1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

hijack log and ewido log

Discussion in 'Virus & Other Malware Removal' started by LindaBEE, Jul 14, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. LindaBEE

    LindaBEE Thread Starter

    Joined:
    Dec 17, 2001
    Messages:
    161
    I'm sorry to have to repost but I still need help. I was told to download ewido and repost both logs. Can someone please help? I'm desperate. I still have many issues.

    Thanks
    Linda

    ---------------------------------------------------------
    ewido security suite - Scan report
    ---------------------------------------------------------

    + Created on: 8:34:30 PM, 7/13/2005
    + Report-Checksum: 403BF431

    + Scan result:

    HKLM\SOFTWARE\AutoLoader -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\AutoLoader\5wq61aSkXbLO -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\AutoLoader\5wqG1aSkXbLO -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{B5AB638F-D76C-415B-A8F2-F3CEAC502212} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\CLSID\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{B548B7D8-3D03-4AED-A6A1-4251FAD00C10} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{B99A727F-0782-4A71-BCC2-6E1E66414904} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Classes\Interface\{BC333116-6EA1-40A1-9D07-ECB192DB8CEA} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\dealhelper -> Spyware.DealHelper : Cleaned with backup
    HKLM\SOFTWARE\dealhelper\KeyWord -> Spyware.DealHelper : Cleaned with backup
    HKLM\SOFTWARE\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\ISTsvc\history -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Dealhelper -> Spyware.DealHelper : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ISTsvc -> Spyware.ISTBar : Cleaned with backup
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{016235BE-59D4-4CEB-ADD5-E2378282A1D9} -> Spyware.AproposMedia : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10E42047-DEB9-4535-A118-B3F6EC39B807} -> Spyware.SideFind : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A3FDD654-A057-4971-9844-4ED8E67DBBB8} -> Spyware.ISTBar : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
    HKU\S-1-5-21-1229272821-413027322-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FAA356E4-D317-42A6-AB41-A3021C6E7D52} -> Spyware.ISTBar : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @247realmedia[1].txt -> Spyware.Cookie.247realmedia : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @adorigin[2].txt -> Spyware.Cookie.Adorigin : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @ads.pointroll[1].txt -> Spyware.Cookie.Pointroll : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @bilbo.counted[2].txt -> Spyware.Cookie.Counted : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @bs.serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @coxhsi.112.2o7[2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @e20.email.excite[2].txt -> Spyware.Cookie.Excite : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @edge.ru4[2].txt -> Spyware.Cookie.Ru4 : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @excite[2].txt -> Spyware.Cookie.Excite : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @findwhat[1].txt -> Spyware.Cookie.Findwhat : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @perf.overture[1].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @qksrv[1].txt -> Spyware.Cookie.Qksrv : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @questionmarket[2].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @trafficmp[2].txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @tribalfusion[2].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @www.infinite-ads[2].txt -> Spyware.Cookie.Infinite-ads : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @www.res99[1].txt -> Spyware.Cookie.Res99 : Cleaned with backup
    C:\Documents and Settings\Linda \Cookies\Linda @z1.adserver[1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\Cookies\Linda @atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\Cookies\Linda @doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\Cookies\Linda @ehg-samsungusa.hitbox[1].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\Cookies\Linda @excite[1].txt -> Spyware.Cookie.Excite : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\Cookies\Linda @hitbox[2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\Cookies\Linda @overture[2].txt -> Spyware.Cookie.Overture : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\dealhelper.exe -> TrojanDownloader.Agent.hw : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.ku : Cleaned with backup
    C:\Documents and Settings\Linda \Local Settings\Temp\optimize.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
    C:\Program Files\Aprps\CxtPls.dll -> Heuristic.Win32.Hijacker1 : Cleaned with backup
    C:\Program Files\SideFind\sfbho.dll_tobedeleted -> Spyware.SideFind : Cleaned with backup
    C:\WINDOWS\system32\9tnkft2l.dll -> Adware.SAHA : Cleaned with backup
    C:\WINDOWS\system32\dun.exe -> Spyware.DealHelper : Cleaned with backup
    C:\WINDOWS\system32\HookPopup.dll -> Spyware.DealHelper : Cleaned with backup
    C:\WINDOWS\system32\r51jt9o6.exe -> Adware.SAHA : Cleaned with backup
    C:\WINDOWS\system32\Vsbyrz.exe -> Spyware.DealHelper : Cleaned with backup
    C:\WINDOWS\tu2h3siv.exe -> Adware.SAHA : Cleaned with backup
    C:\WINDOWS\youhc.exe -> TrojanDownloader.IstBar.ij : Cleaned with backup


    ::Report End




    Logfile of HijackThis v1.99.1
    Scan saved at 8:36:37 PM, on 7/13/2005
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\SurfAccuracy\SAcc.exe
    C:\WINDOWS\system32\migalspl.exe
    C:\WINDOWS\system32\tbctray.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\mfcks.exe
    C:\Program Files\Serials3k\s3k_autoupdate.exe
    C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\PROGRA~1\HEWLET~1\AiO\Shared\Bin\hpoevm07.exe
    C:\WINDOWS\system32\hpoipm07.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\ewido\security suite\ewidoctrl.exe
    C:\Program Files\ewido\security suite\ewidoguard.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\MsPMSPSv.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOSTS07.exe
    C:\Program Files\Hewlett-Packard\AiO\Shared\bin\hpOFXM07.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [AISdAcG9D] C:\WINDOWS\youhc.exe
    O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
    O4 - HKLM\..\Run: [539g3mP] migalspl.exe
    O4 - HKLM\..\Run: [AutoUpdater] "C:\Program Files\AutoUpdate\AutoUpdate.exe"
    O4 - HKLM\..\Run: [version] C:\WINDOWS\system32\Vsbyrz.exe
    O4 - HKLM\..\Run: [secure] C:\WINDOWS\system32\Vbjbfa.exe
    O4 - HKLM\..\Run: [nhvjjb9g] C:\WINDOWS\system32\nhvjjb9g.exe
    O4 - HKLM\..\Run: [NI.UWFX5LP_0001_0614] "C:\WINDOWS\Downloaded Program Files\UWFX5LP_0001_0614NetInstaller.exe"
    O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
    O4 - HKLM\..\Run: [TraySantaCruz] C:\WINDOWS\system32\tbctray.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [K0qmRgjmg] mfcks.exe
    O4 - HKCU\..\Run: [AutoUpdate] C:\Program Files\Serials3k\s3k_autoupdate.exe
    O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: HPAiODevice(hp officejet g series) - 1.lnk = C:\Program Files\Hewlett-Packard\AiO\hp officejet g series\Bin\hpoavn07.exe
    O4 - Global Startup: Microsoft Office.lnk = F:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
    O4 - Global Startup: TweakYC.lnk = ?
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://F:\PROGRA~1\MICROS~1\Office10\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\bin\npjpi142.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - G:\bin\npjpi142.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
    O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
    O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://floridakeysmedia.tv/axiscam/...sCamControl.ocx
    O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} (QDiagHUpdateObj Class) - http://h30043.www3.hp.com/aio/en/check/qdiagh.cab?326
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
    O23 - Service: Macromedia Licensing Service - Macromedia - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
     
  2. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
  3. LindaBEE

    LindaBEE Thread Starter

    Joined:
    Dec 17, 2001
    Messages:
    161
    Sorry. I keep checking my original thread. I need my computer so bad for a pending project and it's causing all kinds of issues. I was afraid I was forgotten :(

    Linda
     
  4. Cheeseball81

    Cheeseball81 Retired Moderator

    Joined:
    Mar 3, 2004
    Messages:
    84,315
    I'll take a look at it.

    I believe TJ is on a different time zone, that's probably why he hasn't responded yet.
     
  5. bassetman

    bassetman Moderator (deceased) - Gone but never forgotten

    Joined:
    Jun 7, 2001
    Messages:
    47,973
    LB seeing you have started 2 threads on the same subj. I am closing this one so people can stay focused on one thread! ;)
     
  6. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/381004

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice