RSS Forums RSS
Please support our Viruses, Spyware and other Nasties advertiser: 64-bit Windows Community

shopping wizard/ home search assistent

Join Date: May 2005
Posts: 12
Reputation: gctbob is an unknown quantity at this point 
Rep Power: 4
Solved Threads: 0
gctbob gctbob is offline Offline
Newbie Poster

Re: shopping wizard/ home search assistent

  #3  
Jun 2nd, 2005
ok i didn't know that i had to click clean for each file ewido found so i had to stay up a few hours last night while it finished. Here are the two logs that i got.

HiJackThis

Logfile of HijackThis v1.99.1
Scan saved at 8:59:26 AM, on 6/2/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\aaron\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://websearch.drsnsrch.com/sidesearch.cgi?id=
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = websearch.drsnsrch.com/q.cgi?q=
O2 - BHO: Band Class - {01F44A8A-8C97-4325-A378-76E68DC4AB2E} - C:\WINDOWS\systb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O4 - HKLM\..\Run: [rir] C:\WINDOWS\System32\rir.exe
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O15 - Trusted Zone: http://www.neededware.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O23 - Service: Workstation NetLogon Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - C:\WINDOWS\sdksd32.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe

And the Ewido.

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 8:53:15 AM, 6/2/2005
+ Report-Checksum: 52FD7F70

+ Date of database: 6/2/2005
+ Version of scan engine: v3.0

+ Duration: 816 min
+ Scanned Files: 12780
+ Speed: 0.26 Files/Second
+ Infected files: 53
+ Removed files: 53
+ Files put in quarantine: 53
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\

+ Scan result:
C:\WINDOWS\system32\tbaa.dll -> TrojanDownloader.Small -> Cleaned with backup
C:\WINDOWS\system32\winlo.dll -> TrojanDropper.Small.tn -> Cleaned with backup
C:\WINDOWS\system32\apptb.dll -> TrojanDropper.Small.tn -> Cleaned with backup
C:\WINDOWS\system32\nettg.txt -> TrojanDropper.Small.tn -> Cleaned with backup
C:\WINDOWS\system32\sdksd32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\apiom32.exe -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\system32\afgqobk.exe -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\afgqobkndw30103lib.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\rirndw30104lib.dll -> TrojanDownloader.Lastad.h -> Cleaned with backup
C:\WINDOWS\system32\jjqdpr.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\tozozb.dat -> TrojanDropper.Small.tn -> Cleaned with backup
C:\WINDOWS\vxgfgx.dat -> TrojanDropper.Small.tn -> Cleaned with backup
C:\WINDOWS\whmzqa.dat -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\qluhio.txt -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\sqcwhk.dat -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\lqnbbn.dat -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINDOWS\jnexqh.log -> Spyware.SearchPage -> Cleaned with backup
C:\WINDOWS\bnfzxb.log -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINDOWS\jzxwlu.log -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINDOWS\javamz.exe -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINDOWS\ltbqpw.dat -> TrojanDropper.Small.tn -> Cleaned with backup
C:\WINDOWS\nwlncd.dat -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINDOWS\zbezzd.txt -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\WINDOWS\wupdt.exe -> TrojanDownloader.Intexp.c -> Cleaned with backup
C:\WINDOWS\fxdiun.log -> Spyware.SearchPage -> Cleaned with backup
C:\WINDOWS\systb.dll -> Spyware.ImiBar.d -> Cleaned with backup
C:\WINDOWS\tdtb.exe -> Trojan.Imiserv.c -> Cleaned with backup
C:\WINDOWS\cqjijlrbsy.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\xpichk.dat -> TrojanDropper.Small.tn -> Cleaned with backup
C:\WINDOWS\wxiuwr.dat -> Trojan.Agent.bi -> Cleaned with backup
C:\WINDOWS\oxbzqb.dat -> TrojanDownloader.Agent.bq -> Cleaned with backup
C:\Documents and Settings\aaron\Local Settings\Temporary Internet Files\Content.IE5\FPCW4BFF\aurora[1].exe -> Spyware.BetterInternet.c -> Cleaned with backup
C:\Documents and Settings\aaron\Local Settings\Temporary Internet Files\Content.IE5\3210TJFV\Poller[1].exe -> Trojan.Agent.cp -> Cleaned with backup
C:\Documents and Settings\aaron\Local Settings\Temporary Internet Files\Content.IE5\3210TJFV\Nail[1].exe -> Trojan.Nail -> Cleaned with backup
C:\Documents and Settings\aaron\Local Settings\Temporary Internet Files\Content.IE5\96VTT2CE\svcproc[1].exe -> Trojan.Stervis.c -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@mediaplex[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@targetnet[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@servedby.advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@www.myaffiliateprogram[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@z1.adserver[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\aaron\Cookies\aaron@fastclick[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Program Files\AWS\WeatherBug\MiniBugTransporter.dll -> Spyware.Wheaterbug.a -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP49\A0006915.exe -> Spyware.SurfSide -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP53\A0007926.dll -> Spyware.SearchPage -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP53\A0007927.dll -> Spyware.SearchPage -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP53\A0007928.dll -> Spyware.SearchPage -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP53\A0007929.dll -> Spyware.SearchPage -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP54\A0007944.exe -> Trojan.Nail -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP54\A0007945.exe -> Trojan.Stervis.c -> Cleaned with backup
C:\System Volume Information\_restore{62A5F5BC-96B8-4457-B02C-782EBC8F8701}\RP54\A0007946.dll -> Trojan.Agent.db -> Cleaned with backup


::Report End



Thanks for the help, really. I just hate getting this stuff when i dont even use my computer... its other people who come in my room and use it.Grr.
Last edited by DMR : Jun 2nd, 2005 at 3:49 pm.
Reply With Quote  
Forums | Blogs | Tutorials | Code Snippets | Whitepapers | RSS Feeds | Advertising
All times are GMT -4. The time now is 5:17 pm.
Newsletter Archive - Sitemap - Privacy Statement - Acceptable Use Policy - Contact Us
Forum system based on vBulletin Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
©2003 - 2008 DaniWeb® LLC