Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Spyware I'm Guessing?


  • Please log in to reply
16 replies to this topic

#1 malice

malice

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 24 June 2006 - 08:45 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:41:26 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor2\sdhelp.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\30395837.exe
C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe
C:\Documents and Settings\B\Application Data\??sembly\??oolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\B\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.231.187.4 :80
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebyxuv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [30395837.exe] C:\WINDOWS\system32\30395837.exe
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [30395837.exe] C:\Documents and Settings\B\Local Settings\Application Data\30395837.exe
O4 - HKCU\..\Run: [Selt] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Kekuu] C:\Documents and Settings\B\Application Data\??sembly\??oolsv.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: wucrtupd.dll C:\WINDOWS\system32\wucrtupd.dll
O20 - Winlogon Notify: gebyxuv - C:\WINDOWS\SYSTEM32\gebyxuv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor2\sdhelp.exe
O23 - Service: SDJB Manager - ?????????? - C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Every once in a while my Mozilla Firefox opens up and displays a porno page.. Yeah, not liking it.. dont know why either.. I just got rid of Spywarequake, and I think this is an after effect. I used the automated removal on this topic
http://www.bleepingcomputer.com/forums/t/47826/how-to-remove-spywarequaked-and-spywarequake-removal-instructions/

Can anyone help me?

BC AdBot (Login to Remove)

 


#2 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 25 June 2006 - 12:29 AM

anyone?@@

#3 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 25 June 2006 - 11:25 AM

also, random shortcuts to remove spyware sites and stuff appear on my desktop..

#4 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 25 June 2006 - 02:53 PM

Logfile of HijackThis v1.99.1
Scan saved at 3:53:02 PM, on 6/25/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor2\sdhelp.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\AIM\aim.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Copy of Diablo II\Game.exe
C:\Documents and Settings\B\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.2020search.com/search/9884/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.2020search.com/search/9884/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page_bak = prosearching.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.231.187.4 :80
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [30395837.exe] C:\WINDOWS\system32\30395837.exe
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [30395837.exe] C:\Documents and Settings\B\Local Settings\Application Data\30395837.exe
O4 - HKCU\..\Run: [Selt] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Kekuu] C:\Documents and Settings\B\Application Data\??sembly\??oolsv.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.flingstone.com
O15 - Trusted Zone: *.i-lookup.com
O15 - Trusted Zone: *.offshoreclicks.com
O15 - Trusted Zone: *.teensguru.com
O15 - Trusted Zone: *.xxxtoolbar.com
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: wucrtupd.dll C:\WINDOWS\system32\wucrtupd.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor2\sdhelp.exe
O23 - Service: SDJB Manager - ?????????? - C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe



Updated log.

#5 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 26 June 2006 - 02:49 PM

anyone help?

#6 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 27 June 2006 - 12:31 PM

This is my second post, i see you guys are quite a bit backed up, and ya ><. Random shortcuts to websites pop up on my desktop to "Online Games," and other random stuff. Im thinking this is the after effects of SpywareQuake that I removed. Heres my log.


Logfile of HijackThis v1.99.1
Scan saved at 1:26:37 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor2\sdhelp.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\DOCUME~1\B\APPLIC~1\SEMBLY~1\OOLSV~1.EXE
C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\B\Desktop\hijackthis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\drwtsn32.exe

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [Kekuu] C:\DOCUME~1\B\APPLIC~1\SEMBLY~1\OOLSV~1.EXE
O4 - HKCU\..\Run: [Selt] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor2\sdhelp.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

It looks a bit smaller then my old one, which was

Logfile of HijackThis v1.99.1
Scan saved at 9:41:26 PM, on 6/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor2\sdhelp.exe
C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\30395837.exe
C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe
C:\Documents and Settings\B\Application Data\??sembly\??oolsv.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\B\Desktop\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 211.231.187.4 :80
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: XBTP05231 - {031F120A-BBAF-45d8-B306-375F2A6B9398} - C:\PROGRA~1\ALCOHO~1\ALCOHO~2\a120_tb.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Resources - {2D38A51A-23C9-48a1-A33C-48675AA2B494} - C:\WINDOWS\winres.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\gebyxuv.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Viewpoint Toolbar BHO - {A7327C09-B521-4EDB-8509-7D2660C9EC98} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBarBHO.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Alcohol Soft - Alcohol 120% Toolbar - {1CE4EE89-2D5C-4361-AF3B-D902AB545381} - C:\Program Files\Alcohol Soft\Alcohol 120% Toolbar\a120_tb.dll
O3 - Toolbar: Viewpoint Toolbar - {F8AD5AA5-D966-4667-9DAF-2561D68B2012} - C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll
O3 - Toolbar: (no name) - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - (no file)
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [30395837.exe] C:\WINDOWS\system32\30395837.exe
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [30395837.exe] C:\Documents and Settings\B\Local Settings\Application Data\30395837.exe
O4 - HKCU\..\Run: [Selt] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Kekuu] C:\Documents and Settings\B\Application Data\??sembly\??oolsv.exe
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar V35\ViewBar.dll/CXTSEARCH.HTML
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - AppInit_DLLs: wucrtupd.dll C:\WINDOWS\system32\wucrtupd.dll
O20 - Winlogon Notify: gebyxuv - C:\WINDOWS\SYSTEM32\gebyxuv.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor2\sdhelp.exe
O23 - Service: SDJB Manager - ?????????? - C:\Program Files\Panasonic\SD-JukeboxV3\sdjbmgr.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


I have not run any scans, and dont know where all of that stuff went. :thumbsup:

So yeah, can anyone help?

#7 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 27 June 2006 - 12:42 PM

Logfile of HijackThis v1.99.1
Scan saved at 1:41:21 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Spyware Doctor2\sdhelp.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\DOCUME~1\B\APPLIC~1\SEMBLY~1\OOLSV~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\dcomcfg.exe
C:\WINDOWS\system32\atmclk.exe
C:\Program Files\AIM\aim.exe
C:\Documents and Settings\B\Desktop\hijackthis\HijackThis.exe

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [Kekuu] C:\DOCUME~1\B\APPLIC~1\SEMBLY~1\OOLSV~1.EXE
O4 - HKCU\..\Run: [Selt] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor2\sdhelp.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe


Ok.. now theres a flashing icon in my task bar saying Your computer is infected with spyware managing pop-up malware
When I click it it goes to //malwarewipe.com/?rid=252.
SOMEONE HELP ><!!!!

//Mod edit to modify hot link URL above.

Edited by KoanYorel, 27 June 2006 - 02:45 PM.


#8 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:15 AM

Posted 27 June 2006 - 02:53 PM

Hello there malice,

It is a good idea to print off these instructions - they will be needed later when internet access is not available. You may also like to save these instructions in word/notepad to the desktop where they can be easily found for the same reasons as above. It is important that you complete the following instructions in the correct order, and also that you don't miss anything out!

* Go to start > controlpanel > software > add/remove programs and uninstall next if present:

Oin
Yazzle by Oin
Purityscan by Oin
Snowballwars by Oin
Cowabanga by OIN

or anything similar with Oin in it.

* Please run the uninstaller by using the tutorial found here:
http://www.outerinfo.com/howto.html
Then Reboot! (v.important)

* Download smitRem and save the file to your desktop.
Doubleclick it and choose install. This will create a new folder on your desktop with the name smitrem.

* Please download ewido security suite; it is a free version of the program.
  • Install ewido security suite
  • When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  • Launch ewido by double-clicking on the icon on your desktop.
  • The program will now open to the main screen.
  • When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  • You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  • The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful")
If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates
Don't run it yet.

* Please download ATF Cleaner by Atribune.
Do not run it yet.

* Reboot into Safe Mode`: ( without networking support !)
°To get into the Safe mode as the computer is booting press and hold your "F8 Key". Use your arrow keys to move to "Safe Mode" and press your Enter key.

* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:

O2 - BHO: Nothing - {5f4c3d09-b3b9-4f88-aa82-31332fee1c08} - C:\WINDOWS\system32\hp100.tmp
O4 - HKLM\..\RunOnce: [*Bandook] C:\WINDOWS\system32\ali.exe
O4 - HKCU\..\Run: [Kekuu] C:\DOCUME~1\B\APPLIC~1\SEMBLY~1\OOLSV~1.EXE
O4 - HKCU\..\Run: [Selt] "C:\PROGRA~1\COMMON~1\WNSXS~1\iexplore.exe" -vt ndrv
O4 - HKCU\..\Run: [Bandook] C:\WINDOWS\system32\ali.exe


* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!

* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.

* Now open Ewido Security Suite
Click on scanner

* Click Complete System Scan and the scan will begin.
* During the scan it will prompt you to clean files, click OK
* When the scan is finished, look at the bottom of the screen and click the Save report button.
* Save the report to your desktop

* Close Ewido

* Please manually delete this file:

C:\WINDOWS\system32\ali.exe

* Go to start > control panel > Display properties > Desktop > Customize Desktop... > Web tab > uncheck and delete everything you find in there. (except for "My current home page")

* Reboot back into Windows.

* Perform an onlinescan with panda: (please use this scanner instead of any other scanner!)
Panda Online
- Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
- When download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location.
Post the contents of the Panda scan report in your next reply along with a new HijackThis Log, the contents of smitfiles.txt which is present on your Homedrive (C:\ in most cases)
and the Ewido Log by using Add Reply.

David

#9 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 27 June 2006 - 04:23 PM

Thanks for replying to my post and looking into it. Below is my HJT Log.


Logfile of HijackThis v1.99.1
Scan saved at 5:19:37 PM, on 6/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor2\sdhelp.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\B\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor2\sdhelp.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

That is my HJT log.





---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 5:05:45 PM 6/27/2006

+ Scan result:



C:\WINDOWS\system32\wucrtupd.dll -> Adware.PurityScan : No action taken.
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : No action taken.
C:\WINDOWS\system32\gebyxuv.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\iifdcdb.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\yayvwtt.dll -> Adware.Virtumonde : No action taken.
C:\WINDOWS\system32\ali.exe -> Backdoor.Bandok.ag : No action taken.
[860] VM_13140000 -> Backdoor.Bandok.ag : No action taken.
C:\Documents and Settings\B\Local Settings\Application Data\30395837.exe -> Downloader.Obfuscated.a : No action taken.
C:\WINDOWS\system32\30395837.exe -> Downloader.Obfuscated.a : No action taken.
C:\WINDOWS\system32\wincqt32.dll -> Trojan.Agent.vg : No action taken.


::Report end

That is my Ewido Log.

When I run the Panda scan, it does run fine, until it gets to this.
1110 Files scanned ...Music\Sample Music\desktop.ini

It freezes there, and doesnt move =\

My Ewido didnt remove the BackDoor.. Why not?

#10 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 27 June 2006 - 04:25 PM

When I run the Panda scan, it does run fine, until it gets to this.
1110 Files scanned ...Music\Sample Music\desktop.ini

It freezes there, and doesnt move =\


Nevermind, it finally moved =]. I will post that log when it is finished.
Ok, have the log now.



Incident Status Location
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt[.atwola.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\B\Cookies\b@atdmt[1].txt
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\B\Cookies\b@atwola[1].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\B\Cookies\b@doubleclick[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\B\Desktop\SmitRem\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\B\Desktop\smitRem.exe[smitRem/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\B\smitRem\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Program Files\Roguescanfix\Process.exe

Edited by malice, 27 June 2006 - 04:44 PM.


#11 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:15 AM

Posted 28 June 2006 - 03:29 AM

I need you to run ewido again in safe mode. When the scan is finished click "apply all actions", then let the program remove all the files. Then click on the "save report" button, and post that back here,

David

#12 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 28 June 2006 - 12:55 PM

i did that, and the only thing it didnt infect was that backdoor.. ill run it again and ill do what you said.

#13 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:15 AM

Posted 28 June 2006 - 01:31 PM

Ok, i'll check for a reply later,
David

#14 malice

malice
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:10:15 PM

Posted 01 July 2006 - 01:09 PM

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 2:04:54 PM 7/1/2006

+ Scan result:



:mozilla.339:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.247realmedia : Cleaned.
:mozilla.164:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.165:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.166:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.167:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.168:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.169:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
C:\Documents and Settings\B\Cookies\b@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.201:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.202:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.203:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.204:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.188:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.193:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.119:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.120:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.121:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.122:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.123:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.71:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.72:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\B\Cookies\b@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.124:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Bluestreak : Cleaned.
:mozilla.194:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.66:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.67:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.68:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.69:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.70:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.49:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\B\Cookies\b@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.309:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
:mozilla.336:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.342:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.343:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.344:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
C:\Documents and Settings\B\Cookies\b@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.212:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.213:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.214:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.215:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.243:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Falkag : Cleaned.
:mozilla.107:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.108:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.115:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.116:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.117:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.118:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.335:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.148:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.149:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.150:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.151:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.152:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.351:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.362:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.363:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.364:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
:mozilla.365:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Hitslink : Cleaned.
C:\Documents and Settings\B\Cookies\b@sales.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.184:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.185:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.346:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.347:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.224:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.128:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.129:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.130:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
C:\Documents and Settings\B\Cookies\b@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.228:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.178:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.181:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.182:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.183:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.244:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.245:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.246:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.247:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.248:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
:mozilla.357:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.358:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.359:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.271:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Targetnet : Cleaned.
:mozilla.28:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.38:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.39:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.40:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.43:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.44:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.45:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.46:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.52:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.100:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.101:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.102:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.85:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.99:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.273:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.274:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.275:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.276:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.277:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.278:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valuead : Cleaned.
:mozilla.190:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.191:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Valueclick : Cleaned.
:mozilla.29:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.30:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.48:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.50:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.53:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.56:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.132:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.133:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.134:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.135:C:\Documents and Settings\B\Application Data\Mozilla\Firefox\Profiles\prrytqml.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.


::Report end



Sorry I took so long, I was away for the week. Here is a fresh HJT log also.

Logfile of HijackThis v1.99.1
Scan saved at 2:09:00 PM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Spyware Doctor2\sdhelp.exe
C:\WINDOWS\system32\sdpasvc.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\B\Desktop\hijackthis\HijackThis.exe

O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor2\sdhelp.exe
O23 - Service: SDPAUMS server service (SDPASVC) - Matsubleepa Electric Industrial Co.,Ltd. - C:\WINDOWS\system32\sdpasvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe

Thanks.

#15 -David-

-David-

  • Members
  • 10,603 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London
  • Local time:03:15 AM

Posted 01 July 2006 - 01:16 PM

I see a clean log here! How do you feel the computer is running?
Let me know,
David




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users