Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Help Needed!


  • This topic is locked This topic is locked
12 replies to this topic

#1 orangesfwr

orangesfwr

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 16 May 2006 - 07:27 PM

I know I have issues with Toolbar888 and Look2Me (although I may have eliminated the latter, I'm not sure)...could use some help. Thanks!

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\CURITY~1\attrib.exe
C:\Program Files\ewido\ewidoctrl.exe
C:\Program Files\ewido\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\System32\wbem\wmiapsrv.exe
C:\WINNT\?ymbols\?ttrib.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
F2 - REG:system.ini: UserInit=C:\WINNT\system32\userinit.exe,iuuryqq.exe
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\Olympus\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Aate] "C:\WINNT\System32\CURITY~1\attrib.exe" -vt ndrv
O4 - HKCU\..\Run: [Fisrkdi] C:\WINNT\?ymbols\?ttrib.exe
O4 - HKCU\..\Run: [wrqz] C:\PROGRA~1\COMMON~1\wrqz\wrqzm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: (no name) - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O9 - Extra 'Tools' menuitem: Java - {4ABF810A-F11D-4169-9D5F-7D274F2270A1} - C:\WINNT\System32\dmonwv.dll (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gisweb3.city.vancouver.bc.ca:8080/web/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147748135264
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

BC AdBot (Login to Remove)

 


m

#2 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:40 AM

Posted 17 May 2006 - 01:25 AM

Hello orangesfwr,

Welcome to Bleeping Computer :thumbsup:

First you should know that you're actually doing more harm than good by running 2 Anti Virus programs. (Norton and McAfee) When you do this both programs compete for resources, and the end result is neither does it's best and can cause system instability. I recommend that you choose the one you want to keep, update it, disable the other one, and use it as an on demand only scan occasionally.

Before beginning, you may want to save these instructions to Notepad or print them out for easier reference.

Look in your control panel's add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar .Click on it and then click remove.

Reboot and if found, delete this folder:

C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

Tutorial for the uninstaller if needed


Reboot when done and if found, delete this folder:

C:\Program Files\PurityScan


Please download Brute Force Uninstaller to your desktop. (rightclick on this link and choose save as, if using IE save target as)
  • Right click the BFU folder on your desktop, and choose Extract All
  • Click "Next"
  • In the box to choose where to extract the files to,
  • Click "Browse"
  • Click on the + sign next to "My Computer"
  • Click on "Local Disk (C:) or whatever your primary drive is
  • Click "Make New Folder"
  • Type in BFU
  • Click "Next", and Uncheck the "Show Extracted Files" box and then click "Finish".
  • Download qoofix.bat (rightclick on this link and choose save as, if using IE save target as)
  • Place qoofix.bat in your C:\BFU - folder. (Important!)
  • Doubleclick qooFix.bat, Close all browsers and explorer folders.
  • Choose option 1 (Qoolfix autofix) and follow the prompts.
  • Please be patient, it will take about five minutes.
  • After the PC has restarted please post another hijackthis log.
Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#3 orangesfwr

orangesfwr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 17 May 2006 - 05:10 PM

Thought I'd start with this since I'm not sure what I have and have not deleted since the last time I did that log. Which virus program would you recommend that I keep?

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ewido\ewidoctrl.exe
C:\Program Files\ewido\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\WINNT\System32\CURITY~1\attrib.exe
C:\WINNT\?ymbols\?ttrib.exe
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\Olympus\Monitor.exe -NoStart
O4 - HKCU\..\Run: [Aate] "C:\WINNT\System32\CURITY~1\attrib.exe" -vt ndrv
O4 - HKCU\..\Run: [Fisrkdi] C:\WINNT\?ymbols\?ttrib.exe
O4 - HKCU\..\Run: [wrqz] C:\PROGRA~1\COMMON~1\wrqz\wrqzm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gisweb3.city.vancouver.bc.ca:8080/web/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147748135264
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

Thanks for your help!

#4 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:40 AM

Posted 17 May 2006 - 06:43 PM

Hi there,

Those are both paid products, so that would be up to you. I do know that Norton is a resource hog deluxe. When your machine is clean I'll give you some program suggestions for future use that are FREE, great, and light on resources.

When you're done with that, please go ahead and follow the other instructions. I'll be looking for you. :thumbsup:

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#5 orangesfwr

orangesfwr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 17 May 2006 - 08:17 PM

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido\ewidoctrl.exe
C:\Program Files\ewido\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Hijackthis\HijackThis.exe

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\Olympus\Monitor.exe -NoStart
O4 - HKCU\..\Run: [wrqz] C:\PROGRA~1\COMMON~1\wrqz\wrqzm.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gisweb3.city.vancouver.bc.ca:8080/web/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147748135264
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

#6 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:40 AM

Posted 17 May 2006 - 10:57 PM

Hello,

This is looking better. :thumbsup: In the future could you please post the WHOLE HijackThis log, including the header? It is important. Thanks.

Please run HijackThis! and click "Scan." Place checks next to the following entries, if present:

R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O4 - HKCU\..\Run: [wrqz] C:\PROGRA~1\COMMON~1\wrqz\wrqzm.exe
O16 - DPF: {FDDCE9FF-1FC6-413C-80B1-37B101FDA1D4} - http://download.buddylinks.net/ShellInstaller.cab


Close all browser and other windows except for HijackThis!, and click "Fix Checked".

Delete the following :

C:\PROGRA~1\COMMON~1\wrqz\wrqzm.exe

Reboot your computer.

I see Ewido aboard. Please make sure it's updated and run a scan for me. In your reply, post the Ewido log and a new HijackThis log. Please let me know how the computer is running.

Thanks,
tea
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#7 orangesfwr

orangesfwr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 17 May 2006 - 11:39 PM

Logfile of HijackThis v1.99.1
Scan saved at 12:32:57 AM, on 5/18/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ewido\ewidoctrl.exe
C:\Program Files\ewido\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\Olympus\Monitor.exe -NoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gisweb3.city.vancouver.bc.ca:8080/web/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147748135264
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

For some reason Ewido has been freezing up on me lately. I'm not sure why.

Things seem ok on my computer now...anything else look out of the ordinary?

#8 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:40 AM

Posted 18 May 2006 - 01:10 AM

Hello,

How about a different scan then. :thumbsup:

Use Cleanmgr to clean temporary files:

1. Click > start > run and type cleanmgr and click OK
2. Scan your system for files to remove.
3. Make sure Temporary Files, Temporary Internet Files and Recycle Bin are the only things checked.
4. Click OK to remove those files.
5. Click Yes to confirm deletion.

Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online http://www.pandasoftware.com/products/activescan.htm
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.

Post the contents of the Panda scan report in your next reply, along with a last(hopefully) HijackThis log.

Thanks
:flowers:
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#9 orangesfwr

orangesfwr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 18 May 2006 - 05:47 PM

Incident Status Location

Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@2o7[1].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@advertising[2].txt
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@apmebf[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@atdmt[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@doubleclick[1].txt
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@statcounter[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Bobby\Cookies\bobby@tribalfusion[1].txt
Spyware:spyware/surfsidekick Not disinfected C:\Documents and Settings\Bobby\Local Settings\Temporary Internet Files\Ssk.log
Adware:Adware/Lop Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1.lib
Spyware:Cookie/seeqA Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1322.txt
Spyware:Cookie/NewMedia Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc142.txt
Spyware:Cookie/MyWay Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1421.txt
Spyware:Cookie/Xiti Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1431.txt
Spyware:Cookie/Xmts Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1434.txt
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1447.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1448.txt
Spyware:Cookie/888 Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1450.txt
Spyware:Cookie/YieldManager Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1460.txt
Spyware:Cookie/Hbmediapro Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1464.txt
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1470.txt
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1472.txt
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1473.txt
Spyware:Cookie/Falkag Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1475.txt
Spyware:Cookie/Atlas DMT Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1476.txt
Spyware:Cookie/Bluestreak Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1480.txt
Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1481.txt
Spyware:Cookie/BurstNet Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1482.txt
Spyware:Cookie/GoClick Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1483.txt
Spyware:Cookie/Casalemedia Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1484.txt
Spyware:Cookie/Cassava Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1485.txt
Spyware:Cookie/Doubleclick Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1489.txt
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1490.txt
Spyware:Cookie/Entrepreneur Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1495.txt
Spyware:Cookie/Apmebf Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc150.txt
Spyware:Cookie/Go Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1505.txt
Spyware:Cookie/Hitbox Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1507.txt
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1516.txt
Spyware:Cookie/Mediaplex Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1517.txt
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1519.txt
Spyware:Cookie/2o7 Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1520.txt
Spyware:Cookie/Overture Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1526.txt
Spyware:Cookie/QuestionMarket Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1527.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1529.txt
Spyware:Cookie/WUpd Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1533.txt
Spyware:Cookie/Advertising Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1536.txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1537.txt
Spyware:Cookie/Serving-sys Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1539.txt
Spyware:Cookie/Statcounter Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1540.txt
Spyware:Cookie/Reliablestats Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1541.txt
Spyware:Cookie/WebtrendsLive Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1542.txt
Spyware:Cookie/TargetSaver Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1544.txt
Spyware:Cookie/Tribalfusion Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1548.txt
Spyware:Cookie/BurstBeacon Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1554.txt
Spyware:Cookie/Zedo Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1575.txt
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1577.EXE
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1600.txt
Spyware:Cookie/bravenetA Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1605.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc161.txt
Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1621.txt
Spyware:Cookie/Entrepreneur Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1625.txt
Spyware:Cookie/FortuneCity Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1628.txt
Spyware:Cookie/Atwola Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc163.txt
Spyware:Cookie/Go Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1633.txt
Spyware:Cookie/Humanclick Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1638.txt
Spyware:Cookie/DomainSponsor Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1654.txt
Spyware:Cookie/Maxserving Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1661.txt
Spyware:Cookie/Peel Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1673.txt
Spyware:Cookie/RealMedia Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1676.txt
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1680.txt
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1695.txt
Spyware:Cookie/Tickle Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1703.txt
Spyware:Cookie/MyWay Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1759.txt
Spyware:Cookie/Azjmp Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc176.txt
Adware:Adware/DollarRevenue Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1762.tmp
Adware:Adware/Sqwire Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc1763.exe
Spyware:Cookie/Banner Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc180.txt
Spyware:Cookie/64.62.232 Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc19.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc190.txt
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc220.txt
Spyware:Cookie/GoStats Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc221.txt
Spyware:Cookie/Ccbill Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc241.txt
Spyware:Cookie/did-it Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc316.txt
Spyware:Cookie/Belnk Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc325.txt
Spyware:Cookie/Go Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc430.txt
Spyware:Cookie/Kount Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc513.txt
Spyware:Cookie/LinkExchange Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc525.txt
Spyware:Cookie/OfferOptimizer Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc626.txt
Spyware:Cookie/MyGeek Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc640.txt
Spyware:Cookie/Mircx Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc671.txt
Spyware:Cookie/Rightmedia Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc709.txt
Spyware:Cookie/Seeq Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc766.txt
Spyware:Cookie/Socalcoeds Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc794.txt
Spyware:Cookie/Target Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc839.txt
Spyware:Cookie/adstat Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc87.txt
Spyware:Cookie/Versiontracker Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc894.txt
Spyware:Cookie/Buydomains Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc951.txt
Spyware:Cookie/Seeq Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc953.txt
Spyware:Cookie/Hbmediapro Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc97.txt
Spyware:Cookie/Affiliate fuel Not disinfected C:\RECYCLER\S-1-5-21-527237240-1364589140-1801674531-500\Dc970.txt
Adware:Adware/CommAd Not disinfected C:\WINNT\Qm9iYnkgSGlua2xl\kA62sB40m35RuZU5.vbs


Logfile of HijackThis v1.99.1
Scan saved at 6:45:20 PM, on 5/18/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\Explorer.EXE
C:\Program Files\ewido\ewidoctrl.exe
C:\Program Files\ewido\ewidoguard.exe
C:\PROGRA~1\Iomega\System32\AppServices.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\mcshield.exe
C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton Utilities\NPROTECT.EXE
C:\WINNT\System32\nvsvc32.exe
C:\Program Files\Speed Disk\nopdb.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Verizon Online\WinPoET\WrOS.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINNT\System32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\System32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [OM_Monitor] C:\Program Files\Olympus\Monitor.exe -NoStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://gisweb3.city.vancouver.bc.ca:8080/web/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1147748135264
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart.com/photo/uploads/Fuj...ploadClient.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\ewidoguard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\vstskmgr.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton Utilities\NPROTECT.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\Program Files\Speed Disk\nopdb.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: WinPPPoverEthernet - iVasion, a Routerware Company - C:\Program Files\Verizon Online\WinPoET\WrOS.EXE

#10 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:40 AM

Posted 18 May 2006 - 06:57 PM

Hello,

Any reason why your windows isn't up to date? You don't have even ServicePack1 installed!
Remember that your system is extremely vulnerable without the necessary security patches/updates, so malware can get installed automatically while surfing without any problems.
Please visit http://www.microsoft.com/downloads/details...&DisplayLang=en and update to Service Pack 1. Without this update, you're wide open to re-infection.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#11 orangesfwr

orangesfwr
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:01:40 AM

Posted 18 May 2006 - 07:54 PM

Ok, I'll try to do that as soon as I'm done with this.

Do I have anything left? Looks like just cookies? Do you see anything else I should remove?

Thanks

#12 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:40 AM

Posted 19 May 2006 - 12:35 PM

Hello,

Your log looks clean. :thumbsup:

Delete Temp Files:
To clean out your temp files, click on Start and then run, and type %temp% and press the ok button.
This should open up the temp directory that your machine uses. Please delete all files that are found there.

Delete Temporary Internet Files:
Now I want you to open up Internet Explorer, and click on the Tools menu and then Internet Options. At the General tab, which should be the first tab you are currently on, click on the Delete Files button and put a checkmark in Delete offline content. Then press the OK button. This may take quite a while, so do not be alarmed with how long it takes. When it is done, your Temporary Internet Files will now be deleted.

Empty your recycle bin to get those completely gone.

MOST IMPORTANT!
Please navigate to http://windowsupdate.microsoft.com and download all the "critical updates" for Windows, including the latest version of Internet Explorer. This can patch many of the security holes through which attackers can gain access to your computer. Your current versions are outdated. I cannot stress enough how important this is.

You should definitely maintain a firewall. Some good free firewalls are ZoneAlarm, or Outpost
A tutorial on understanding and using firewalls may be found here.


Below I have included a number of recommendations on how to protect your computer in order to prevent future malware infections. Please take these recommendations seriously! These few simple steps can stave off the vast majority of spyware problems.

In order to protect yourself against spyware, you should consider installing and running the following free programs:

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here.

SpywareGuard
A tutorial on using SpywareGuard for realtime protection against spyware and hijackers may be found here.

Ad-Aware SE
A tutorial on using Ad-Aware to remove spyware from your computer may be found here.

Spybot-Search & Destroy
A tutorial on using Spybot to remove spyware from your computer may be found here. Please also remember to enable Spybot's "Immunize" and "TeaTimer" features.

IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
IE/Spyad

Make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware hassle.

Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in popup blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from here:
http://www.mozilla.org/products/firefox/

Please make sure to run your antivirus software regularly, and to keep it up-to-date.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?

#13 teacup61

teacup61

    Bleepin' Texan!


  • Malware Response Team
  • 17,075 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Wills Point, Texas
  • Local time:12:40 AM

Posted 29 May 2006 - 03:36 PM

Bleeping Computer
Since this issue appears resolved ... this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
Please make a donation so I can keep helping people just like you.
Every little bit helps! :)
You can even use your credit card! Thank you!

Posted Image


Error reading poptart in Drive A: Delete kids y/n?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users