Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Thank you for your help


  • This topic is locked This topic is locked
6 replies to this topic

#1 silvershadowfish

silvershadowfish

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 29 August 2005 - 09:15 PM

Thank you so much for your help.

I have run Spybot, and AdAware. I have removed some things it found, but some remain, after multiple runs.

Here is my HiJackThis Log:


Logfile of HijackThis v1.99.1
Scan saved at 10:01:45 PM, on 08/29/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\WINDOWS\System32\hgzchsx.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\creiqzvcvux.exe
C:\WINDOWS\SoftwareDistribution\Download\Install\WindowsXP-KB329441-x86-ENU.exe
c:\5f5fc3ad559e5fa53a861f2a6bab111d\xpsp1hfm.exe
c:\5f5fc3ad559e5fa53a861f2a6bab111d\sp1\update\update.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [Dinst] C:\WINDOWS\dinst.exe
O4 - HKLM\..\Run: [gablaq] C:\WINDOWS\System32\hgzchsx.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud1.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 PM

Posted 30 August 2005 - 07:46 AM

Hello,

I see you are in the middle of a windowsupdate. Please finish that first before you proceed with next steps, because I don't want your system crashing.

When updated (at least to SP1)...

BEFORE BEGINNING, Please read completely through the instructions below and download the files from the links provided. You may want to save or print out these instructions for easier reference.

First, download Ewido Security Suite.

Next, download Lavasoft's Ad-Aware and the VX2 Cleaner Plug-in. Install Ad-Aware using the default options, then install vx2cleaner_inst.exe, taking all the defaults there as well.

Run Ad-Aware, update to the latest definitions, then click on Add-ons in the lefthand column.
Select VX2 Cleaner V2.0 and click Run Tool.
Click "OK", then, if something is found, click "Clean" as in the directions given.
Click "Close", and exit Ad-Aware.

Reboot your PC and run Ad-Aware again.
This time, click on the Start button in Ad-Aware, select "Perform smart system scan" and click Next.
Once the scan finishes, click "Next" again.
Select all objects found (right click anywhere in the list of found objects and click "Select All Objects").
Click "Next" one more time, then "OK" to confirm the removal.

You will be prompted to set Ad-Aware to run on reboot, click "OK". Exit Ad-Aware and restart your PC once again.

When Ad-Aware starts up, click on "Start", then "Next".
Follow the steps above if anything is found, or click "Finish", then exit Ad-Aware.

For a final cleanup, please install and run Ewido.
  • When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • From the main ewido screen, click on update in the left menu, then click the Start update button.
  • After the update finishes (the status bar at the bottom will display "Update successful"
  • Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop.
  • Close Ewido.
Please finish up by rebooting your system once more, and posting a new HijackThis log and the log from the Ewido scan.

Edited by miekiemoes, 30 August 2005 - 07:47 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 silvershadowfish

silvershadowfish
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 30 August 2005 - 04:07 PM

Thank you so much for your help.

I have followed your instructions, and here are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 5:02:13 PM, on 08/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\PROGRA~1\NORTON~1\navapw32.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe
O4 - HKLM\..\Run: [otdzrk] C:\WINDOWS\System32\jlbteqs.exe r
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud1.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe




---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 4:56:21 PM, 08/30/2005
+ Report-Checksum: 5D26A8D0

+ Scan result:

[1152] C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned without backup
C:\WINDOWS\iLookup -> Adware.eZula : Cleaned without backup
C:\WINDOWS\dinst.exe -> TrojanDownloader.Intexp.d : Cleaned without backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned without backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned without backup
C:\WINDOWS\creiqzvcvux.exe -> Adware.BetterInternet : Cleaned without backup
C:\Documents and Settings\JR\Local Settings\Temp\__unin__.exe -> Spyware.Altnet : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@sales.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@abetterinternet[3].txt -> Spyware.Cookie.Abetterinternet : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@e-2dj6wjnycnajmhp.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@e-2dj6wjligjcpwbp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@e-2dj6wjkysmdzwbo.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@e-2dj6wjk4aldzcep.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned without backup
C:\Documents and Settings\JR\Cookies\jr@e-2dj6wjlognc5adp.stats.esomniture[2].txt -> Spyware.Cookie.Esomniture : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@server.iad.liveperson[1].txt -> Spyware.Cookie.Liveperson : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@counter2.hitslink[2].txt -> Spyware.Cookie.Hitslink : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@ehg-wachovia.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@bluestreak[2].txt -> Spyware.Cookie.Bluestreak : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@ehg.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@servedby.advertising[4].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@bs.serving-sys[1].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@ads.specificpop[2].txt -> Spyware.Cookie.Specificpop : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@webpdp.gator[2].txt -> Spyware.Cookie.Gator : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@valueclick[2].txt -> Spyware.Cookie.Valueclick : Cleaned without backup
C:\Documents and Settings\Danielle\Cookies\danielle@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned without backup
C:\Documents and Settings\Children\Local Settings\Temporary Internet Files\Content.IE5\2YA0C2Z5\payload[1].cab/bi.dll -> Trojan.Bispy.A : Cleaned without backup
C:\Documents and Settings\Children\Local Settings\Temporary Internet Files\Content.IE5\2YA0C2Z5\payload[1].cab/biprep.exe -> Trojan.Bispy.B : Cleaned without backup
C:\Documents and Settings\Children\Local Settings\Temporary Internet Files\Content.IE5\8DT73I1J\payload2[1].cab/FT1_01_0_251_GEPFAH.EXE -> Spyware.VX2 : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@ehg-hasbro.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@webpdp.gator[2].txt -> Spyware.Cookie.Gator : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@commission-junction[1].txt -> Spyware.Cookie.Commission-junction : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@hg1.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@gator[2].txt -> Spyware.Cookie.Gator : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@revenue[2].txt -> Spyware.Cookie.Revenue : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@addynamix[2].txt -> Spyware.Cookie.Addynamix : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@w131.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@w132.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@www7.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@www2.paypopup[1].txt -> Spyware.Cookie.Paypopup : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@web4.realtracker[1].txt -> Spyware.Cookie.Realtracker : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@ads.specificpop[1].txt -> Spyware.Cookie.Specificpop : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@ehg-dig.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned without backup
C:\Documents and Settings\Children\Cookies\children@euniverseads[2].txt -> Spyware.Cookie.Euniverseads : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7F.tmp -> Adware.BetterInternet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq80.tmp -> TrojanDownloader.Intexp : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231159.zip/WINDOWS/Belt.exe -> TrojanDownloader.Stubby.a : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231159.zip/WINDOWS/bi.dll -> Trojan.Bispy.A : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqF0.tmp -> Spyware.ImiBar : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10A.tmp -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10B.tmp -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq10F.tmp\PrecisionTime.exe -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp\dmfiles.cab/AltnetUninstall.exe -> Spyware.Altnet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp\dmfiles.cab/asmend.exe -> Spyware.Altnet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp\Setup.exe -> Spyware.Altnet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp\adm25.dll -> Spyware.Altnet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp\admdloader.dll -> Spyware.Altnet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq116.tmp\admfdi.dll -> Spyware.Altnet : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq117.tmp -> Trojan.Bispy.B : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq119.tmp -> Adware.EZula : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq11A.tmp -> TrojanDownloader.Stubby.a : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/cmeii/CMEIIAPI.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/cmeii/CMESys.exe -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/cmeii/GAppMgr.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/cmeii/GController.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/cmeii/GMTProxy.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/cmeii/GObjs.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/gmt/EGGCEngine.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/gmt/egIEEngine.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/program files/common files/gmt/GMT.exe -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/Program Files/Common Files/cmeii/GIocl.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/Program Files/Common Files/cmeii/GIoclClient.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231117.zip/Program Files/date manager/DateManager.exe -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231131.zip/Documents and Settings/JR/local settings/temp/cd_clint.dll -> Spyware.Cydoor : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231134.zip/Program Files/common files/gmt/EGIEProcess.dll -> Adware.Gator : Cleaned without backup
C:\Program Files\Yahoo!\YPSR\Quarantine\20041010231134.zip/Program Files/common files/gmt/gtrawbm.fil -> Adware.Gator : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP181\A0009263.exe -> Spyware.BiSpy : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP184\A0009326.exe -> Trojan.Agent.ay : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP185\A0009336.exe -> Trojan.Agent.ay : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009453.dll -> Spyware.WildTangent : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009471.dll -> Spyware.WildTangent : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009483.dll -> Spyware.WildTangent : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009492.dll -> Spyware.WildTangent : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009583.exe -> TrojanDownloader.Agent.ae : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009584.EXE -> Spyware.VX2 : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009586.dll -> Spyware.BiSpy : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009587.exe -> Spyware.BiSpy : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009601.exe -> Trojan.Agent.ay : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP186\A0009634.dll -> Spyware.WinAD : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP189\A0009646.exe -> Trojan.Agent.ay : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP189\A0010617.exe -> Trojan.Agent.ay : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP189\A0010619.exe -> Adware.BetterInternet : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP189\A0010621.exe -> Trojan.Stervis.d : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP189\A0010622.dll -> Trojan.Agent.db : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP189\A0010623.exe -> Adware.BetterInternet : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP193\A0011594.exe -> Trojan.Agent.ay : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP193\A0012595.exe -> Adware.BetterInternet : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP194\A0012602.exe -> Adware.BetterInternet : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP194\A0012609.exe -> Trojan.Pakes : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP197\A0012672.exe -> Trojan.Stervis.d : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP197\A0012673.dll -> Trojan.Agent.db : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP197\A0012674.exe -> Adware.BetterInternet : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP205\A0013128.exe -> Trojan.Pakes : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP206\A0013130.exe -> Adware.BetterInternet : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP206\A0013133.exe -> Adware.BetterInternet : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP206\A0013134.exe -> Trojan.Stervis.d : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP206\A0013135.dll -> Trojan.Agent.db : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP206\A0013138.exe -> Trojan.Pakes : Cleaned without backup
C:\System Volume Information\_restore{46A36DC6-98C0-49B0-BE68-078DFA4FAFC7}\RP179\snapshot\MFEX-1.DAT -> Spyware.BiSpy : Cleaned without backup
C:\FOUND.001\FILE0000.CHK -> Trojan.Agent.ay : Cleaned without backup


::Report End

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 PM

Posted 30 August 2005 - 04:17 PM

Nice.

I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer during HijackThis Cleanup

Download ResetTeaTimer.bat. Double click the file to remove all entries set by TeaTimer.

Now some leftovers..


* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following:

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://red.clientapps.yahoo.com/customize/...://my.yahoo.com
O2 - BHO: Band Class - {00F1D395-4744-40f0-A611-980F61AE2C59} - C:\WINDOWS\dsr.dll (file missing)
O4 - HKLM\..\Run: [otdzrk] C:\WINDOWS\System32\jlbteqs.exe r
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE


* Click on Fix Checked when finished and exit HijackThis.

Reboot and post a new hijackthislog. :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 silvershadowfish

silvershadowfish
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:59 PM

Posted 30 August 2005 - 10:04 PM

Excellent. I can already see the progress.

Thank you SO much for volunteering your help on this forum. I know it takes a lot fo time, but hopefully you know how much we folks appreciate it. You rock.

Here is my new hijackthis file.


Logfile of HijackThis v1.99.1
Scan saved at 10:59:53 PM, on 08/30/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\JR\Start Menu\Programs\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.dellnet.com/
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_5_0.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: Yahoo! NFL GameChannel StatTracker - http://aud1.sports.yahoo.com/java/y/nflgcst1008_x.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/.../ymmapi_416.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 PM

Posted 31 August 2005 - 02:54 AM

Hello,

Yes, your log looks clean again... but is it possible that you checked and fixed some lines I didn't ask you to check and fix? Because I see this one missing in your log now:

O4 - HKLM\..\Run: [NAV Agent] C:\PROGRA~1\NORTON~1\navapw32.exe

This is for your norton and you really need it. So if you checked and fixed this one accidentally, open your hijackthis > config (bottom right) > backups and select that above line there and choose 'restore'

Perform a full scan with an updated Adaware SE and/or Spybot S&D to get rid of the leftovers.
If you don't have those programs yet, you can find the downloadlocations in my sig.

To keep this clean in the future, I would suggest the following things:

Most important thing here --- Visit asap http://windowsupdate.microsoft.com to download and install all the updates and security patches!!

Install Spywareblaster
SpywareBlaster doesn`t scan and clean for so-called spyware, but prevents it from being installed in the first place. It blocks the popular spyware ActiveX controls, and also prevents the installation of any of them via a webpage.

Avoid illegal sites, because that's where most malware is present.

Let your antispywarescanner(s) scan frequently and don't forget to update before.

And I do suggest you perform an online virusscan once in a while. (Housecall and/or Bitdefender). Because what one virusscanner can't find another one maybe can.
Also make sure that your virusscanner, the one that is installed on your system is always up to date!

Make sure your windows has the latest updates: http://windowsupdate.microsoft.com/

If you are having XP SP2, read here how to configure Security Features for Internet Explorer:
http://www.microsoft.com/technet/security/...xp/iesecxp.mspx

More info on how to prevent malware you can also find here (By Tony Klein)

Happy surfing again! :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:11:59 PM

Posted 09 September 2005 - 09:09 AM

Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users