Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus?


  • Please log in to reply
7 replies to this topic

#1 Diabl0223

Diabl0223

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 19 April 2006 - 09:50 PM

I couldnt access internet at first, but then noticed that my PROXY settings were changed, I could not start the computer in safe mode to run security checks, cant run Norton to check the computer for viruses, and cannot access any of the online virus scans.
Heres the log:

Logfile of HijackThis v1.99.1
Scan saved at 10:43:18 PM, on 4/19/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Documents and Settings\Artem Durytskyy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:60432
O1 - Hosts: 66.197.153.197 idenupdate.motorola.com #webjal auth
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [McafWelcome] C:\Program Files\McAfee.com\Agent\mcwelcom.exe
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [CleanUp] C:\PROGRA~1\McAfee.com\Shared\mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/MySQL/MySQL Server 4.1/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Thanks, any help at all is appreciated

BC AdBot (Login to Remove)

 


#2 Diabl0223

Diabl0223
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 20 April 2006 - 07:26 AM

Also when I try to update any kind of antivirus on my comp, this message pops up. Norton AntiVirus was unable to sacn your computer for inveftions because a critical error ocured during the scan. Click here to go to Symantec Techincal Support Knowlede Base. 3019,1. Inow kknow that this is some kind of a virus, so any help would be apreciated gtreatly. Thanks

#3 Diabl0223

Diabl0223
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 20 April 2006 - 08:44 AM

I looked over the log and I began wondering is this C:\WINDOWS\Explorer.EXE a normal process??? Because before the computer asked me to allow access to this. Please anyone that can. shed some light on this issue.

#4 Diabl0223

Diabl0223
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 20 April 2006 - 09:29 AM

Yesterday my younger brother ran a malicious program on the computer and now it seems infected. Here is a list of things that I cannot do so far.
  • Cannot Start Computer in Safe Mode ( Reboots as soon as it enters Safe Mode)
  • Cannot Run Norton Antivirus Scan
  • Cannot download any ActiveX controls to ran Online Virus Scans
  • Could not access the internet because the proxy settings were changed to (Localhost, port: 63231)
  • Cannot update virus definitions on various antivirus programs
Heres the newest hijack log:

Logfile of HijackThis v1.99.1
Scan saved at 10:15:02 AM, on 4/20/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
C:\Program Files\ProcessGuard\dcsuserprot.exe
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
C:\program files\steam\steam.exe
C:\WINDOWS\system32\ctfmon.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\UAService7.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\Documents and Settings\Artem Durytskyy\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.optonline.net/Home
O1 - Hosts: 66.197.153.197 idenupdate.motorola.com #webjal auth
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [HPAIO_PrintFolderMgr] C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [URLLSTCK.exe] C:\Program Files\Norton Internet Security\UrlLstCk.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\McAfee.com\Agent\McUpdate.exe
O4 - HKLM\..\Run: [VirusScan Online] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart16.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01010E00-5E80-11D8-9E86-0007E96C65AE} (SupportSoft SmartIssue) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsi.cab
O16 - DPF: {01012101-5E80-11D8-9E86-0007E96C65AE} (SupportSoft Script Runner Class) - http://www.symantec.com/techsupp/asa/ctrl/tgctlsr.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?LinkId=39204&clcid=0x409
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - http://www.symantec.com/techsupp/asa/ctrl/LSSupCtl.cab
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} - http://download.shockwave.com/pub/otoy/OTOYAX.cab
O16 - DPF: {B020B534-4AA2-4B99-BD6D-5F6EE286DF5C} - http://a248.e.akamai.net/f/248/5462/2h/www...ol/SymDlBrg.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSN Messenger\msgrapp.dll" (file missing)
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk, Inc. - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: DiamondCS Process Guard Service v3.000 (DCSPGSRV) - DiamondCS - C:\Program Files\ProcessGuard\dcsuserprot.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InstallShield Licensing Service - Macrovision - C:\Program Files\Common Files\InstallShield Shared\Service\InstallShield Licensing Service.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LuComServer_3_0.EXE
O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: MySql - Unknown owner - C:/Program Files/MySQL/MySQL Server 4.1/bin/mysqld-nt.exe (file missing)
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\Script Blocking\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: spkrmon - Unknown owner - C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Sony DADC Austria AG. - C:\WINDOWS\system32\UAService7.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\mysql\bin\mysqld-nt.exe

Any and all help is greatly apreciated. Thanks a lot.

#5 Diabl0223

Diabl0223
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 20 April 2006 - 09:34 AM

I managed to get Ewido Scan Running and here are some results after the scan.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 10:29:47 AM, 4/20/2006
+ Report-Checksum: BC9F80A9

+ Scan result:

C:\Counter Strike Resources\WEBSITE FILES\New Template\patch153.exe -> Adware.MDH : Cleaned with backup
C:\Documents and Settings\All Users\Documents\download\n0t0r1u3\system.zip/system/l2change.exe -> Not-A-Virus.HackTool.Win32.VB.el : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\4jyg8don.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.9:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\4jyg8don.Default User\cookies.txt -> TrackingCookie.Sextracker : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\4jyg8don.Default User\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Masterstats : Cleaned with backup
:mozilla.22:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.25:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.31:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.32:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.33:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned with backup
:mozilla.47:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.48:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.49:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned with backup
:mozilla.52:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.53:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.54:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.55:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned with backup
:mozilla.56:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.77:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Falkag : Cleaned with backup
:mozilla.79:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.81:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Com : Cleaned with backup
:mozilla.89:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.113:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.131:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.132:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned with backup
:mozilla.139:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned with backup
:mozilla.140:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.141:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned with backup
:mozilla.142:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.143:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Advertising : Cleaned with backup
:mozilla.144:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.145:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned with backup
:mozilla.146:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.147:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.148:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.154:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.155:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.156:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.157:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.158:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.159:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.160:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.161:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.162:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.163:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned with backup
:mozilla.173:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned with backup
:mozilla.195:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned with backup
:mozilla.196:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.197:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.206:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Paycounter : Cleaned with backup
:mozilla.207:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.208:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.209:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.210:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.211:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Sexlist : Cleaned with backup
:mozilla.217:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.218:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.219:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.220:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.221:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.222:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.2o7 : Cleaned with backup
:mozilla.225:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.229:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Coremetrics : Cleaned with backup
:mozilla.230:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.231:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.237:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.238:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned with backup
:mozilla.239:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.240:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Zedo : Cleaned with backup
:mozilla.247:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.251:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.252:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.253:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.254:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.255:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Onestat : Cleaned with backup
:mozilla.271:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.272:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.273:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.274:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.275:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Internetfuel : Cleaned with backup
:mozilla.290:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.291:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup
:mozilla.305:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Yadro : Cleaned with backup
:mozilla.310:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.311:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Clickzs : Cleaned with backup
:mozilla.312:C:\Documents and Settings\Artem Durytskyy\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\cookies.txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@adopt.specificclick[1].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@e-2dj6wfkoahcjohp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@e-2dj6wjk4ukazebo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@e-2dj6wjlikndzgco.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@media.fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@rotator.adjuggler[2].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Cookies\artem durytskyy@webstat[2].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Desktop\clearing the desktop\AIMBOT\TT's US.exe_OLD -> Backdoor.Dragonbot.l : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Desktop\clearing the desktop\AIMBOT.zip/AIMBOT/TT's US.exe_OLD -> Backdoor.Dragonbot.l : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Desktop\clearing the desktop\britneyspears.zip/britneyspears.exe -> Trojan.Agent.bd : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\Local Settings\Application Data\Mozilla\Firefox\Profiles\v8mze3dn.default\Cache\6BBFF41Dd01 -> Adware.180Solutions : Cleaned with backup
C:\Documents and Settings\Artem Durytskyy\My Documents\download\n0t0r1u3\system.zip/system/l2change.exe -> Not-A-Virus.HackTool.Win32.VB.el : Cleaned with backup


::Report End


Connection Report


---------------------------------------------------------
ewido anti-malware - Connection report
---------------------------------------------------------

+ Created on: 10:30:56 AM, 4/20/2006
+ Report-Checksum: 2442C88E

TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 127.0.0.1:3054 TIME_WAIT
TCP 127.0.0.1:1025 127.0.0.1:3057 TIME_WAIT
TCP 127.0.0.1:1027 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1083 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1084 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1115 0.0.0.0:0 LISTENING
TCP 192.168.0.100:139 0.0.0.0:0 LISTENING
TCP 192.168.0.100:3031 66.102.1.104:80 TIME_WAIT
UDP 0.0.0.0:445
UDP 0.0.0.0:1069
UDP 127.0.0.1:1397
UDP 127.0.0.1:1900
UDP 127.0.0.1:3059
UDP 192.168.0.100:137
UDP 192.168.0.100:138
UDP 192.168.0.100:1900

Processes Report

--------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------

+ Created on: 10:32:17 AM, 4/20/2006
+ Report-Checksum: FE102DA7

0: System Process
4: System Process
344: C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
408: C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
532: C:\WINDOWS\Explorer.EXE
580: C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
608: C:\Program Files\Internet Explorer\iexplore.exe
680: C:\WINDOWS\system32\Ati2evxx.exe
776: \SystemRoot\System32\smss.exe
800: C:\WINDOWS\system32\spoolsv.exe
824: \??\C:\WINDOWS\system32\csrss.exe
852: \??\C:\WINDOWS\system32\winlogon.exe
900: C:\WINDOWS\system32\services.exe
912: C:\WINDOWS\system32\lsass.exe
916: C:\Program Files\Internet Explorer\iexplore.exe
1104: C:\WINDOWS\system32\Ati2evxx.exe
1120: C:\WINDOWS\system32\svchost.exe
1144: C:\WINDOWS\System32\alg.exe
1176: C:\WINDOWS\system32\NOTEPAD.EXE
1184: C:\WINDOWS\system32\svchost.exe
1240: C:\WINDOWS\system32\svchost.exe
1336: C:\WINDOWS\System32\svchost.exe
1480: C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
1524: C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
1528: C:\WINDOWS\system32\svchost.exe
1592: C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
1640: C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
1660: C:\WINDOWS\system32\dla\tfswctrl.exe
1676: C:\program files\steam\steam.exe
1684: C:\WINDOWS\System32\spool\DRIVERS\W32X86\hpoopm07.exe
1692: C:\WINDOWS\system32\ctfmon.exe
1708: C:\Program Files\ewido anti-malware\ewidoctrl.exe
1724: C:\Program Files\ProcessGuard\dcsuserprot.exe
1756: C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
1792: C:\Program Files\QuickTime\qttask.exe
1800: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
1840: C:\Program Files\Common Files\Symantec Shared\ccApp.exe
1900: c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
1972: c:\progra~1\mcafee.com\vso\mcvsescn.exe
2028: C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
2104: C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
2368: C:\Program Files\Spyware Doctor\sdhelp.exe
2452: C:\Program Files\Analog Devices\SoundMAX\spkrmon.exe
2536: C:\WINDOWS\system32\wdfmgr.exe
2568: C:\WINDOWS\system32\UAService7.exe
2960: c:\progra~1\mcafee.com\vso\mcvsftsn.exe
3016: C:\Program Files\ewido anti-malware\SecuritySuite.exe
3116: C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
3132: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
3144: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
3456: C:\Program Files\Messenger\msmsgs.exe
3592: C:\Program Files\McAfee.com\Agent\mcagent.exe
3672: C:\Program Files\ewido anti-malware\ewidoguard.exe
3776: C:\WINDOWS\System32\svchost.exe

#6 Diabl0223

Diabl0223
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 20 April 2006 - 09:50 AM

The computer now seems to lock up a few seconds after restart.

#7 Diabl0223

Diabl0223
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:12:37 AM

Posted 23 April 2006 - 09:36 PM

Anyone has a solution for this, havent had a reply in a few days.

#8 OldTimer

OldTimer

    Malware Expert


  • Members
  • 11,092 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:North Carolina
  • Local time:01:37 AM

Posted 30 April 2006 - 08:06 AM

Hello Diabl0223 and welcome to the BC HijackThis forum. I do not see any signs of viruses or malware in the log. It is clean.

I think the problems may be due to having 2 anti-viruses programs running concurrently. In a situation like this the programs can conflict with each other and cause various issues. I recommend completelyremoving both programs and then reinstalling only 1 of them. I don't know about McAfee but Norton will set up its own proxy server and if this was removed then it will not function properly.

For assistance with removing and/or reinstalling post a question in the Antivirus forum and they will be able to help.

Cheers.

OT
I do not respond to PM's requesting help. That's what the forums are here for. Please use them so that others may benefit from your questions and the responses you receive.
OldTimer

Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users