Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New Topic: Hjt Log; Ewido Report


  • Please log in to reply
1 reply to this topic

#1 majorwoody

majorwoody

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:12:23 AM

Posted 13 October 2005 - 08:38 PM

Logfile of HijackThis v1.99.0
Scan saved at 2:08:18 PM, on 10/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://home.microsoft.com/search/lobby/search.asp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://home.microsoft.com/search/lobby/search.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...B_PVER}&ar=home
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.microsoft.com/isapi/redir.dll?
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [RoxioAudioCentral] "C:\Program Files\Roxio\Easy CD Creator 6\AudioCentral\RxMon.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [winsync] C:\WINDOWS\System32\auagap.exe reg_run
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: ntnu.exe
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: Command Service - Unknown - C:\WINDOWS\Sm9zaHVhIFNtaXRo\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: System Startup Service - Unknown - C:\WINDOWS\svcproc.exe (file missing)


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 1:53:06 PM, 10/12/2005
+ Report-Checksum: 6C714E67

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37} -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\{6EC11407-5B2E-4E25-8BDF-77445B52AB37}\\ -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-21-746137067-1708537768-854245398-1005\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Error during cleaning
[1092] C:\WINDOWS\System32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
[1100] C:\WINDOWS\System32\wuauclt.dll -> TrojanDownloader.Small : Error during cleaning
C:\Documents and Settings\Cookies\@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Cookies\@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Cookies\@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cookies\@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Cookies\@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Cookies\@clickagents[2].txt -> Spyware.Cookie.Clickagents : Cleaned with backup
C:\Documents and Settings\Cookies\@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Cookies\@edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Cookies\@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Cookies\@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cookies\@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Cookies\@phg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cookies\@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cookies\@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Cookies\@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\404SearchUninstall.exe -> Spyware.404Search : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~521729.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~747007.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~947260.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Cookies\@ad.yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cookies\@adopt.specificclick[2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Cookies\@advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cookies\@as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Cookies\@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Cookies\@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Cookies\@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
C:\Documents and Settings\Cookies\@counter2.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cookies\@counter5.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cookies\@counter6.sextracker[1].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cookies\@counter7.sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cookies\@cs.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Cookies\@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Cookies\@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Cookies\@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Cookies\@perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Cookies\@servedby.advertising[1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cookies\@sexlist[2].txt -> Spyware.Cookie.Sexlist : Cleaned with backup
C:\Documents and Settings\Cookies\@sextracker[2].txt -> Spyware.Cookie.Sextracker : Cleaned with backup
C:\Documents and Settings\Cookies\@targetnet[1].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Cookies\@targetnet[2].txt -> Spyware.Cookie.Targetnet : Cleaned with backup
C:\Documents and Settings\Cookies\@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Cookies\@tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Cookies\@valuead[1].txt -> Spyware.Cookie.Valuead : Cleaned with backup
C:\Documents and Settings\Cookies\@valueclick[1].txt -> Spyware.Cookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Cookies\@ws.sexcounter[2].txt -> Spyware.Cookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Cookies\@www.myaffiliateprogram[1].txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Cookies\@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Cookies\@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Desktop\backups\backup-20050917-155648-159.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Desktop\backups\backup-20050917-155648-795.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\180SAAX.cab/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\180sainstallersca.exe/clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\404SearchUninstall.exe -> Spyware.404Search : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\clicks.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\Del14.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\E8S6h0.exe -> Spyware.WinFetcher : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\first.exe -> Spyware.F1Organizer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\i12.tmp -> Spyware.SurfSide : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\K.dll -> Adware.MidADle : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\MediaAccessInstPack.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\ms3.tmp -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\mw_4s_stub.exe -> Trojan.VB.kq : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\nsh_104.exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\ptf_0002.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\ptf_0006.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\ptf_0016.exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\res10.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\sntaudio.tmp -> Spyware.SafeSurfing : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\Stb.exe -> TrojanDownloader.Agent.tf : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\temp.cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\third.exe -> Spyware.F1Organizer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\tm46216.exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\tm64210.exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\update_1.exe -> Spyware.WinFetcher.c : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\WinWildApp.exe -> Spyware.WinFetcher : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~496163.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~616424.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~620611.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~686840.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~832700.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~842085.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~846217.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~952867.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~973430.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~980083.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\4TIJCHYN\installer_MARKETING32[1].cab/installer_MARKETING32.exe -> TrojanDownloader.Adload.a : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\658P4T29\inst10[1].exe -> TrojanDownloader.Small.bem : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\658P4T29\rcverlib[1].exe -> Trojan.Pakes : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\658P4T29\trk_0006[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\B317BXKW\trk_0016[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\C1ERGT67\inst4[1].exe -> TrojanDownloader.Small.bem : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\IVWRMB29\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\IVWRMB29\trk_0008[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\K563ST2Z\Poller[1].exe -> Trojan.Agent.ay : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\O1MZKDQN\trk_0016[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\S9YVCHQR\inst4[1].exe -> TrojanDownloader.Small.bem : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\UL4LID03\trk_0002[1].exe -> Spyware.Pacer : Cleaned with backup
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\WLUJ01IN\aurora[1].exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\Documents and Settings\\Local Settings\Temporary Internet Files\Content.IE5\WLUJ01IN\nsh_104[1].exe -> Spyware.Downloadware : Cleaned with backup
C:\Documents and Settings\Cookies\@112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cookies\@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Cookies\@7search[1].txt -> Spyware.Cookie.7search : Cleaned with backup
C:\Documents and Settings\Cookies\@a.as-us.falkag[2].txt -> Spyware.Cookie.Falkag : Cleaned with backup
C:\Documents and Settings\Cookies\@ad-logics[1].txt -> Spyware.Cookie.Ad-logics : Cleaned with backup
C:\Documents and Settings\Cookies\@adopt.specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Cookies\@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Cookies\@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cookies\@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Cookies\@bfast[1].txt -> Spyware.Cookie.Bfast : Cleaned with backup
C:\Documents and Settings\Cookies\@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Cookies\@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Cookies\@data.coremetrics[1].txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\Cookies\@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Cookies\@ehg-learningco.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cookies\@ehg-proflowers.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cookies\@ehg-uniontrib.hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\\Cookies\@ehg.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\\Cookies\@fastclick[1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\\Cookies\@gator[1].txt -> Spyware.Cookie.Gator : Cleaned with backup
C:\Documents and Settings\Cookies\@hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\Cookies\@linksynergy[1].txt -> Spyware.Cookie.Linksynergy : Cleaned with backup
C:\Documents and Settings\Cookies\@overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
C:\Documents and Settings\Cookies\@qksrv[2].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Cookies\@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Cookies\@server.iad.liveperson[2].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Cookies\@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Cookies\@specificclick[1].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Cookies\@trafficmp[1].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Cookies\@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Cookies\@z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\temp.cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\temp.cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~426675.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~427044.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~590557.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~594487.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~941739.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temp\~978503.tmp -> Spyware.Wintools : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\8TYVWXQN\jawa32[1].cab/jawa32.exe -> Spyware.Suggestor : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\8TYVWXQN\toolbar[1].cab/IExploreSkins.exe -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\8TYVWXQN\toolbar[1].cab/toolbar.dll -> Spyware.WebSearch : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\G1Q7GDQF\CAUVQNYT.htm -> TrojanDownloader.FlingStone : Cleaned with backup
C:\Documents and Settings\Local Settings\Temporary Internet Files\Content.IE5\KXUFCTEZ\WinTA[1].cab/WToolsA.exe -> Spyware.Wintools : Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\Program Files\Common Files\WinTools\WSup.exe -> Spyware.Wintools : Error during cleaning
C:\Program Files\Common Files\WinTools\WToolsA.exe -> Spyware.Wintools : Error during cleaning
C:\WINDOWS\dhp.dll_ -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\clientax.dll -> Spyware.180Solutions : Cleaned with backup
C:\WINDOWS\system32\3lhmah7m.exe -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\8q5gqe99.dll -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\mpmvkojr.exe -> Adware.Saha : Cleaned with backup
C:\WINDOWS\system32\msnimk.gif -> Spyware.Ipend : Cleaned with backup
C:\WINDOWS\system32\MTE2ODM6ODoxNg.exe -> Spyware.ISearch : Cleaned with backup
C:\WINDOWS\system32\netlanm.dll -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\NNSCAA638.EXE -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\nsyB.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\WINDOWS\system32\pshwr.exe -> Spyware.SafeSurfing : Cleaned with backup
C:\WINDOWS\system32\pvpgp.dat -> Trojan.Pakes : Cleaned with backup
C:\WINDOWS\system32\qmfxbe.exe -> Trojan.Agent.ay : Cleaned with backup
C:\WINDOWS\system32\ruryrpo.dll -> TrojanDownloader.Qoologic.s : Cleaned with backup
C:\WINDOWS\system32\SSK3_B5 Seedcorn 4.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\thin-94-1-x-x.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\uci.exe -> TrojanDropper.Agent.hl : Cleaned with backup
C:\WINDOWS\system32\unugu.dll -> TrojanDownloader.Qoologic.t : Cleaned with backup
C:\WINDOWS\system32\vgactl.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\WINDOWS\system32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\system32\ydsuiqi.exe -> Trojan.Agent.ay : Cleaned with backup


::Report End

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 16 October 2005 - 12:29 PM

Hi MajorWoody and Welcome to the Bleeping Computer!

Please download WebRoot SpySweeper from HERE (It's a 2 week trial):
  • Click the Free Trial link under to "SpySweeper" to download the program.
  • Install it.
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Make sure Ewido is Updated with the latest definitions!


Download WinPFind:
http://www.bleepingcomputer.com/files/winpfind.php

Right Click the Zip Folder and Select "Extract All"

Don't use it yet!

Restart in Safe Mode


With all Windows and Browsers Closed-> Scan the entire System with Ewido-> Clean all it finds and be sure to click the tab to Save a Report


From the WinPFind folder-> Doubleclick WinPFind.exe and Click "Start Scan"

It will scan the entire System, so please be patient!

One you see "Scan Complete"-> a log (WinPFind.txt) will be automatically generated in the WinPFind folder!


Run MSCONFIG and enable everything in the startup area. To get to MSCONFIG, click on Start -> Run -> type in MSCONFIG -> click OK!

Under the "General" Tab
Make Sure Normal Startup is Checked!!

Click Apply>>Close>>Follow the Prompts to Restart!!

Restart Normal and have the PC Scanned here:
Panda Active Scan

You will need to be using Internet Explorer for the Scan to work!

Save the Report it generates


Post back with a fresh HijackThis log and the reports from Ewido-> WinPFind and Panda!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users