|
| ||
| NEW Hijackthis log and worries Earlier last week I had post many hijackthis logs, the last one i posted looked good, but, I saved a new log and some new problems have appeared it seems Logfile of HijackThis v1.98.2 Scan saved at 12:48:30 PM, on 9/28/2004 Platform: Windows ME (Win9x 4.90.3000) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\ATLAO32.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\RESTORE\STMGR.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\SYSTEM\WMIEXE.EXE C:\WINDOWS\SYSTEM\DDHELP.EXE C:\WINDOWS\SYSTEM\STIMON.EXE C:\WINDOWS\BOBBY'S FOLDER\HIJACKTHIS\HIJACKTHIS.EXE R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://C:\WINDOWS\tqcyu.dll/sp.html#37049 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = file://C:\WINDOWS\TEMP\sp.html R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = file://C:\WINDOWS\TEMP\sp.html R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = about:blank R3 - Default URLSearchHook is missing O2 - BHO: Class - {D30AC97E-6571-1DC7-4A47-4FD27E4BC8A4} - C:\WINDOWS\SDKZF.DLL O2 - BHO: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: Neo Toolbar - {722E8B26-1C44-460F-88BB-50C82B20E30E} - C:\WINDOWS\SYSTEM\MSQSB.DLL O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\Run: [IEGR32.EXE] C:\WINDOWS\IEGR32.EXE O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [*StateMgr] C:\WINDOWS\System\Restore\StateMgr.exe O4 - HKLM\..\RunServices: [ATLAO32.EXE] C:\WINDOWS\SYSTEM\ATLAO32.EXE O4 - HKCU\..\Run: [AIM] C:\PROGRAM FILES\AIM\aim.exe -cnetwait.odl O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES.DLL O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\PROGRAM FILES\YAHOO!\COMMON\YLOGIN.DLL O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRAM FILES\AIM\AIM.EXE O15 - Trusted Zone: *.05p.com O15 - Trusted Zone: *.searchmiracle.com O15 - Trusted Zone: *.clickspring.net O15 - Trusted Zone: *.blazefind.com O15 - Trusted Zone: *.mt-download.com O15 - Trusted Zone: *.flingstone.com O15 - Trusted Zone: *.slotch.com O15 - Trusted Zone: *.xxxtoolbar.com O15 - Trusted Zone: *.my-internet.info O15 - Trusted Zone: *.scoobidoo.com O15 - Trusted Zone: *.searchbarcash.com O16 - DPF: {D18F962A-3722-4B59-B08D-28BB9EB2281E} (PhotosCtrl Class) - http://photos.yahoo.com/ocx/us/yexplorer1_9us.cab O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/05419fb1...p/RdxIE601.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - http://www.xxxtoolbar.com/ist/softwa...06_regular.cab O18 - Protocol: icoo - {4A8DADD4-5A25-4D41-8599-CB7458766220} - C:\WINDOWS\MSOPT.DLL (file missing) plus in my Windows starter program, which controls what programs start and start-up, I see 2 new things on there, one is ATLAO32.EXE and the other one is IEGR32.EXE |
| ||
| Re: NEW Hijackthis log and worries I failed to mention also when I open internet explorer and type in a web URL, I get an error message "Explorer has caused an error in INETCPL.CPL Explorer will now close. Furthermore, when I switch to full screen mode in IE (F11) Then when I go back to normal screen, I get this warning message "Load Skin::Ã?åèçâåñòÃîå èñêëþ÷åÃèå!" |
| ||
| Re: NEW Hijackthis log and worries Today, I rebooted the computer and I ran Ad-Aware Personal and I did a scan. Below is the log. Ad-Aware SE Build 1.05 Logfile Created on:Wednesday, September 29, 2004 2:37:44 PM Created with Ad-Aware SE Personal, free for private use. Using definitions file:SE1R10 28.09.2004 »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» References detected during the scan: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 180Solutions(TAC index:8):1 total references 404search(TAC index:5):4 total references BargainBuddy(TAC index:8):2 total references BlazeFind(TAC index:5):1 total references BookedSpace(TAC index:10):1 total references CoolWebSearch(TAC index:10):85 total references DealHelper(TAC index:7):3 total references istbar(TAC index:6):2 total references MRU List(TAC index:0):1 total references Tracking Cookie(TAC index:3):2 total references VX2(TAC index:10):2 total references win32.winshow(TAC index:7):4 total references »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Ad-Aware SE Settings =========================== Set : Search for negligible risk entries Set : Safe mode (always request confirmation) Set : Scan active processes Set : Scan registry Set : Deep-scan registry Set : Scan my IE Favorites for banned URLs Set : Scan within archives Set : Scan my Hosts file Extended Ad-Aware SE Settings =========================== Set : Unload recognized processes & modules during scan Set : Scan registry for all users instead of current user only Set : Always try to unload modules before deletion Set : Let Windows remove files in use at next reboot Set : Delete quarantined objects after restoring Set : Include basic Ad-Aware settings in log file Set : Include additional Ad-Aware settings in log file Set : Include reference summary in log file Set : Include alternate data stream details in log file Set : Play sound at scan completion if scan locates critical objects 9-29-2004 2:37:44 PM - Scan started. (Full System Scan) MRU List Object Recognized! Location: : software\microsoft\directdraw\mostrecentapplication Description : most recent application to use microsoft directdraw Listing running processes »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» #:1 [KERNEL32.DLL] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4293900415 Threads : 4 Priority : High FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : Win32 Kernel core component InternalName : KERNEL32 LegalCopyright : Copyright (C) Microsoft Corp. 1991-2000 OriginalFilename : KERNEL32.DLL #:2 [MSGSRV32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294966943 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : Windows 32-bit VxD Message Server InternalName : MSGSRV32 LegalCopyright : Copyright (C) Microsoft Corp. 1992-1998 OriginalFilename : MSGSRV32.EXE #:3 [SPOOL32.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294964967 Threads : 4 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : Spooler Sub System Process InternalName : spool32 LegalCopyright : Copyright (C) Microsoft Corp. 1994 - 1998 OriginalFilename : spool32.exe #:4 [MPREXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294862547 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WIN32 Network Interface Service Process InternalName : MPREXE LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : MPREXE.EXE #:5 [LEXBCES.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294876371 Threads : 6 Priority : Normal FileVersion : 5,12,00,00 ProductVersion : 5,12,00,00 ProductName : MarkVision for Windows (32 bit) CompanyName : Lexmark International, Inc. FileDescription : LexBce Service InternalName : LexBce Service LegalCopyright : (C) 1993 - 2000 Lexmark International, Inc. OriginalFilename : LexBceS.exe #:6 [RPCSS.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294888115 Threads : 5 Priority : Normal FileVersion : 4.71.3328 ProductVersion : 4.71.3328 ProductName : Microsoft(R) Windows NT(TM) Operating System CompanyName : Microsoft Corporation FileDescription : Distributed COM Services InternalName : rpcss.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1998 OriginalFilename : rpcss.exe #:7 [STMGR.EXE] FilePath : C:\WINDOWS\SYSTEM\RESTORE\ ProcessID : 4294796151 Threads : 5 Priority : Normal FileVersion : 4.90.0.2533 ProductVersion : 4.90.0.2533 ProductName : Microsoft (r) PCHealth CompanyName : Microsoft Corporation FileDescription : Microsoft (R) PC State Manager InternalName : StateMgr.exe LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : StateMgr.exe #:8 [mmtask.tsk] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294823963 Threads : 1 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft Windows CompanyName : Microsoft Corporation FileDescription : Multimedia background task support module InternalName : mmtask.tsk LegalCopyright : Copyright © Microsoft Corp. 1991-2000 OriginalFilename : mmtask.tsk #:9 [EXPLORER.EXE] FilePath : C:\WINDOWS\ ProcessID : 4294721207 Threads : 19 Priority : Normal FileVersion : 5.50.4134.100 ProductVersion : 5.50.4134.100 ProductName : Microsoft(R) Windows (R) 2000 Operating System CompanyName : Microsoft Corporation FileDescription : Windows Explorer InternalName : explorer LegalCopyright : Copyright (C) Microsoft Corp. 1981-2000 OriginalFilename : EXPLORER.EXE #:10 [SYSTRAY.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294760487 Threads : 2 Priority : Normal FileVersion : 4.90.3000 ProductVersion : 4.90.3000 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : System Tray Applet InternalName : SYSTRAY LegalCopyright : Copyright (C) Microsoft Corp. 1993-2000 OriginalFilename : SYSTRAY.EXE #:11 [WMIEXE.EXE] FilePath : C:\WINDOWS\SYSTEM\ ProcessID : 4294644355 Threads : 3 Priority : Normal FileVersion : 4.90.2452.1 ProductVersion : 4.90.2452.1 ProductName : Microsoft(R) Windows(R) Millennium Operating System CompanyName : Microsoft Corporation FileDescription : WMI service exe housing InternalName : wmiexe LegalCopyright : Copyright (C) Microsoft Corp. 1981-1999 OriginalFilename : wmiexe.exe #:12 [AD-AWARE.EXE] FilePath : C:\PROGRAM FILES\LAVASOFT\AD-AWARE SE PERSONAL\ ProcessID : 4294811815 Threads : 2 Priority : Normal FileVersion : 6.2.0.206 ProductVersion : VI.Second Edition ProductName : Lavasoft Ad-Aware SE CompanyName : Lavasoft Sweden FileDescription : Ad-Aware SE Core application InternalName : Ad-Aware.exe LegalCopyright : Copyright © Lavasoft Sweden OriginalFilename : Ad-Aware.exe Comments : All Rights Reserved Memory scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 1 Started registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» 404search Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : searchbar.searchband.1 404search Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : searchbar.searchband.1 Value : 404search Object Recognized! Type : Regkey Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : searchbar.searchband 404search Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CLASSES_ROOT Object : searchbar.searchband Value : Registry Scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 5 Started deep registry scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Deep registry scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 5 Started Tracking Cookie scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : default@serving-sys[2].txt Category : Data Miner Comment : Hits:4 Value : Cookie:default@serving-sys.com/ Expires : 1-1-2038 4:00:00 AM LastSync : Hits:4 UseCount : 0 Hits : 4 Tracking cookie scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 1 Objects found so far: 6 Deep scanning and examining files (c:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Tracking Cookie Object Recognized! Type : IECache Entry Data : default@serving-sys[2].txt Category : Data Miner Comment : Value : c:\WINDOWS\Cookies\default@serving-sys[2].txt CoolWebSearch Object Recognized! Type : File Data : A0005108.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005109.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ BargainBuddy Object Recognized! Type : File Data : A0005110.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1, 0, 0, 4 ProductVersion : 1, 0, 0, 4 ProductName : Download Module CompanyName : eXact Advertising FileDescription : Download Module InternalName : Download Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exdl.exe CoolWebSearch Object Recognized! Type : File Data : A0005111.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005112.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ BargainBuddy Object Recognized! Type : File Data : A0005113.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Upload Module CompanyName : eXact Advertising FileDescription : Upload Module InternalName : Upload Utility LegalCopyright : Copyright © 2003, 2004. eXact Advertising, LLC. All Rights Reserved. OriginalFilename : exul.exe CoolWebSearch Object Recognized! Type : File Data : A0005114.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005115.CPY Category : Malware Comment : CWS.FullSearch Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005116.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005117.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005118.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005119.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005120.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005121.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005122.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005123.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005124.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005125.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005126.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005127.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005128.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005129.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005130.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005131.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005132.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005133.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005134.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005135.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005136.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005137.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005138.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005139.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005140.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005141.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005142.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005143.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005144.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005145.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005146.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005147.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005148.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ VX2 Object Recognized! Type : File Data : A0005149.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 0, 1, 4, 30 ProductVersion : 0, 1, 4, 30 ProductName : twaintec CompanyName : Twaintec FileDescription : www.twain-tech.com InternalName : twaintec LegalCopyright : Copyright © 2003 OriginalFilename : twaintec.dll Comments : www.Twain-Tech.com istbar Object Recognized! Type : File Data : A0005150.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : I5Tactivex Module FileDescription : 15Tactivex Module InternalName : 15Tactive_x LegalCopyright : Copyright 2003 OriginalFilename : I5Tact1vex.DLL BookedSpace Object Recognized! Type : File Data : A0005151.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1.0.0.1 ProductVersion : 1.0.0.1 ProductName : TODO: <Product name> CompanyName : TODO: <Company name> FileDescription : TODO: <File description> InternalName : BookedSpace.dll LegalCopyright : TODO: (c) <Company name>. All rights reserved. OriginalFilename : BookedSpace.dll istbar Object Recognized! Type : File Data : A0005152.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1, 0, 0, 2 ProductVersion : 1, 0, 0, 2 ProductName : I5Tactivex Module FileDescription : 15Tactivex Module InternalName : 15Tactive_x LegalCopyright : Copyright 2003 OriginalFilename : I5Tact1vex.DLL CoolWebSearch Object Recognized! Type : File Data : A0005153.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ VX2 Object Recognized! Type : File Data : A0005154.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1, 0, 0, 1 ProductVersion : 1, 0, 0, 1 ProductName : Calling Home CompanyName : callinghome.biz FileDescription : Installation utility for www.callinghome.biz InternalName : Calling Home LegalCopyright : callinghome.biz © 2004 OriginalFilename : Caller.exe CoolWebSearch Object Recognized! Type : File Data : A0005155.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ BlazeFind Object Recognized! Type : File Data : A0005156.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1.0.0.15 ProductVersion : 1.0.0.0 CompanyName : Kalptaru Infotech Ltd. win32.winshow Object Recognized! Type : File Data : A0005157.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005158.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005159.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005160.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005161.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005162.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005163.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005164.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005165.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005166.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005167.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005168.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005169.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005170.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005171.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005172.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005173.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005174.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005175.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005176.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005177.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005178.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005179.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005180.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005181.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005182.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005183.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005184.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005185.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005186.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005187.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005188.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005189.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005190.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005191.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005192.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005193.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005194.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005195.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005196.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005197.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ 180Solutions Object Recognized! Type : File Data : A0005198.CPY Category : Data Miner Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005199.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005200.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ DealHelper Object Recognized! Type : File Data : A0005201.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ FileVersion : 1, 0, 0, 5 ProductVersion : 1, 0, 0, 5 ProductName : DealHelper Application FileDescription : DealHelper InternalName : DealHelper LegalCopyright : Copyright (C) 2003 OriginalFilename : DealHelper.EXE CoolWebSearch Object Recognized! Type : File Data : A0005202.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ CoolWebSearch Object Recognized! Type : File Data : A0005203.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ win32.winshow Object Recognized! Type : File Data : A0005204.CPY Category : Malware Comment : Object : c:\_RESTORE\TEMP\ Disk Scan Result for c:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 104 Deep scanning and examining files (d:) »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Disk Scan Result for d:\ »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 0 Objects found so far: 104 Performing conditional scans... »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» win32.winshow Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_CURRENT_USER Object : software\microsoft\windows\currentversion\internet settings Value : Trust Warning Level win32.winshow Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_USERS Object : .default\software\microsoft\windows\currentversion\internet settings Value : Trust Warning Level DealHelper Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\shareddlls Value : C:\WINDOWS\dhbrwsr.exe DealHelper Object Recognized! Type : RegValue Data : Category : Malware Comment : Rootkey : HKEY_LOCAL_MACHINE Object : software\microsoft\windows\currentversion\shareddlls Value : C:\WINDOWS\dhsvr.exe Conditional scan result: »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» New critical objects: 4 Objects found so far: 108 2:42:47 PM Scan Complete Summary Of This Scan »»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»» Total scanning time:00:05:02.530 Objects scanned:56783 Objects identified:107 Objects ignored:0 New critical objects:107 Now, when i went to delete these files, a pop up came up saying the following files could not be removed and there are too many files to list but I believe all of the files on the list came from C:\_RESTORE\TEMP\... but i'm not 100% sure of that. IE is still having the problems I stated in the last post. |
| ||
| Re: NEW Hijackthis log and worries Hi There, Not that I personally would have a clue about how to deal with this, but I had a similar problem, and managed to find the following advice on how to 'flush' the Restore directory (and thus get rid of the file in question). See http://forums.wugnet.com/-_RESTORE-T...ict192182.html I followed the advice from this link AFTER disinfecting all the rest of the junk on the PC with Ad-Aware, and the computer now seems to be all sparkly clean. Cheers, D-Bug. |
| ||
| Re: ARGHHHHH MY DESKTOP HAS BEEN HACKED Logfile of HijackThis v1.99.1 Scan saved at 07:59:55 a.m., on 26/05/2005 Platform: Windows XP (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 (6.00.2600.0000) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\windows\system32\qttask.exe D:\Archivos de programa\Alcatel\SpeedTouch USB\Dragdiag.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe D:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe C:\WINDOWS\System32\ctfmon.exe D:\Archivos de programa\Microsoft AntiSpyware\gcasDtServ.exe C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe D:\Archivos de programa\Creative\MediaSource\Detector\CTDetect.exe D:\Archivos de programa\System Mechanic 4 Professional\PopupStopper.exe D:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe C:\WINDOWS\System32\CTsvcCDA.EXE C:\Archivos de programa\Archivos comunes\Microsoft Shared\VS7Debug\mdm.exe C:\Archivos de programa\Norton AntiVirus\navapsvc.exe C:\WINDOWS\System32\nvsvc32.exe C:\Archivos de programa\Norton AntiVirus\SAVScan.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\System32\wuauclt.exe C:\Archivos de programa\Internet Explorer\iexplore.exe C:\Documents and Settings\Rodrigo Llaguno\Escritorio\hijactis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://myspace.com/girlsdigscars R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = VÃnculos R3 - Default URLSearchHook is missing O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Archivos de programa\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O2 - BHO: Web assistant - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Archivos de programa\Norton AntiVirus\NavShExt.dll O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx O3 - Toolbar: Web assistant - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Archivos de programa\Archivos comunes\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [QuickTime Task] C:\windows\system32\qttask.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "d:\Archivos de programa\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [ccApp] "C:\Archivos de programa\Archivos comunes\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\ARCHIV~1\SYMNET~1\SNDMon.exe /Consumer O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\UsrPrmpt.exe O4 - HKLM\..\Run: [HP Software Update] "D:\Archivos de programa\HP\HP Software Update\HPWuSchd.exe" O4 - HKLM\..\Run: [HP Component Manager] "C:\Archivos de programa\HP\hpcoretech\hpcmpmgr.exe" O4 - HKLM\..\Run: [gcasServ] "D:\Archivos de programa\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [CloneCDTray] "D:\Archivos de programa\SlySoft\CloneCD\CloneCDTray.exe" /s O4 - HKLM\..\Run: [Error Nuker] D:\Archivos de programa\Error Nuker\bin\ErrorNuker.exe autostart O4 - HKLM\..\RunServices: [Windows Compliant] winole.exe O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe O4 - HKCU\..\Run: [MsnMsgr] "C:\Archivos de programa\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Creative Detector] D:\Archivos de programa\Creative\MediaSource\Detector\CTDetect.exe /R O4 - HKCU\..\Run: [System Mechanic Popup Stopper] "D:\Archivos de programa\System Mechanic 4 Professional\PopupStopper.exe" O4 - Global Startup: Microsoft Office.lnk = D:\Archivos de programa\Microsoft Office\Office10\OSA.EXE O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Archivos de programa\HP\Digital Imaging\bin\hpqtra08.exe O8 - Extra context menu item: E&xportar a Microsoft Excel - res://D:\ARCHIV~1\MICROS~1\Office10\EXCEL.EXE/3000 O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll O12 - Plugin for .spop: C:\Archivos de programa\Internet Explorer\Plugins\NPDocBox.dll O14 - IERESET.INF: START_PAGE_URL=http://www.sony.com/vaiopeople O15 - Trusted IP range: 67.19.178.84 O15 - Trusted IP range: 67.19.178.84 (HKLM) O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {15589FA1-C456-11CE-BF01-000000000000} - http://www.errornuker.com/products/e...rInstaller.exe O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?link...67&clcid=0x409 O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab O16 - DPF: {6C6A77C7-B4CC-4792-BB9D-5B50A211F69E} (ProductInformation Control) - http://www.iolo.com/app/ocx/ProductInformation.ocx O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (Control HouseCall) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab32846.cab O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.apple.com.edgesuite...ITDetector.cab O17 - HKLM\System\CCS\Services\Tcpip\..\{B33152D8-04D6-44C1-9BAB-A3C03C5070E1}: NameServer = 200.33.146.194 200.33.146.202 O21 - SSODL: SystemCheck2 - {54645654-2225-4455-44A1-9F4543D34545} - C:\WINDOWS\System32\vbsys2.dll O21 - SSODL: System - {EF4D11C7-D475-4CEF-8FD0-FCEDEF67AF83} - vr_sys.dll (file missing) O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccProxy.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\ccSetMgr.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE O23 - Service: Servicio Auto-Protect de Norton AntiVirus (navapsvc) - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\navapsvc.exe O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe O23 - Service: SAVScan - Symantec Corporation - C:\Archivos de programa\Norton AntiVirus\SAVScan.exe O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\ARCHIV~1\ARCHIV~1\SYMANT~1\SCRIPT~1\SBServ.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\SNDSrvc.exe O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Archivos de programa\Archivos comunes\Sony Shared\AVLib\SPTISRV.exe O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Archivos de programa\Archivos comunes\Symantec Shared\Security Center\SymWSC.exe WHAT CAN I FIX?? |
| All times are GMT -4. The time now is 4:19 am. |
Forum system based on vBulletin Copyright ©2000 - 2009, Jelsoft Enterprises Ltd.
©2003 - 2009 DaniWeb® LLC