfected C:\Documents and Settings\Arthur\Local Settings\Temp\vZwQc.dll

#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 25 July 2005 - 06:05 AM

Attached you will find a Registry file to clean up all those reg entries that Panda Identified!

Please download the trial version of Ewido Security Suite here:
http://www.ewido.net/en/download/

Please read Ewido Setup Instructions
Install it, and update the definitions to the newest files. Do NOT run a scan yet.

If you have not already installed Ad-Aware SE 1.06, follow these download and setup instructions, otherwise, check for updates:
Ad-Aware SE Setup
Don't run it yet!

Download and Install
CleanUp!
Dont use it yet!

Reboot into SAFE MODE(Tap F8 when restarting)
Here is a link on how to boot into Safe Mode:
http://service1.symantec.com/SUPPORT/tsgen...src=sec_doc_nam

After restarting in Safe Mode,Configure Windows to Show All Hidden Files and Folders Here is a link to help with that:
http://www.bleepingcomputer.com/forums/ind...showtutorial=62


Open up CleanUp!-> Click on the Cleanup tab to begin scanning->Once finished-> Click "Close" and Click "NO" to log off!


Open up Ewido and Scan the Entire System-> Clean All it finds-> Be sure to click the tab to Save a Report!


Open up Ad Aware and Scan the System-> Remove all it finds and Delete all Quaratine files!


Now I need you to visibly ensure that each of these Temp folders is empty

C:\Temp

C:\Windows\Temp

C:\Windows\System32\Temp

C:\Documents and Settings\Owner\Local Settings\Temp

C:\Documents and Settings\ARTHUR\Local Settings\Temp

C:\Documents and Settings\<All other users Profile>\Local Settings\Temp

Empty your "Recycle Bin"

Open Internet Explorer,
Select Tools,
Select Internet Options
Select Delete Cookies and Delete Files(Check the box for Delete all offline content)

Go to Start,
Select All Programs
Select Accessories
Select System Tools
Select and Run Disk Cleanup(Make sure that all boxes are checked for cleaning!!)


Now Locate and Delete these

C:\WINDOWS\SYSTEM32\ezWbr.dll

C:\WINDOWS\INF\biini.inf

C:\WINDOWS\INF\localNrd.inf

C:\WINDOWS\bxxs5.dll

C:\WINDOWS\multimpp.dll

C:\WINDOWS\NDNuninstall5_20.exe


Now Double Click the Reg File I attached-> Allow it to merge into the registry!

Restart Normal and Have the PC scanned here
http://www.freedom.net/viruscenter/onlineviruscheck.html


Save that Report and post it along with the Report from Ewido and a fresh HijackThis log!

Attached Files

  • Attached File  Clr.reg   943bytes   8 downloads


#5 plumbum

plumbum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:10:06 AM

Posted 25 July 2005 - 09:00 PM

Freedom Online Virus Check:
no infected

Ewido:
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 5:15:40 PM, 7/25/2005
+ Report-Checksum: 880AFA73

+ Scan result:

HKLM\SOFTWARE\Classes\ANSMTP.OBJ -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\AtlBrowser.EXE -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\{0818D423-6247-11D1-ABEE-00D049C10000} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{17973BD7-959C-4D8A-8B2F-AB200E20A75E} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{370F6327-41C4-4FA6-A2DF-1BA57EE0FBB9} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6FE4AADF-EDAC-4037-9164-0B60179A4F12} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A1558B18-F76C-40FE-B358-9E47449F3CFE} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A2872B10-39F2-42DF-9335-7DD38CF75255} -> Spyware.AproposMedia : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{A797A41D-F9F0-4A32-B9B5-AF927CB5AE54} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{B12508AD-CA55-4238-8DB3-55808BA6915A} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{BF7CB2C3-55B6-44C1-9615-920D004C27F7} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{EFA52460-8822-4191-BA38-FACDD2007910} -> Spyware.eZula : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{F912C325-5B26-4AD6-BF39-84370833E972} -> Spyware.Begin2Search : Cleaned with backup
HKLM\SOFTWARE\Desktop\LicenseStores -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\AUI -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\midADdle -> Spyware.MidAddle : Cleaned with backup
HKLM\SOFTWARE\msbb -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\PerfectNav -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\whpbgjb -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-796845957-1644491937-725345543-1003\Software\2nd -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-796845957-1644491937-725345543-1003\Software\2nd\Client -> Spyware.SecondThought : Cleaned with backup
HKU\S-1-5-21-796845957-1644491937-725345543-1003\Software\msbb -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Arthur\Desktop\backups\backup-20050224-204147-948.dll -> Adware.MidADle : Cleaned with backup
C:\Program Files\Opera7\Plugins\npwthost.dll -> Spyware.WildTangent : Cleaned with backup
C:\WINDOWS\8yur.sys -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\bxxs5.dll -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\localNRD.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\multimpp.dll -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\NDNuninstall5_20.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\preInsln.exe -> Spyware.BiSpy : Cleaned with backup
C:\WINDOWS\system32\8yur.sys -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\bH.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\BO2802040113.dll -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\ezWbr.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\iezset.exe -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\l0t.exe -> Trojan.Kolweb.a : Cleaned with backup
C:\WINDOWS\system32\mscjjn.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\system32\n6omw.exe -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\thin-94-2-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\thinInstOIT61MegaV2s.dll -> Adware.eZula : Cleaned with backup
C:\WINDOWS\system32\vu5o.dll -> Trojan.Delf.cf : Cleaned with backup
C:\WINDOWS\system32\wapisvcc.exe -> Spyware.PurityScan : Cleaned with backup


::Report End

HijackThis:
Logfile of HijackThis v1.99.1
Scan saved at 6:58:37 PM, on 7/25/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Avant Browser\avant.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Arthur\Desktop\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Post-itŪ Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Add to AD Black List - C:\Program Files\Avant Browser\AddToADBlackList.htm
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Block All Images from the Same Server - C:\Program Files\Avant Browser\AddAllToADBlackList.htm
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Highlight - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: Open All Links in This Page... - C:\Program Files\Avant Browser\OpenAllLinks.htm
O8 - Extra context menu item: Search - C:\Program Files\Avant Browser\Search.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O8 - Extra context menu item: 강조 - C:\Program Files\Avant Browser\Highlight.htm
O8 - Extra context menu item: 검색 - C:\Program Files\Avant Browser\Search.htm
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=36467&clcid=0x409
O16 - DPF: {36F46B1E-11B7-4221-B4F7-F1FC9687E7F6} (MBox Control) - http://kr.music.yahoo.com/m_box/component/mbox.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://www.nick.com/common/groove/gx/GrooveAX27.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {C81B5180-AFD1-41A3-97E1-99E8D254DB98} (CSS Web Installer Class) - http://www.freedom.net/viruscenter/onlinev...cabs/cssweb.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation Service (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 27 July 2005 - 05:31 AM

Still seeing lots of garbarge from Ewido!

Does the PC seem to be acting any better?

#7 plumbum

plumbum
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  

Posted 27 July 2005 - 06:03 PM

yea i think so. anything else i should do?

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:10:06 AM

Posted 29 July 2005 - 02:06 PM

Hello, because Cretemonster is in hospital unfortunately, he can't reply to your log... so I'm taking over.
Seems like your problems are fixed. :thumbsup:

However, I suggest you perform a full scan with an updated adaware SE and/or spybot s&d to take care of the leftovers.

To keep this clean in the future, I would suggest the following things:

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Avoid illegal sites, because that's where most malware is present.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Kaspersky online and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

More info on how to prevent malware you can also find here (By Tony Klein)

Happy surfing again! :flowers:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium

Posted 07 August 2005 - 02:17 PM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users