1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

23100247.exe

Discussion in 'Virus & Other Malware Removal' started by NEWGUY2, Jul 20, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
  2. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,342
    PrevX is a legit site but we should be able to remove this infection.

    Please do this:

    Click here to download HJTsetup.exe
    • Save HJTsetup.exe to your desktop.
    • Double click on the HJTsetup.exe icon on your desktop.
    • By default it will install to C:\Program Files\Hijack This.
    • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
    • Put a check by Create a desktop icon then click Next again.
    • Continue to follow the rest of the prompts from there.
    • At the final dialogue box click Finish and it will launch Hijack This.
    • Click on the Do a system scan and save a log file button. It will scan and then ask you to save the log.
    • Click Save to save the log file and then the log will open in notepad.
    • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
    • Come back here to this thread and Paste the log in your next reply.
    • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
     
  3. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
    Here is the log from Hijack This. I noticed that 23100247.exe does not appear in this scan.
    Why is this?

    Thanks

    Logfile of HijackThis v1.99.1
    Scan saved at 4:59:57 PM, on 7/20/2006
    Platform: Windows XP (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 (6.00.2600.0000)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\ISP.COM Internet Services\dialer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: www.skillport.com
    O15 - Trusted Zone: www.smartforce.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/applications/liveplay/Activex/AXClientUtil.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36A5449F-761D-45B3-913A-368BD829C94C}: NameServer = 69.72.11.13 209.163.108.78
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
     
  4. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,342
    Not everything will show in a HijackThis log. Where was the file found?


    Why do you not have any Microsoft Service Packs on this computer?
     
  5. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706
  6. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,342
    Thanks Candy. :)

    Before we can provide you any assistance, you need to go here and install "Service Pack 1" This will patch numerous security vulnerabilities in IE and Windows. As your machine stands now it is wide open to infection. You need to get these updates before we proceed or we will be wasting our time.

    DO NOT install Service pack 2 yet. If you install SP 2 on an infected machine it will cause serious problems. Just get Service Pack 1 installed then come back here and post a new HijackThis log.
     
  7. ~Candy~

    ~Candy~ Retired Administrator

    Joined:
    Jan 27, 2001
    Messages:
    103,706

    (y) Anytime :) I'm sure you know where this one is going :D
     
  8. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,342
    I sure do. :p
     
  9. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
    Norton Anti-Virus removed 23100247.exe. Per your suggestion, I have installed Service Pack 1 and all of the updates from Microsoft. Now that 23100247.exe is gone, is it alright to install Service Pack 2?

    Thanks again for your help.
     
  10. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,342
    I wouldn't be surprised to find other infections. Please post a new HijackThis log and we'll take it from there.
     
  11. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
    Logfile of HijackThis v1.99.1
    Scan saved at 12:31:29 PM, on 7/23/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\Program Files\ISP.COM Internet Services\dialer.exe
    C:\WINDOWS\system32\ntvdm.exe
    C:\Program Files\DayTimer\HomeLife\PROGRAM\Homelife.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: www.skillport.com
    O15 - Trusted Zone: www.smartforce.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/applications/liveplay/Activex/AXClientUtil.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153489594770
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36A5449F-761D-45B3-913A-368BD829C94C}: NameServer = 69.72.11.13 209.163.108.78
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe

    Thank you
     
  12. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,342
    Download the trial version of Ewido Anti-spyware from HERE and save that file to your desktop. When the trial period expires it becomes freeware with reduced functions but still worth keeping.



    • Once you have downloaded Ewido Anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
    • Once the setup is complete you will need run Ewido and update the definition files.
    • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
    • Once in the Settings screen click on "Recommended actions" and then select "Quarantine"
    • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"

    Close Ewido Anti-spyware, Do NOT run a scan yet. We will do that later in safe mode.


    • Reboot your computer into Safe Mode now. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
      IMPORTANT: Do not open any other windows or programs while Ewido is scanning as it may interfere with the scanning process:
    • Launch Ewido Anti-spyware by double-clicking the icon on your desktop.
    • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
    • Ewido will now begin the scanning process. Be patient this may take a little time.
      Once the scan is complete do the following:
    • If you have any infections you will prompted, then select "Apply all actions"
    • Next select the "Reports" icon at the top.
    • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
    • Close Ewido and reboot your system back into Normal Mode.


    Please go HERE to run Panda's ActiveScan
    • Once you are on the Panda site click the Scan your PC button
    • A new window will open...click the Check Now button
    • Enter your Country
    • Enter your State/Province
    • Enter your e-mail address and click send
    • Select either Home User or Company
    • Click the big Scan Now button
    • If it wants to install an ActiveX component allow it
    • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
    • When download is complete, click on My Computer to start the scan
    • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report


    Come back here and post a new HijackThis log along with the logs from the Ewido and Panda scans.
     
  13. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
    Logfile of HijackThis v1.99.1
    Scan saved at 7:38:48 PM, on 7/23/2006
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Nhksrv.exe
    C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    C:\WINDOWS\System32\CTsvcCDA.EXE
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Norton AntiVirus\navapsvc.exe
    C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    C:\WINDOWS\System32\nvsvc32.exe
    C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
    C:\WINDOWS\System32\devldr32.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunThreatEngine.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\SunProtectionServer.exe
    C:\Program Files\ISP.COM Internet Services\dialer.exe
    C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\Common Files\Symantec Shared\ccApp.exe
    C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\wkcalrem.exe
    C:\WINDOWS\System32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.usatoday.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://my.netzero.net/s/search?r=minisearch
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
    O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
    O4 - HKLM\..\Run: [WorksFUD] C:\Program Files\Microsoft Works\Wkfud.exe
    O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
    O4 - HKLM\..\Run: [AHQInit] C:\Program Files\Creative\SBLive\Program\AHQInit.exe
    O4 - HKLM\..\Run: [MMTray] C:\Program Files\MusicMatch\MusicMatch Jukebox\mm_tray.exe
    O4 - HKLM\..\Run: [Microsoft Works Portfolio] C:\Program Files\Microsoft Works\WksSb.exe /AllUsers
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
    O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
    O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
    O4 - HKLM\..\Run: [SunServer] C:\Program Files\Sunbelt Software\CounterSpy\Consumer\sunserver.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O4 - Global Startup: Camio Viewer 2000.lnk = C:\Program Files\Sierra Imaging\Image Expert 2000\IXApplet.exe
    O4 - Global Startup: Microsoft Office Fast Start.lnk = C:\MSOffice\Office\FASTBOOT.EXE
    O4 - Global Startup: Microsoft Works Calendar Reminders.lnk = ?
    O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
    O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
    O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
    O15 - Trusted Zone: www.skillport.com
    O15 - Trusted Zone: www.smartforce.com
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/techsupp/asa/LSSupCtl.cab
    O16 - DPF: {2C52AF58-B9B1-11D5-9DF6-00508B755B44} (AXClientUtil2 Control) - http://www.smartforce.com/v2.1/applications/liveplay/Activex/AXClientUtil.cab
    O16 - DPF: {49232000-16E4-426C-A231-62846947304B} (SysData Class) - http://ipgweb.cce.hp.com/rdqaio/downloads/sysinfo.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1153489594770
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://echat.us.dell.com/Media/VisitorChat/TLIEFlash.CAB
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/techsupp/asa/SymAData.cab
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30155.www3.hp.com/ediags/hpfix/aio/en/qdiagh.cab?326
    O17 - HKLM\System\CCS\Services\Tcpip\..\{36A5449F-761D-45B3-913A-368BD829C94C}: NameServer = 69.72.11.13 209.163.108.78
    O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
    O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
    O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
    O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\System32\ImapiRox.exe
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
    O23 - Service: Netropa NHK Server (Nhksrv) - Unknown owner - C:\WINDOWS\Nhksrv.exe
    O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
    O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\NPROTECT.EXE
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
    O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
    O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
    O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
    O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
    O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~1\NORTON~2\SPEEDD~1\NOPDB.EXE
    O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
    O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe



    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:03:54 PM 7/23/2006

    + Scan result:



    HKLM\SOFTWARE\Classes\CLSID\{625A227C-8F17-DBE9-FC96-11C4EB6EC178} -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{8A00AC43-3C8D-DD35-B5A1-4E5235F1EF4D} -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{DF47F1BD-C208-8C66-A47A-BD4CBA5DD322} -> Adware.CoolWebSearch : No action taken.
    HKLM\SOFTWARE\Classes\CLSID\{EC18E959-5D99-21DE-D05B-7680C0B260D3} -> Adware.CoolWebSearch : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire -> Adware.HiWire : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire\MusicMatch -> Adware.HiWire : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire\MusicMatch\Browser -> Adware.HiWire : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire\MusicMatch\Faceplate -> Adware.HiWire : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire\MusicMatch\History -> Adware.HiWire : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire\MusicMatch\Resources -> Adware.HiWire : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire\MusicMatch\Stations -> Adware.HiWire : No action taken.
    HKU\S-1-5-21-1148942700-2952981389-3168066103-500\Software\Hiwire\MusicMatch\WebUpdate -> Adware.HiWire : No action taken.
    C:\WINDOWS\DESKTOP.INI:yjxfdc -> Adware.SearchPage : No action taken.
    C:\WINDOWS\Dir.log:ntiqih -> Adware.SearchPage : No action taken.
    C:\WINDOWS\GOOD_DAY.WAV:fuwhnj -> Adware.SearchPage : No action taken.
    C:\WINDOWS\IIS6.LOG:pkruap -> Adware.SearchPage : No action taken.
    C:\WINDOWS\KB828028.log:vwirbb -> Adware.SearchPage : No action taken.
    C:\WINDOWS\Perwty02.ini:sfexct -> Adware.SearchPage : No action taken.
    C:\WINDOWS\Q318138.log:aupfns -> Adware.SearchPage : No action taken.
    C:\WINDOWS\Rhododendron.bmp:nydqtz -> Adware.SearchPage : No action taken.
    C:\WINDOWS\SLS.INI:tqxzik -> Adware.SearchPage : No action taken.
    C:\WINDOWS\USERIF.WAV:yyspke -> Adware.SearchPage : No action taken.
    C:\WINDOWS\VER.DL:qubesl -> Adware.SearchPage : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:noqyau -> Adware.SearchPage : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:utdzxm -> Adware.SearchPage : No action taken.
    C:\WINDOWS\cbtsys.ini:gzvtlx -> Adware.SearchPage : No action taken.
    C:\WINDOWS\AutoRun.INI:rqhhfq -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\BEENWAIT.WAV:nzsysl -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\CLOSE.WAV:dxbedo -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\COMSETUP.LOG:qjhtrl -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\DELLWP.BMP:ekresb -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\DESTRUCT.WAV:mkabvy -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\DOOO.WAV:wbdnwf -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Dir.log:rqpqbr -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\ELVIS.WAV:pqapms -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\FALLEN.WAV:ycndiy -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\FaxSetup.log:hfoeog -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\FeatherTexture.bmp:dscpsp -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\FeatherTexture.bmp:wdhlbk -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\INTUIT.INI:lcnsqu -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Instcomp.lyt:lscgdk -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Instcomp.lyt:pwaku -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\KB828028.log:wfnywk -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\MEOWMIX.WAV:doxubo -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\MEOWMIX.WAV:xdkzic -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\MMKEYBD.INI:zhbhiv -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\MSIOSD.INI:ybbcja -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\OCGEN.LOG:gdhpvf -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\OCGEN.LOG:ppygmb -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\PORKY.WAV:ufmrai -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q308210.log:qtmfn -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q308210.log:wpcqlm -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q308678.log:emdjuu -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q309691.log:hqrjez -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q309691.log:uwcewv -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q328940.log:aiaima -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q328940.log:gvxyvh -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q328940.log:ppgdyl -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Q329170.log:zdwzgp -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\QUICKEN.INI:adnlhu -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\QUICKEN.INI:eek:hpvcs -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\River Sumida.bmp:fvyrvz -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\SBWIN.INI:efjjfr -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\SETUPERR.LOG:gctpgb -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\SLS.INI:ftuzzp -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Santa Fe Stucco.bmp:ibukvu -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\Santa Fe Stucco.bmp:npqlof -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\TSOC.LOG:srpwwi -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\WINNT256.BMP:ktkuyg -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:bfljut -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:dawlbx -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:fcxfbl -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:hcnswh -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:hdwbdu -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:hkapau -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:ignfsf -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:iojtlz -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:iuzldv -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:lbuunn -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:lewjee -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:lsmgpf -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:mielnp -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:mruxib -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:nnxehd -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:shskqn -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:wdxfja -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:xqsqpw -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:xrycpa -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:zkrqnk -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:ztzxay -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:zxxghd -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\cbtsys.ini:ypkiwp -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\intuprof.ini:wndvvm -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\jject.dat:cdlqhh -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\jject.dat:errxrd -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\mydgd.dat:qbuilc -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\pghconnect 26x52.bmp:csybcq -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\wgedit.ini:lhhqcc -> Downloader.Agent.bq : No action taken.
    C:\WINDOWS\PANEL.WAV:vzqhx -> Downloader.Agent.lz : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:ntuhf -> Downloader.Agent.lz : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:wqwwqy -> Downloader.Agent.lz : No action taken.
    C:\WINDOWS\SYSTEM32:eek:laa.dll -> Downloader.Small.ats : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:acavni -> Downloader.WinShow.ak : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][2].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][2].txt -> TrackingCookie.Addynamix : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][2].txt -> TrackingCookie.Adserver : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][1].txt -> TrackingCookie.Questionmarket : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][2].txt -> TrackingCookie.Specificclick : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][1].txt -> TrackingCookie.Statcounter : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][2].txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\Martin\Cookies\[email protected][2].txt -> TrackingCookie.Zedo : No action taken.
    C:\WINDOWS\Accentxp.INI:kattko -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\BOOTSTAT.DAT:gorcbn -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\CLOCK.AVI:xjxfwi -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\DANGER.WAV:bjxqzl -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\DELLMMKB.EXE.bak:zqflgp -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\DELLWP.BMP:dbkiuu -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\DRAT.WAV:wpiksp -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\EXPLORER.SCF:pnwzlv -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\FALLEN.WAV:ddxgzz -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\FALLEN.WAV:krjjyf -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\INSTALL.DAT:rciykn -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\InfModM.ini:tcvnoj -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Instcomp.lyt:emkpac -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\KB824141.log:devsua -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\KB883357.log:ynylzf -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Martin.acl:fcruor -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Martin.acl:knfphm -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\PORKY.WAV:eokkjc -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Perwty01.ini:jrgnag -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Perwty02.ini:ceumgf -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Prairie Wind.bmp:mlleak -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Q307869.log:cwjyck -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Q307869.log:xpyecp -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Q323255.log:vvqvfk -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Q324380.log:nvetbw -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Q324380.log:phickp -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Q324380.log:wooxei -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Q328940.log:hcluee -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\REGLOCS.OLD:mufdtp -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\REGOPT.LOG:uoyguc -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\SETUPACT.LOG:nbakmz -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\SETUPLOG.TXT:zqsovv -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\SIGVERIF.TXT:msjtfe -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\Soap Bubbles.bmp:nirmoe -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\WINHELP.INI:rtrhed -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:aghfwd -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:aytbek -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:eceapp -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:eikhzm -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:eqoxnq -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:fqalvl -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:hwmtna -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:iesdzi -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:iiicqs -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:mcmahj -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:eek:kijyr -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:eek:rzlla -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:pdevjk -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:pnqnjx -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:pocaqd -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:prpbki -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:teldku -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:tmnfza -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:tqcrnr -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:trbtnv -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:uhtfln -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:vmfrft -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:vpldir -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:vrdzka -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:wctiha -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\_DEFAULT.PIF:xsotga -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\aybjh.log:vgatyj -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\cdplayer.ini:kwjzbe -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\dasetup.log:mjzzqr -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\drwatson.log:vackll -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\euroconv.inf:nbvpgo -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\howkw.dat:iyginn -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\intuprof.ini:kcalmx -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\intuprof.ini:mzysoa -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\jject.dat:wilmuj -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\mozver.dat:faqppq -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\ntbtlog.txt:ncpktd -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\ntbtlog.txt:xogakz -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\rurcc.log:pbbftj -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\ryykw.txt:leyddp -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\uhgyi.txt:pmtnjd -> Trojan.Agent.bi : No action taken.
    C:\WINDOWS\warzi.dat:tgplia -> Trojan.Agent.bi : No action taken.

    ::Report end


    Reports were too long to include all 3 in one posting. I will place the Panda scan report in another posting.

    Thank you
     
  14. NEWGUY2

    NEWGUY2 Thread Starter

    Joined:
    May 4, 2005
    Messages:
    28
    Incident Status Location

    Adware:adware/searchaid Not disinfected c:\windows\n_vfrbna.log
    Spyware:spyware/searchcentrix Not disinfected Windows Registry
    Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][2].txt
    Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][2].txt
    Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][2].txt
    Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][1].txt
    Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][1].txt
    Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][1].txt
    Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][1].txt
    Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][2].txt
    Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Martin\Cookies\[email protected][2].txt

    Thank you
     
  15. Cookiegal

    Cookiegal Administrator Malware Specialist Coordinator

    Joined:
    Aug 27, 2003
    Messages:
    112,342
    Locate and delete this file:

    c:\windows\n_vfrbna.log


    Everything else looks fine in the HijackThis log but you need to run Ewido again and follow the instructions carefully so that it quarantines the things it found.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/484843

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice