Was having problems, take a look at my logs...

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

ian80

Thread Starter
Joined
Jul 26, 2002
Messages
292
Hey guys,

I was having problems with the SpywareStrike virus. I've followed the advice in another thread and was hoping you could take a look at my HJT log and EWIDO log...

HJT:

Logfile of HijackThis v1.99.1
Scan saved at 6:10:12 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\system32\Tablet.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/cus.../*http://www.yahoo.com/ext/search/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O4 - HKLM\..\RunServices: [virtual] winit.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_06\bin\npjpi142_06.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by21fd.bay21.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} (YAddBook Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\system32\Tablet.exe

EWIDO:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:04:18 PM, 1/14/2006
+ Report-Checksum: A3C46D18

+ Scan result:

HKLM\SOFTWARE\Classes\ANSMTP.MassSender -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.MassSender.1 -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CLSID -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ\CurVer -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Classes\ANSMTP.OBJ.1 -> Spyware.007Spy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Security -> Spyware.NaviSearch : Cleaned with backup
HKLM\SYSTEM\CurrentControlSet\Services\ZESOFT\Enum -> Spyware.NaviSearch : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-21-602162358-1957994488-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-602162358-1957994488-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-21-602162358-1957994488-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-21-602162358-1957994488-1708537768-1004\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000010-6F7D-442C-93E3-4A4827C2E4C8} -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D7E3B41-23CE-469B-BE1B-A64B877923E1} -> Spyware.BlazeFind : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4A2AACF3-ADF6-11D5-98A9-00E018981B9E} -> Spyware.NewDotNet : Cleaned with backup
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F4E04583-354E-4076-BE7D-ED6A80FD66DA} -> Spyware.BargainBuddy : Cleaned with backup
[492] C:\Program Files\NewDotNet\newdotnet7_14.dll -> Adware.NewDotNet : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Fastclick : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Adtrak : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected]-2.stats.esomniture[1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Anita\Cookies\[email protected][1].txt -> Spyware.Cookie.Adserver : Cleaned with backup
C:\Documents and Settings\Ian\Cookies\[email protected][2].txt -> Spyware.Cookie.Bpath : Cleaned with backup
C:\Documents and Settings\Ian\Cookies\[email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Ian\Cookies\[email protected][2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Ian\Cookies\[email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\AZ6RYF03\0,1-0,dip_in_bread_bowl,FF[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\AZ6RYF03\0,1-0,spinach_bread_dip,FF[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\AZ6RYF03\0,1815,148191-238192,00[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\C5EV4X2J\0,181,152162-246192,00[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\C5EV4X2J\0,181,153161-244192,00[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\C5EV4X2J\0,181,153163-247193,00[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\O1A9U98D\0,1-0,pumpernickel_bread_dip,FF[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\O1A9U98D\0,161,148179-231207,00[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\O1A9U98D\0,181,152162-247192,00[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Documents and Settings\Ian\Local Settings\Temporary Internet Files\Content.IE5\O1A9U98D\0,181,153163-246193,00[1].htm -> Spyware.BookedSpace : Cleaned with backup
C:\Program Files\NewDotNet -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\NewDotNet\newdotnet7_14.dll -> Adware.NewDotNet : Cleaned with backup
C:\Program Files\Windows TaskAd -> Adware.WinTaskAd : Cleaned with backup
C:\RECYCLER\NPROTECT\00175769.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00175770.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00175771.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00175772.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00175773.TXT -> Spyware.Cookie.Burstbeacon : Cleaned with backup
C:\RECYCLER\NPROTECT\00175774.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00175775.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\RECYCLER\NPROTECT\00175781.TXT -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\WINDOWS\NDNuninstall6_38.exe -> Spyware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_90.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall6_98.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\NDNuninstall7_14.exe -> Adware.NewDotNet : Cleaned with backup
C:\WINDOWS\system32\rk.bin -> Spyware.MarketScore : Cleaned with backup
C:\WINDOWS\system32\rk.exe -> Spyware.MarketScore : Cleaned with backup


::Report End

THANKS!
 
Joined
Jul 8, 2002
Messages
14,681
  • Run HijackThis and click Do a system scan only
  • Put a checkmark next to any of the following entries that appear, and click Fix Checked:

    O4 - HKLM\..\RunServices: [virtual] winit.exe
  • Exit HijackThis

Find and delete C:\Windows\system\winit.exe

Restart your computer and let me know if you're still having problems.
Have you already run smitRem?
 

ian80

Thread Starter
Joined
Jul 26, 2002
Messages
292
Okay, fixed it with HJT. However, after doing that, couldn't find the file to delete it; it isn't there.

And yes, I ran smitRem. Everything seems to be running better now. Does everything else look good?

Thanks.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top