Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Start Up List Report


  • Please log in to reply
4 replies to this topic

#1 ammmo

ammmo

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 04 December 2005 - 04:57 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:32:04 AM, on 5/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\inet20001\services.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\kernels32.exe
C:\RECYCLER\svwhost.exe
C:\WINDOWS\System\svchost.exe
C:\winstall.exe
C:\WINDOWS\System32\sywsvcs.exe
C:\RECYCLER\svwhost.exe
C:\WINDOWS\inet20001\mm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\dodrrr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\vxh8jkdq2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\amo\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.msn.com/access/allinone.asp
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = file://C:\WINDOWS\blank.mht
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bigpond.com/jumpoff/adsl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll
O2 - BHO: HBO Class - {5321E378-FFAD-4999-8C62-03CA8155F0B3} - C:\WINDOWS\inet20001\3.00.11.dll
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll (file missing)
O2 - BHO: ZToolbar Activator Class - {FFF5092F-7172-4018-827B-FA5868FB0478} - C:\WINDOWS\System32\ztoolb011.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\kernels32.exe
O4 - HKLM\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe /s
O4 - HKLM\..\Run: [WindowsUpdate] C:\WINDOWS\System\svchost.exe /s
O4 - HKLM\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKLM\..\Run: [msupdate] C:\WINDOWS\msupdate.exe
O4 - HKLM\..\RunOnce: [msupdate] C:\WINDOWS\msupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Windows installer] C:\winstall.exe
O4 - HKCU\..\Run: [SpySheriff] C:\Program Files\SpySheriff\SpySheriff.exe
O4 - HKCU\..\Run: [xp_system] C:\WINDOWS\inet20001\services.exe
O4 - HKCU\..\Run: [msupdate] C:\WINDOWS\msupdate.exe
O4 - HKCU\..\Run: [aupd] C:\WINDOWS\System32\sywsvcs.exe
O4 - HKCU\..\Run: [WindowsUpdateNT] C:\RECYCLER\svwhost.exe
O4 - HKCU\..\RunOnce: [msupdate] C:\WINDOWS\msupdate.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {B5DD9A64-5C4B-4A48-BE56-97C1A8F85708} - http://www.kjdhendieldiouyu.com/sw/fvp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ED8F650-3BAC-40BF-8F10-B191C8B72CCB}: Domain = nsw.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll
O20 - Winlogon Notify: tcpGDC - C:\WINDOWS\SYSTEM32\tcpGDC.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

BC AdBot (Login to Remove)

 


m

#2 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:09 AM

Posted 04 December 2005 - 05:05 PM

Hi and :flowers:

My name is David Posted Image

:thumbsup: Click here to download smitRem.zip.
  • Save the file to your desktop.
  • Unzip smitRem.zip to extract the files it contains.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
:trumpet: Download Cleanup from Here
  • A window will open and choose SAVE, then DESKTOP as the destination.
  • On your Desktop, click on Cleanup40.exe icon.
  • Then, click RUN and place a checkmark beside "I Agree"
  • Then click NEXT followed by START and OK.
  • A window will appear with many choices, keep all the defaults as set when the Slide Bar to the left is set to Standard Quality.
  • Click OK
  • DO NOT RUN IT YET

:inlove: Download the trial version of Ewido Security Suite here.
  • Install ewido.
  • During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
  • Launch ewido
  • It will prompt you to update click the OK button and it will go to the main screen
  • On the left side of the main screen click update
  • Click on Start and let it update.
  • DO NOT run a scan yet. You will do that later in safe mode.
:woot: Click here for info on how to boot to safe mode if you don't already know how. Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode. Restart your computer into safe mode now. Perform the following steps in safe mode:


:cool: Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


:idea: Run Ewido:
  • Click on scanner
  • Click Complete System Scan and the scan will begin.
  • During the scan it will prompt you to clean files, click OK
  • When the scan is finished, look at the bottom of the screen and click the Save report button.
  • Save the report to your desktop
:) Start Ccleaner and click Run Cleaner


:bike: Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.

Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.

Restart back into Windows normally now.


:spam: Run ActiveScan online virus scan here

When the scan is finished, anything that it cannot clean have it delete it. Make a note of the file location of anything that cannot be deleted so you can delete it yourself.
- Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan and the ewido scan

David

#3 ammmo

ammmo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 04 December 2005 - 05:08 PM

StartupList report, 5/12/2005, 9:03:04 AM
StartupList version: 1.52.2
Started from : C:\Documents and Settings\amo\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.EXE
Detected: Windows XP (WinNT 5.01.2600)
Detected: Unable to get Internet Explorer version!
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\csrss.exe
C:\WINDOWS\inet20001\services.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\System32\kernels32.exe
C:\RECYCLER\svwhost.exe
C:\WINDOWS\System\svchost.exe
C:\winstall.exe
C:\WINDOWS\System32\sywsvcs.exe
C:\RECYCLER\svwhost.exe
C:\WINDOWS\inet20001\mm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\dodrrr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\vxh8jkdq2.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\Explorer.exe
C:\WINDOWS\System32\notepad.exe
C:\WINDOWS\inet20001\mm.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\WINDOWS\System32\dllcache\IExplore.exe
C:\Documents and Settings\amo\Local Settings\Temp\Temporary Directory 3 for HijackThis.zip\HijackThis.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

NvCplDaemon = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
nwiz = nwiz.exe /install
NvMediaCenter = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
ccApp = "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
SSC_UserPrompt = C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
Symantec NetDriver Monitor = C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
AGRSMMSG = AGRSMMSG.exe
Smapp = C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
RemoteControl = "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
System = C:\WINDOWS\System32\kernels32.exe
WindowsUpdateNT = C:\RECYCLER\svwhost.exe /s
WindowsUpdate = C:\WINDOWS\System\svchost.exe /s
xp_system = C:\WINDOWS\inet20001\services.exe
msupdate = C:\WINDOWS\msupdate.exe

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

msupdate = C:\WINDOWS\msupdate.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
Windows installer = C:\winstall.exe
SpySheriff = C:\Program Files\SpySheriff\SpySheriff.exe
xp_system = C:\WINDOWS\inet20001\services.exe
msupdate = C:\WINDOWS\msupdate.exe
aupd = C:\WINDOWS\System32\sywsvcs.exe
WindowsUpdateNT = C:\RECYCLER\svwhost.exe

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce

msupdate = C:\WINDOWS\msupdate.exe

--------------------------------------------------

Load/Run keys from C:\WINDOWS\WIN.INI:

load=*INI section not found*
run=*INI section not found*

Load/Run keys from Registry:

HKLM\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKLM\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKLM\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: load=*Registry value not found*
HKCU\..\Windows NT\CurrentVersion\WinLogon: run=*Registry value not found*
HKCU\..\Windows\CurrentVersion\WinLogon: load=*Registry key not found*
HKCU\..\Windows\CurrentVersion\WinLogon: run=*Registry key not found*
HKCU\..\Windows NT\CurrentVersion\Windows: load=
HKCU\..\Windows NT\CurrentVersion\Windows: run=C:\WINDOWS\inet20001\services.exe
HKLM\..\Windows NT\CurrentVersion\Windows: load=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: run=*Registry value not found*
HKLM\..\Windows NT\CurrentVersion\Windows: AppInit_DLLs=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe C:\WINDOWS\System32\kernels32.exe
SCRNSAVE.EXE=C:\WINDOWS\System32\ssflwbox.scr
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------


Enumerating Browser Helper Objects:

(no name) - C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5}
(no name) - C:\WINDOWS\inet20001\3.00.11.dll - {5321E378-FFAD-4999-8C62-03CA8155F0B3}
(no name) - C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9}
Norton Internet Security - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll - {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
NAV Helper - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - {BDF3E430-B101-42AD-A544-FADC6B084872}
(no name) - C:\WINDOWS\System32\azesearch4.ocx (file missing) - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4}
(no name) - C:\WINDOWS\system32\iasada.dll (file missing) - {f65b197f-8260-4d52-909a-f70118e646eb}
(no name) - C:\WINDOWS\System32\ztoolb011.dll - {FFF5092F-7172-4018-827B-FA5868FB0478}

--------------------------------------------------

Enumerating Task Scheduler jobs:

Norton AntiVirus - Scan my computer - amo.job

--------------------------------------------------

Enumerating Download Program Files:

[{B5DD9A64-5C4B-4A48-BE56-97C1A8F85708}]
CODEBASE = http://www.kjdhendieldiouyu.com/sw/fvp.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\System32\webcheck.dll
SysTray: C:\WINDOWS\System32\stobject.dll

--------------------------------------------------
End of report, 8,151 bytes
Report generated in 0.031 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only

#4 ammmo

ammmo
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:09 PM

Posted 04 December 2005 - 06:52 PM

Hey I couldnt get the active scan log.... My web browser wont let me load the page.

NEW HiJackThis Log ------

Logfile of HijackThis v1.99.1
Scan saved at 10:47:22 AM, on 5/12/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\amo\Local Settings\Temp\Temporary Directory 2 for HijackThis.zip\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://search.msn.com/spbasic.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...er=6&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bigpond.com/jumpoff/adsl/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F3 - REG:win.ini: run=C:\WINDOWS\inet20001\services.exe
O2 - BHO: C:\WINDOWS\system32\st3.dll - {1B68470C-2DEF-493B-8A4A-8E2D81BE4EA5} - C:\WINDOWS\system32\st3.dll (file missing)
O2 - BHO: C:\WINDOWS\adsldpbe.dll - {7507739F-BC2E-4DC3-B233-816783C25DC9} - C:\WINDOWS\adsldpbe.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: ZToolbar Activator Class - {da7ff3f8-08be-4cac-bc00-94d91c6ae7f4} - C:\WINDOWS\System32\azesearch4.ocx (file missing)
O2 - BHO: AddressBar Class - {f65b197f-8260-4d52-909a-f70118e646eb} - C:\WINDOWS\system32\iasada.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [msupdate] C:\WINDOWS\msupdate.exe
O4 - HKLM\..\RunOnce: [msupdate] C:\WINDOWS\msupdate.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [msupdate] C:\WINDOWS\msupdate.exe
O4 - HKCU\..\RunOnce: [msupdate] C:\WINDOWS\msupdate.exe
O16 - DPF: {B5DD9A64-5C4B-4A48-BE56-97C1A8F85708} - http://www.kjdhendieldiouyu.com/sw/fvp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7ED8F650-3BAC-40BF-8F10-B191C8B72CCB}: Domain = nsw.bigpond.net.au
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: msupdate - C:\WINDOWS\SYSTEM32\msupdate32.dll
O20 - Winlogon Notify: st3 - C:\WINDOWS\system32\st3.dll (file missing)
O20 - Winlogon Notify: tcpGDC - tcpGDC.dll (file missing)
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



........................................................................................................................................................



Ewido Scan Report --------------

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:21:33 AM, 5/12/2005
+ Report-Checksum: 957941A2

+ Scan result:

HKLM\SOFTWARE\AZESearchCo -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\AZESearchCo\AZESearch -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\AZESearchCo\AZESearch\popup -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\AZESearchCo\AZESearch\times -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A6790AA5-C6C7-4BCF-A46D-0FDAC4EA90EB} -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B75F75B8-93F3-429D-FF34-660B206D897A} -> Spyware.PurityScan : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0985C112-2562-46F2-8DA6-92648BA4630F} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{6DEEE498-08CC-43F0-BCA0-DBB5A25C9501} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CLSID -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Replace.HBO.1 -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{67907B3C-A6EF-4A01-99AD-3FCD5F526429} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{84C94803-B5EC-4491-B2BE-7B113E013B77} -> Spyware.SimpleBar : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.activator.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.ParamWr.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CLSID -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar\CurVer -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Classes\ZToolbar.StockBar.1 -> Spyware.Azsearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Spyware.Alexa : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5321E378-FFAD-4999-8C62-03CA8155F0B3} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFF5092F-7172-4018-827B-FA5868FB0478} -> Spyware.ZToolbar : Cleaned with backup
HKU\S-1-5-21-1343024091-1708537768-725345543-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1343024091-1708537768-725345543-1003\Software\Microsoft\Internet Explorer\Keywords -> Spyware.CoolWebSearch : Cleaned with backup
[228] C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Cleaned with backup
[1336] C:\WINDOWS\System32\kernels32.exe -> Downloader.Tibs.x : Cleaned with backup
[1424] C:\WINDOWS\System32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.ac : Cleaned with backup
[196] C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Error during cleaning
:mozilla.22:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.23:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.24:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
:mozilla.27:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.38:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.39:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.40:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.41:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
:mozilla.43:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Spylog : Cleaned with backup
:mozilla.54:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.55:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.73:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
:mozilla.74:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Popuptraffic : Cleaned with backup
:mozilla.75:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.76:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Onestat : Cleaned with backup
:mozilla.90:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.91:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Masterstats : Cleaned with backup
:mozilla.92:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
:mozilla.97:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.98:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.99:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.100:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.101:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.102:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.103:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.110:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.112:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.113:C:\Documents and Settings\amo\Application Data\Mozilla\Firefox\Profiles\og2f3rs9.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
C:\Documents and Settings\amo\Local Settings\Temporary Internet Files\Content.IE5\0NZN2SXX\x[1].exe -> Backdoor.Agent.px : Cleaned with backup
C:\Documents and Settings\amo\Local Settings\Temporary Internet Files\Content.IE5\0NZN2SXX\ztoolbar[1].bmp -> Spyware.TNS-Search : Cleaned with backup
C:\Documents and Settings\amo\Local Settings\Temporary Internet Files\Content.IE5\8FCRWNCD\r4[1].exe -> Dropper.Agent.aax : Cleaned with backup
C:\Documents and Settings\amo\Local Settings\Temporary Internet Files\Content.IE5\P0035TGT\Monopoly_3_Trainer_by_MYTH[1]\crack.exe -> Downloader.Small.bws : Cleaned with backup
C:\RECYCLER\svwhost.exe -> Backdoor.Agent.px : Cleaned with backup
C:\WINDOWS\inet20001\3.00.11.dll -> Spyware.Ihbo : Cleaned with backup
C:\WINDOWS\inet20001\alg.exe -> Worm.Delf.i : Cleaned with backup
C:\WINDOWS\inet20001\mm.exe -> Logger.Agent.ig : Cleaned with backup
C:\WINDOWS\inet20001\services.exe -> Downloader.CWS.j : Cleaned with backup
C:\WINDOWS\sstray.exe -> Dropper.Agent.aax : Cleaned with backup
C:\WINDOWS\system\svchost.exe -> Dropper.Agent.aax : Cleaned with backup
C:\WINDOWS\system\svwhost.dll -> Backdoor.Agent.qr : Cleaned with backup
C:\WINDOWS\system\svwhost.exe -> Backdoor.Agent.px : Cleaned with backup
C:\WINDOWS\system32\chp.dll -> Trojan.Spabot.t : Cleaned with backup
C:\WINDOWS\system32\kernels32.exe -> Downloader.Tibs.x : Cleaned with backup
C:\WINDOWS\system32\ll.exe -> Proxy.Lager.f : Cleaned with backup
C:\WINDOWS\system32\msftcpip.sys -> Logger.Nexv : Cleaned with backup
C:\WINDOWS\system32\qvxgamet2.exe -> Downloader.CWS.j : Cleaned with backup
C:\WINDOWS\system32\qvxgamet3.exe -> Downloader.Small.byx : Cleaned with backup
C:\WINDOWS\system32\st3.dll -> Downloader.Delf.h : Cleaned with backup
C:\WINDOWS\system32\sywsvcs.exe -> Backdoor.Small : Cleaned with backup
C:\WINDOWS\system32\tcpGDC.dll -> Logger.GoldSpy : Cleaned with backup
C:\WINDOWS\system32\vx.tll -> Adware.SpySheriff : Cleaned with backup
C:\WINDOWS\system32\vxgame2.exe -> Downloader.Small.bwr : Cleaned with backup
C:\WINDOWS\system32\vxgamet1.exe -> Downloader.Tibs.s : Cleaned with backup
C:\WINDOWS\system32\vxgamet2.exe -> Downloader.Small.bxc : Cleaned with backup
C:\WINDOWS\system32\vxgamet4.exe -> Downloader.Small.bpz : Cleaned with backup
C:\WINDOWS\system32\vxh8jkdq2.exe -> Not-A-Virus.Hoax.Renos.ac : Cleaned with backup
C:\WINDOWS\system32\ztoolb011.dll -> Spyware.Zbar : Cleaned with backup
C:\WINDOWS\system32\ztoolbar.bmp -> Spyware.TNS-Search : Cleaned with backup
C:\WINDOWS\system32\~update.exe -> Backdoor.Small : Cleaned with backup
C:\WINDOWS\winl.exe -> Backdoor.Agent.px : Cleaned with backup


::Report End

#5 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:12:09 AM

Posted 05 December 2005 - 04:06 PM

:thumbsup: You are currently using HijackThis from a temporary directory, this can cause problems.
  • Please go to My Computer, open your C:\ drive, Select: New >> Folder and name the folder HJT.
  • Download HijackThis to the new folder:
  • Double Click on 'HijackThis.zip' to extract and install HijackThis.exe to the new folder.
  • Close ALL windows except HJT
  • SCAN with HJT and SAVE LOG. (a notepad window will open with the log in it when you click Save Log) (Ctrl-A to'select all', Ctrl-C to 'copy')
  • Post the log in this thread using 'Add Reply' (Ctrl-V to 'paste')
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users