Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My hijacked log


  • Please log in to reply
17 replies to this topic

#1 coursol

coursol

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 28 July 2005 - 12:01 PM

Computer is starting run slower along with some ads pop ups thought you guys might be able to help
Thanks
Logfile of HijackThis v1.99.1
Scan saved at 12:58:31 PM, on 7/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Kazza Lite Folders\Diskeeper_v8[1].0\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\uvhqhmyq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Ekcyt\Isgtoty.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
G:\burning\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Trevor\Application Data\Mozilla\Profiles\default\xluagvvr.slt\prefs.js)

BC AdBot (Login to Remove)

 


#2 coursol

coursol
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 28 July 2005 - 12:03 PM

sorry here is the whole hijacked files

Logfile of HijackThis v1.99.1
Scan saved at 12:58:31 PM, on 7/28/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Kazza Lite Folders\Diskeeper_v8[1].0\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\uvhqhmyq.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\QuickTime\qttask.exe
C:\program files\internet explorer\iexplore.exe
C:\Program Files\Ekcyt\Isgtoty.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\VideoLAN\VLC\vlc.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
G:\burning\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Trevor\Application Data\Mozilla\Profiles\default\xluagvvr.slt\prefs.js)
O2 - BHO: (no name) - {00000010-6F7D-442C-93E3-4A4827C2E4C8} - (no file)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: BHOMoneyGainer Class - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - C:\WINDOWS\shginas.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: BAHelper Class - {A3FDD654-A057-4971-9844-4ED8E67DBBB8} - C:\Program Files\SideFind\sfbho.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.108-big.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [aaUthRqb] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [i117glru] C:\WINDOWS\system32\i117glru.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ofcezmj] C:\Program Files\Ekcyt\Isgtoty.exe
O4 - HKLM\..\Run: [aaUth$v/fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: snipemon.LNK = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: SideFind - {10E42047-DEB9-4535-A118-B3F6EC39B807} - C:\WINDOWS\System32\shdocvw.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.gamesmania.com/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\autocad\AcDcToday.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://aceshigh.microgaming.com/aceshigh/FlashAX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\autocad\AcPreview.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6CBA768-A499-4DCA-8E99-754B27191299}: NameServer = 206.47.244.59 206.47.244.105
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Kazza Lite Folders\Diskeeper_v8[1].0\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#3 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:34 PM

Posted 28 July 2005 - 05:54 PM

Hello,

To provide you a comlete fix, i need you to do one more thing first
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and past the List from the notebook onto your post


#4 coursol

coursol
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 28 July 2005 - 06:42 PM

HEre you go. Just to let you know this happened when i was installing streets and maps from microsoft. Now alot of my microsoft programs are very esgy and crash if i press a button to fast.



AC3 Decoder v.1.0 (full install)
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
AL Font Installer 2.2
Album photo Microsoft 9
Alcatel SpeedTouch USB Software
America's Army
ArcSoft Camera Suite
AviSynth 2.5
Axis and Allies
Battlecraft 1942
Battlefield 1942
Battlefield 1942 Secret Weapons of WWII Demo
Battlefield 1942: The Road To Rome
Battlefield 2™ Demo
Battlefield Vietnam™
BenQ QVideo
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ccCommon
CCleaner (remove only)
cd.cover.++ (remove only)
CD+G Disc Player Plug-In for Winamp
Cool Page 2.7
Data Lifeguard
DelFin Media Viewer
Dell ResourceCD
Dell Support 5.0.0 (630)
Demolition Champions
Direct Show Ogg Vorbis Filter (remove only)
Diskeeper Professional Edition
DivX 5.0.3 Bundle
DVD X Rescue
DVD-Squeeze 3.0
Easy Video Splitter 1.28
Efficient Networks SpeedStream DSL
eGames GameButler

#5 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:34 PM

Posted 30 July 2005 - 02:18 AM

can you give me the whole uninstall list.
As far as i can see now we miss the part from E -Z.

#6 coursol

coursol
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 30 July 2005 - 02:10 PM

Oppps Sorry thanks


AC3 Decoder v.1.0 (full install)
Ad-Aware SE Personal
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
AL Font Installer 2.2
Album photo Microsoft 9
Alcatel SpeedTouch USB Software
America's Army
ArcSoft Camera Suite
AviSynth 2.5
Axis and Allies
Battlecraft 1942
Battlefield 1942
Battlefield 1942 Secret Weapons of WWII Demo
Battlefield 1942: The Road To Rome
Battlefield 2™ Demo
Battlefield Vietnam™
BenQ QVideo
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ccCommon
CCleaner (remove only)
cd.cover.++ (remove only)
CD+G Disc Player Plug-In for Winamp
Cool Page 2.7
Data Lifeguard
DelFin Media Viewer
Dell ResourceCD
Dell Support 5.0.0 (630)
Demolition Champions
Direct Show Ogg Vorbis Filter (remove only)
Diskeeper Professional Edition
DivX 5.0.3 Bundle
DVD X Rescue
DVD-Squeeze 3.0
Easy Video Splitter 1.28
Efficient Networks SpeedStream DSL
eGames GameButler
eMule
eMusic - 50 Free MP3 offer
Enhanced MediaLoads
EXEtender Player
Family Tree Maker 2005
FILE and MP3 Renamer 2003
File Renamer - Basic
File Sorting Utility
Font Creator Program 3.1.3
Fort Agent
Freedom Security & Privacy
GameSpy Arcade
Google Toolbar for Internet Explorer
GriffTax Simple
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hoyle Card Games 2004
hp instant support
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
ImageMixer for Sony
Intel® PRO Ethernet Adapter and Software
InterActual Player
Internet Worm Protection
InterVideo WinDVD Creator 2
InterVideo WinDVD Platinum 5
IsoBuster 1.5
ISTsvc
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_01
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
Karaoke Builder CD+G Player
KaZaA Lite 2.0.0
KODAK Picture Software
Learn To Speak Spanish 8.1
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech iTouch Software
Logitech MouseWare 9.75
Magic School Bus - Dinosaurs
Medal of Honor Allied Assault
MediaFACE II
MediaMonkey 2.1
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard 2002
Microsoft Money 2002
Microsoft Money 2002 System Pack
Microsoft Office 2000 Premium
Microsoft Office FrontPage 2003
Microsoft Photo Pro 9
Microsoft Picture It! Photo 2002
Microsoft Publisher 2002
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
MP3+G Toolz
MPCscan
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.0
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MusePack Software Bundle 1.17
Nero Burning Rom Screensaver
NetAssistant
Netscape (7.1)
Netscape (7.2)
Network Play System (Patching)
News Rover
NewsBin Pro 4.3
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Display Driver
NVIDIA Drivers
Ocean Discovery™
OpenMG Limited Patch 3.4-04-17-06-01
OpenMG Secure Module 3.4.01
Opera
Outlook Tools by Hotbar
Paint Shop Pro 7 ESD
Power CD+G Burner
Power Scan
PowerDVD
Prison Tycoon
PunkBuster for Battlefield Vietnam
QuickTime
Radio@Netscape Plus
Reader Rabbit Toddler
Readiris 7.5
RealPlayer
Red Swoosh EDN Client (remove only)
Registry Mechanic
Registry Medic 3.0 (Build 807)
Secure Delivery
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SeeMePlayMe Client
Select CashBack
Shopper Reports Adapter
Sig2dat (remove only)
Sonic RecordNow!
SonicStage 2.0.06
SonicStage Simple Burner 1.0
Sony USB Driver
SoundMAX
SPBBC
Spybot - Search & Destroy 1.4
SpywareBlaster v3.2
Super DVD Ripper (remove only)
Symantec
Symantec Script Blocking Installer
SymNet
Totally MAD
Troubadour Karaoke Lite Home Edition 1.1 (remove only)
TSA
Ulead Photo Express 4.0 My Custom Edition
Uninstall CSCSS
Update for Windows XP (KB898461)
VIA Rail Canada Electronic Timetable
VideoLAN VLC media player 0.7.1
Viewpoint Media Player
VobSub v2.23 (Remove Only)
Web Browser Tools by Hotbar
Winamp (remove only)
WinAVI VideoConverter
WinCDG Pro 2 2.503
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WingMan Software
WinRAR archiver
WOWpapers utility
XoftSpy 3.41
XviD Video Codec 24062003-1 (Koepi's developer build)
Yahoo! Companion
Yahoo! Customizations
Yahoo! Internet Mail
Yahoo! Messenger
Yahoo! Messenger Explorer Bar
Zoo Tycoon 2
Zoom Player (remove only)

#7 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:34 PM

Posted 30 July 2005 - 04:07 PM

  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Open the Misc Tools Session"
  • Click on the Box that says "Uninstall Manager"
  • Click on the entry XoftSpy 3.41, because this program is not so well known
  • Click on Delete this entry
  • Click "Yes"
Repeat this for the following
Select CashBack
Shopper Reports Adapter
eMusic - 50 Free MP3 offer
Enhanced MediaLoads

and do the same for all programs that you dont use or dont want anymore.
When finished close hijack this.

***
Now download and run the tool from the following link
http://securityresponse.symantec.com/avcenter/FxIstbar.exe



Download CleanUp!.
If that doesnt work, use this link.
Here is a tutorial which describes its usage:
http://www.bleepingcomputer.com/tutorials/how-to-use-cleanup/

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close. Decline to log off when asked, instead of that reboot the system. This will remove files that were in use during the scan.


Once the computer has been restarted.

Run hijack this and post a fresh hijack this log, together with a new uninstall list.

Good luck

#8 coursol

coursol
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 01 August 2005 - 01:04 AM

ok did what you said lost my modem and had to reinstall it without anyproblems. here is my hijack this files

Logfile of HijackThis v1.99.1
Scan saved at 2:00:51 AM, on 8/1/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
G:\Kazza Lite Folders\Diskeeper_v8[1].0\DkService.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\uvhqhmyq.exe
C:\WINDOWS\system32\i117glru.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\NetAssistant\bin\mad.exe
C:\PROGRA~1\HEWLET~1\hpis\common\MOTIVE~1.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\burning\HijackThis.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.ca/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Trevor\Application Data\Mozilla\Profiles\default\xluagvvr.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: BHOMoneyGainer Class - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - C:\WINDOWS\shginas.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.108-big.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.ocx
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [aaUthRqb] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [i117glru] C:\WINDOWS\system32\i117glru.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ofcezmj] C:\Program Files\Ekcyt\Isgtoty.exe
O4 - HKLM\..\Run: [aaUth$v/fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: snipemon.LNK = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.gamesmania.com/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\autocad\AcDcToday.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://aceshigh.microgaming.com/aceshigh/FlashAX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\autocad\AcPreview.ocx
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://www.gamespot.com/KDX22/download/kdx.cab
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6CBA768-A499-4DCA-8E99-754B27191299}: NameServer = 206.47.244.59 206.47.244.105
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - G:\Kazza Lite Folders\Diskeeper_v8[1].0\DkService.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe


AC3 Decoder v.1.0 (full install)
Adobe Download Manager 1.2 (Remove Only)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Reader 6.0.1
Adobe SVG Viewer 3.0
Ahead Nero Burning ROM
AL Font Installer 2.2
Alcatel SpeedTouch USB Software
ArcSoft Camera Suite
AviSynth 2.5
BenQ QVideo
Canon Camera Window for ZoomBrowser EX
Canon PhotoRecord
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
ccCommon
CCleaner (remove only)
cd.cover.++ (remove only)
CD+G Disc Player Plug-In for Winamp
CleanUp!
Cool Page 2.7
Data Lifeguard
DelFin Media Viewer
Dell ResourceCD
Dell Support 5.0.0 (630)
Demolition Champions
Direct Show Ogg Vorbis Filter (remove only)
Diskeeper Professional Edition
DivX 5.0.3 Bundle
DVD X Rescue
Efficient Networks SpeedStream DSL
eMule
EXEtender Player
FILE and MP3 Renamer 2003
File Renamer - Basic
File Sorting Utility
Font Creator Program 3.1.3
Fort Agent
Freedom Security & Privacy
GameSpy Arcade
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 1.99.1
Hoyle Card Games 2004
hp instant support
HP Photo & Imaging 3.1
HP PSC & OfficeJet 3.0
HP Software Update
ImageMixer for Sony
Intel® PRO Ethernet Adapter and Software
InterActual Player
Internet Worm Protection
InterVideo WinDVD Creator 2
InterVideo WinDVD Platinum 5
IsoBuster 1.5
ISTsvc
Java 2 Runtime Environment, SE v1.4.1_02
Java 2 Runtime Environment, SE v1.4.2_01
Java 2 Runtime Environment, SE v1.4.2_03
Java Web Start
Karaoke Builder CD+G Player
KaZaA Lite 2.0.0
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech iTouch Software
Logitech MouseWare 9.75
Macromedia Shockwave Player
MediaMonkey 2.1
Memories Disc Creator 2.0
Microsoft .NET Framework 1.1
Microsoft Data Access Components KB870669
Microsoft Office 2000 Premium
Microsoft Office FrontPage 2003
Microsoft Photo Pro 9
Microsoft Picture It! Photo 2002
Microsoft Publisher 2002
Microsoft Streets and Trips 2005
Microsoft Windows Journal Viewer
Microsoft Word 2002
Microsoft Works 2002 Setup Launcher
Microsoft Works 6.0
Microsoft Works Suite Add-in for Microsoft Word
MicroStaff WINASPI
MP3+G Toolz
MPCscan
MSN
MSN Encarta Plus Support Files
MSN Messenger 7.0
MSN Music Assistant
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
MusePack Software Bundle 1.17
Nero Burning Rom Screensaver
NetAssistant
Netscape (7.2)
Network Play System (Patching)
News Rover
NewsBin Pro 4.3
Norton AntiVirus 2005
Norton AntiVirus 2005 (Symantec Corporation)
Norton AntiVirus Help
Norton AntiVirus Parent MSI
Norton AntiVirus SYMLT MSI
Norton WMI Update
NVIDIA Display Driver
NVIDIA Drivers
OpenMG Limited Patch 3.4-04-17-06-01
OpenMG Secure Module 3.4.01
Outlook Tools by Hotbar
Paint Shop Pro 7 ESD
Power CD+G Burner
PowerDVD
Prison Tycoon
PunkBuster for Battlefield Vietnam
QuickTime
Radio@Netscape Plus
Reader Rabbit Toddler
Readiris 7.5
RealPlayer
Red Swoosh EDN Client (remove only)
Secure Delivery
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB903235)
SeeMePlayMe Client
Select CashBack
Sig2dat (remove only)
Sonic RecordNow!
SonicStage 2.0.06
SonicStage Simple Burner 1.0
Sony USB Driver
SoundMAX
SPBBC
Spybot - Search & Destroy 1.4
Super DVD Ripper (remove only)
Symantec
Symantec Script Blocking Installer
SymNet
Troubadour Karaoke Lite Home Edition 1.1 (remove only)
TSA
Ulead Photo Express 4.0 My Custom Edition
Uninstall CSCSS
Update for Windows XP (KB898461)
VideoLAN VLC media player 0.7.1
Viewpoint Media Player
VobSub v2.23 (Remove Only)
Web Browser Tools by Hotbar
Winamp (remove only)
WinAVI VideoConverter
WinCDG Pro 2 2.503
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WingMan Software
WinRAR archiver
WOWpapers utility
XviD Video Codec 24062003-1 (Koepi's developer build)
Yahoo! Messenger
Zoo Tycoon 2
Zoom Player (remove only)

#9 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:34 PM

Posted 01 August 2005 - 04:53 PM

this Istbar won't let itself remove by the tool, but no problem, we will kill it anyway.
But first tidy things up a bit

Please do an online scan with Kaspersky WebScanner

Next Click on Launch Kaspersky Anti-Virus Web Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Standard
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#10 coursol

coursol
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 02 August 2005 - 06:27 AM

Here is he antivirus scan you asked for. Just to let you know i have norton 2005 and have ran panda scan and well they all seem to find the same stuff but none get ride of it.

------------------------------------------------------------------------------
KASPERSKY ANTI-VIRUS WEB SCANNER REPORT
Tuesday, August 02, 2005 07:10:30
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Anti-Virus Web Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/08/2005
Kaspersky Anti-Virus database records: 133341
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\
H:\

Scan Statistics:
Total number of scanned objects: 241805
Number of viruses found: 24
Number of infected objects: 75
Number of suspicious objects: 14
Duration of the scan process: 11968 sec

Infected Object Name - Virus Name
C:\data Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch71.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch71.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch75.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch75.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch79.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch79.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch81.zip/istsvc.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\ISTbarSlotch81.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix22.zip/somaticCAB.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix22.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix38.zip/somaticCAB.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix38.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix54.zip/somaticCAB.exe Suspicious: Password-protected-EXE
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SearchCentrix54.zip Suspicious: Password-protected-EXE
C:\Documents and Settings\Trevor\Local Settings\Application Data\Identities\{FDC6B114-E25D-47D0-96E7-93E817D651AD}\Microsoft\Outlook Express\rec.crafts.dollhouses.dbx/[From dekeytaylor@hotmail.com][Date Fri, 31 Dec 2004 14:03:41 GMT]/Santa/Santa Clause.scr Infected: Backdoor.Win32.Small.ct
C:\Documents and Settings\Trevor\Local Settings\Application Data\Identities\{FDC6B114-E25D-47D0-96E7-93E817D651AD}\Microsoft\Outlook Express\rec.crafts.dollhouses.dbx/[From dekeytaylor@hotmail.com][Date Fri, 31 Dec 2004 14:03:41 GMT]/Santa Infected: Backdoor.Win32.Small.ct
C:\Documents and Settings\Trevor\Local Settings\Application Data\Identities\{FDC6B114-E25D-47D0-96E7-93E817D651AD}\Microsoft\Outlook Express\rec.crafts.dollhouses.dbx Infected: Backdoor.Win32.Small.ct
C:\Documents and Settings\Trevor\Local Settings\Temp\bb.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Documents and Settings\Trevor\Local Settings\Temp\Del2BD.tmp Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Trevor\Local Settings\Temp\nsk2B5.tmp Infected: Trojan-Downloader.Win32.IstBar.lc
C:\Documents and Settings\Trevor\Local Settings\Temp\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Documents and Settings\Trevor\Local Settings\Temp\sidefind.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\CAYPQOLB\nem220[1].dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\CAYPQOLB\optimize[1].exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\CAYPQOLB\power_remove[1].exe Infected: Trojan-Downloader.Win32.IstBar.gi
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\CP23GHUV\X[1].exe Infected: Trojan.Win32.Dialer.gx
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\G5FMB3VE\bb[1].exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\G5FMB3VE\stubinstaller5041[1].ex_ Infected: Trojan-Downloader.Win32.Small.asf
C:\Documents and Settings\Trevor\Local Settings\Temporary Internet Files\Content.IE5\IVQXGH6D\sidefind[1].exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Program Files\Internet Optimizer\optimize.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Program Files\ISTsvc\istsvc.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\1300309F.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton AntiVirus\Quarantine\13070497.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Program Files\Norton AntiVirus\Quarantine\130A2E94.exe Infected: Trojan.Win32.Small.cy
C:\Program Files\Norton AntiVirus\Quarantine\130D5890.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Program Files\Norton AntiVirus\Quarantine\1311028D.dll Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\133B1544.exe Infected: not-virus:Hoax.Win32.Avgold.a
C:\Program Files\Norton AntiVirus\Quarantine\133F3F41.exe Infected: not-virus:Hoax.Win32.Avgold.a
C:\Program Files\Norton AntiVirus\Quarantine\1342693D.dll Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\14052776.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\1472584B.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\Program Files\Norton AntiVirus\Quarantine\1472584B.exe Infected: Trojan.Win32.Small.cy
C:\Program Files\Norton AntiVirus\Quarantine\14750248.exe Infected: Trojan-Downloader.Win32.IstBar.gi
C:\Program Files\Norton AntiVirus\Quarantine\14782C44.exe Infected: Trojan.Win32.Dialer.gx
C:\Program Files\Norton AntiVirus\Quarantine\147B5640.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Program Files\Norton AntiVirus\Quarantine\147B5640.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Program Files\Norton AntiVirus\Quarantine\147B5640.exe Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Program Files\Norton AntiVirus\Quarantine\15C61CDC.exe Infected: Trojan.Win32.TopAntiSpyware.m
C:\Program Files\Norton AntiVirus\Quarantine\24AC0071.cla Infected: Trojan.Java.ClassLoader.Dummy.d
C:\Program Files\Norton AntiVirus\Quarantine\30420AF5.scr Infected: Backdoor.Win32.Loony.m
C:\Program Files\Norton AntiVirus\Quarantine\36255358.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Program Files\Norton AntiVirus\Quarantine\38104007.EXE/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\38104007.EXE Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\3BC0581C.exe Infected: Trojan.Win32.Agent.ep
C:\Program Files\Norton AntiVirus\Quarantine\3CA05A48.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Program Files\Norton AntiVirus\Quarantine\44383498.exe/WISE0007.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\44383498.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\4D243430.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\Program Files\Norton AntiVirus\Quarantine\587A32F3.exe Infected: Trojan.Win32.TopAntiSpyware.m
C:\Program Files\Norton AntiVirus\Quarantine\5B8E7ADB.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\Program Files\Norton AntiVirus\Quarantine\60762E50.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Program Files\Norton AntiVirus\Quarantine\60762E50.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Program Files\Norton AntiVirus\Quarantine\60762E50.exe Infected: Trojan-Downloader.Win32.IstBar.kc
C:\Program Files\Norton AntiVirus\Quarantine\64CC395A.exe Infected: Trojan-Downloader.Win32.IstBar.jn
C:\Program Files\Norton AntiVirus\Quarantine\6CD86C69.exe Infected: Trojan-Downloader.Win32.Agent.hw
C:\Program Files\Norton AntiVirus\Quarantine\6CDB1665.dll Infected: Trojan-Downloader.Win32.IstBar.gen
C:\Program Files\Norton AntiVirus\Quarantine\6CDB1665.exe Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\7CF551B3.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\Program Files\Norton AntiVirus\Quarantine\7D1F4244.exe/WISE0010.BIN Infected: Trojan-Downloader.Win32.TSUpdate.k
C:\Program Files\Norton AntiVirus\Quarantine\7D1F4244.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.TSUpdate.j
C:\Program Files\Norton AntiVirus\Quarantine\7D1F4244.exe/WISE0012.BIN Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Program Files\Norton AntiVirus\Quarantine\7D1F4244.exe Infected: Trojan-Downloader.Win32.TSUpdate.l
C:\Program Files\Power Scan\uninstall.exe Infected: Trojan-Downloader.Win32.IstBar.gi
C:\Program Files\SideFind\update\sidefind.exe Infected: Trojan-Downloader.Win32.IstBar.jm
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1060\A0241506.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1060\A0241507.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1067\A0247698.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1086\A0257781.exe Infected: Trojan.Win32.Small.cy
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1086\A0257782.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1086\A0257783.exe Infected: Trojan-Downloader.Win32.IstBar.gi
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1086\A0257784.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1086\A0257784.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\System Volume Information\_restore{40C8F766-21F3-40C9-9A97-C94E1B0724E4}\RP1086\A0257784.exe Infected: Trojan-Downloader.Win32.IstBar.kc
C:\WINDOWS\nem220.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
C:\WINDOWS\ys.exe/data0001 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\WINDOWS\ys.exe/data0005 Infected: Trojan-Downloader.Win32.IstBar.kc
C:\WINDOWS\ys.exe Infected: Trojan-Downloader.Win32.IstBar.kc
G:\Software\Registry Medic 2.99.2 Build 526 Incl Patch Natabec\Registry Medic 2.99.2.Build.526.Incl.Patch.NATABEC\patch\loader.exe Infected: VirTool.Win32.Patcher.a

Scan process completed.

#11 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:34 PM

Posted 02 August 2005 - 02:21 PM

Please empty the following folders

Spybots Recovery folder
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery

Nortons Quarantine
C:\Program Files\Norton AntiVirus\Quarantine


And turn off system restore

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

If you threw it away download cleanup again.
Download CleanUp!.
If that doesnt work, use this link.
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.


Once it's done, log off and log on again. This will remove files that were in use during the scan.

Download Killbox.


Double-click on Killbox.exe to run it. Place the following lines (complete paths) in bold in the "Full Path of File to Delete" box in Killbox, and click the red button with the white X on it after each

C:\WINDOWS\ys.exe

For these file, put a mark next to "Delete on Reboot". Copy and paste each file into the file name box, then click the red button with the X after each. It will ask you if you want to reboot each time you click it, answer YES

after the reboot you do the following

Open a new notepad file

Copy and paste the following bold text in that notepad file


regedit /e running.txt "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run"



Save it as run.bat op, on your desktop (choose for type at the field save as for *all files)

Doubleclick run.bat.

A textfile called " running.txt" will appear on your desktop

Doubleclick running.txt.

The notepad file will now open itself

.Select the whole content of that file ( CTRL + A), copy it (CTRL + C) and paste (CRTL + V) this in your next post

#12 coursol

coursol
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 03 August 2005 - 12:57 PM

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="C:\\Program Files\\Microsoft Works\\wkfud.exe"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"zBrowser Launcher"="C:\\Program Files\\Logitech\\iTouch\\iTouch.exe"
"Logitech Utility"="Logi_MwX.Exe"
"ezShieldProtector for Px"="C:\\WINDOWS\\System32\\ezSP_Px.exe"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\j2re1.4.2_03\\bin\\jusched.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"HP Component Manager"="\"C:\\Program Files\\HP\\hpcoretech\\hpcmpmgr.exe\""
"MISAggregator"=""
"NeroCheck"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"Motive SmartBridge"="C:\\PROGRA~1\\NETASS~1\\SMARTB~1\\MotiveSB.exe"
"StandardInstall"=""
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"HP Software Update"="C:\\Program Files\\HP\\HP Software Update\\HPWuSchd2.exe"
"aaUthRqb"="C:\\WINDOWS\\uvhqhmyq.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"Ofcezmj"="C:\\Program Files\\Ekcyt\\Isgtoty.exe"
"aaUth$v/fC:\\Program Files\\ISTsvc\\istsvc.exe"="C:\\WINDOWS\\uvhqhmyq.exe"
"# L\"h'9Ӝ3rWC:\\Program Files\\ISTsvc\\istsvc.exe"="C:\\WINDOWS\\uvhqhmyq.exe"
"Microsoft Works Update Detection"="C:\\Program Files\\Common Files\\Microsoft Shared\\Works Shared\\WkUFind.exe"
"IST Service"="C:\\Program Files\\ISTsvc\\istsvc.exe"
"SurfAccuracy"="C:\\Program Files\\SurfAccuracy\\SAcc.exe"
"Internet Optimizer"="\"C:\\Program Files\\Internet Optimizer\\optimize.exe\""
"BullsEye Network"="C:\\Program Files\\BullsEye Network\\bin\\bargains.exe"
"Power Scan"="C:\\Program Files\\Power Scan\\powerscan.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
"Installed"="1"

#13 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:34 PM

Posted 03 August 2005 - 10:52 PM

can you show me a new hijack this log too?

#14 coursol

coursol
  • Topic Starter

  • Members
  • 18 posts
  • OFFLINE
  •  
  • Local time:12:34 PM

Posted 04 August 2005 - 08:31 AM

Logfile of HijackThis v1.99.1
Scan saved at 9:29:37 AM, on 8/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\iTouch\iTouch.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\uvhqhmyq.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\HPZipm12.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\BullsEye Network\bin\bargains.exe
C:\Program Files\Internet Explorer\iexplore.exe
G:\burning\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.top20results.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Trevor\Application Data\Mozilla\Profiles\default\xluagvvr.slt\prefs.js)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_3_12_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%\azentretien.dll (file missing)
O2 - BHO: BHOMoneyGainer Class - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - C:\WINDOWS\shginas.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Zero Knowledge\Freedom\pkR.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Form Filler BHO - {56071E0D-C61B-11D3-B41C-00E02927A304} - C:\Program Files\Zero Knowledge\Freedom\FreeBHOR.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar_en_2.0.108-big.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\system32\azesearch4.ocx
O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:\WINDOWS\system32\msbe.dll
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:\WINDOWS\system32\azesearch4.ocx
O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\wkfud.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [zBrowser Launcher] C:\Program Files\Logitech\iTouch\iTouch.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\NETASS~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [aaUthRqb] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Ofcezmj] C:\Program Files\Ekcyt\Isgtoty.exe
O4 - HKLM\..\Run: [aaUth$v/fC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [# L"h'9Ӝ3rWC:\Program Files\ISTsvc\istsvc.exe] C:\WINDOWS\uvhqhmyq.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [BullsEye Network] C:\Program Files\BullsEye Network\bin\bargains.exe
O4 - HKLM\..\Run: [Power Scan] C:\Program Files\Power Scan\powerscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Works Update Detection] C:\Program Files\Microsoft Works\WkDetect.exe
O4 - Startup: snipemon.LNK = ?
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmcache.html
O8 - Extra context menu item: Si&milar Pages - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar_en_2.0.108-big.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: ConferenceRoom Java Client - http://chat.privatefeeds.com:8000/java/cr.cab
O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kav...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {2B323CD9-50E3-11D3-9466-00A0C9700498} (Yahoo! Audio Conferencing) - http://us.chat1.yimg.com/us.yimg.com/i/cha...v45/yacscom.cab
O16 - DPF: {31E68DE2-5548-4B23-88F0-C51E6A0F695E} (Microsoft PID Sniffer) - https://support.microsoft.com/OAS/ActiveX/odc.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_1_0_0_44.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/200211...meInstaller.exe
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) - http://www.gamesmania.com/ExentCtl.ocx
O16 - DPF: {70BA88C8-DAE8-4CE9-92BB-979C4A75F53B} (GSDACtl Class) - http://launch.gamespyarcade.com/software/launch/alaunch.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {78AF2F24-A9C3-11D3-BF8C-0060B0FCC122} (AcDcToday Control) - file://C:\autocad\AcDcToday.ocx
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
O16 - DPF: {7D1E9C49-BD6A-11D3-87A8-009027A35D73} (Yahoo! Audio UI1) - http://chat.yahoo.com/cab/yacsui.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs5b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O16 - DPF: {AE1C01E3-0283-11D3-9B3F-00C04F8EF466} - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} (Downloader Class) - https://www.stopzilla.com/_download/Auto_In...ller/dwnldr.cab
O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://aceshigh.microgaming.com/aceshigh/FlashAX.cab
O16 - DPF: {F281A59C-7B65-11D3-8617-0010830243BD} (AcPreview Control) - file://C:\autocad\AcPreview.ocx
O16 - DPF: {FF0C042C-98E9-4C36-B2EC-E21FDFDCEF75} - http://download.redswoosh.net/Installer/104/rsinstaller.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C6CBA768-A499-4DCA-8E99-754B27191299}: NameServer = 206.47.244.59 206.47.244.105
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Pacsptisvr.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

#15 perculator

perculator

  • Members
  • 190 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Netherlands
  • Local time:01:34 PM

Posted 04 August 2005 - 05:05 PM

Hello, some work to do, but remain calm, we will get there.


I advise you to print this fix out, because later on (in safe mode) you won't have access to this document.




Hello,

Please download the Killbox.
Unzip it to the desktop but do NOT run it yet.


Download CleanUp!.
If that doesnt work, use this link.
Do not run it yet
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Open the Misc Tools Session"
  • Click on the Box that says "Uninstall Manager"
  • Click on the entry ISTsvc
  • Click on Delete this entry
  • Click "Yes"
Repeat that for
BullsEye Network/Bargainbuddy
Internet Optimizer
SurfAccuracy
Power Scan
(if present)

Now click back in the right bottom corner of hijack this
Then click scan in the left bottom corner of hijack this
And put a check at the following lines

R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =

R3 - Default URLSearchHook is missing

O2 - BHO: AzEntretien Class - {0d2def3a-f4f1-42ec-ac4f-132e7ba6e292} - %SystemRoot%azentretien.dll (file missing)

O2 - BHO: BHOMoneyGainer Class - {2559D0B1-AF60-4BD5-965D-0E51383A6367} - C:WINDOWSshginas.dll

O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:WINDOWSsystem32azesearch4.ocx

O2 - BHO: ADP UrlCatcher Class - {F4E04583-354E-4076-BE7D-ED6A80FD66DA} - C:WINDOWSsystem32msbe.dll

O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:WINDOWSsystem32iasada.dll

O3 - Toolbar: AZE Search - {a19ef336-01d4-48e6-926a-fe7e1c747aed} - C:WINDOWSsystem32azesearch4.ocx

O4 - HKLM..Run: [aaUthRqb] C:WINDOWSuvhqhmyq.exe

O4 - HKLM..Run: [Ofcezmj] C:Program FilesEkcytIsgtoty.exe

O4 - HKLM..Run: [aaUth$v / fC:Program FilesISTsvcistsvc.exe] C:WINDOWSuvhqhmyq.exe

O4 - HKLM..Run: [ # L"h'9Ӝ3r WC:Program FilesISTsvcistsvc.exe] C:WINDOWSuvhqhmyq.exe

O4 - HKLM..Run: [IST Service] C:Program FilesISTsvcistsvc.exe

O4 - HKLM..Run: [SurfAccuracy] C:Program FilesSurfAccuracySAcc.exe

O4 - HKLM..Run: [Internet Optimizer] "C:Program FilesInternet Optimizeroptimize.exe"

O4 - HKLM..Run: [BullsEye Network] C:Program FilesBullsEye Networkinargains.exe

O4 - HKLM..Run: [Power Scan] C:Program FilesPower Scanpowerscan.exe

O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_regular.cab

O16 - DPF: {D7BF3304-138B-4DD5-86EE-491BB6A2286C} - http://www.azebar.com/install/azesearch.cab

Now click fix checked
And close hijack this


***
run Killbox.

Select "Delete on Reboot".

Open the text file with these instructions in it, and copy the file names below to the clipboard by highlighting them and pressing Control-C:

C:WINDOWSshginas.dll
C:WINDOWSsystem32azesearch4.ocx
C:WINDOWSsystem32msbe.dll
C:WINDOWSsystem32iasada.dll
C:WINDOWSuvhqhmyq.exe


Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

But make sure you restart the computer in safe mode*Restart the computer.
*as soon as BIOS is loaded begin tapping the F8 key until the Advanced Options menu appears.
*Use the arrow keys to select the Safe mode menu item
*press Enter.
We need to make sure all hidden files are showing so please:* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.
Now remove the following folders if still present

C:Program FilesPower Scan
C:Program FilesBullsEye Network
C:Program FilesInternet Optimizer
C:Program FilesSurfAccuracy
C:Program FilesISTsvc
C:Program FilesEkcyt


***
Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

Once it's done, press Close, decline to log off, instead reboot the system. This will remove files that were in use during the scan.

After the reboot

Please download ewido security suite it is a trial version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido, there should be an icon on your desktop double-click it.
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Then click on Start Update
The update will start and a progress bar will show the updates being installed.
Once the updates are installed do the following:
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop.
Now close ewido security suite.


Reboot your computer again run hijack this and post a fresh hijack this log, together with the outcome of ewido

Edited by perculator, 04 August 2005 - 05:06 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users