Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

Need Serious Help With My HIJACKTHIS Log

Reply

Join Date: Feb 2006
Posts: 3
Reputation: Pythonking is an unknown quantity at this point 
Solved Threads: 0
Pythonking Pythonking is offline Offline
Newbie Poster

Need Serious Help With My HIJACKTHIS Log

 
0
  #1
Feb 3rd, 2006
My fast computer has become slow. Seems like each day I run a virus scan or adware search I find more and more. Here is a copy of my HIJACKTHIS log please help:



Logfile of HijackThis v1.99.1
Scan saved at 6:59:50 PM, on 2/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\system32\LVComsX.exe
C:\cws\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://securityresponse.symantec.com...r/fix_homepage
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Class - {22CE7FFC-05AB-C5AC-0409-B058D6316A5B} - C:\WINNT\system32\syspc32.dll (file missing)
O2 - BHO: Class - {271426F4-5FBE-2534-7CE5-844818D62B60} - C:\WINNT\system32\netbb32.dll (file missing)
O2 - BHO: Class - {44B1AB52-F4A7-CC82-2B53-5515FEC14567} - C:\WINNT\system32\iexk32.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Class - {5D9D7559-D914-CBE3-6283-E15E878CAF82} - C:\WINNT\javaff.dll (file missing)
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: (no name) - {65F13547-D296-4C57-8FE7-8C98FBD8FECB} - C:\WINNT\system32\bdie.dll (file missing)
O2 - BHO: Class - {6804012C-32E2-5657-5E4D-DA53A0138986} - C:\WINNT\system32\ntpu32.dll (file missing)
O2 - BHO: Class - {7E425653-11F8-9375-4508-C72B4089965F} - C:\WINNT\apiuu.dll (file missing)
O2 - BHO: Class - {83E711AF-3375-58B9-1C45-D98174625D04} - C:\WINNT\appit.dll (file missing)
O2 - BHO: Class - {86772A5F-35DA-9E3D-7905-710E57D5FE9F} - C:\WINNT\sysbb.dll (file missing)
O2 - BHO: Class - {9D3F3E33-95CF-B1C6-35F3-447AC2E1760F} - C:\WINNT\system32\d3ig32.dll (file missing)
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Class - {CC6A6F8E-8D6F-6F97-DF97-1DFCA21C2D56} - C:\WINNT\system32\netqe.dll (file missing)
O2 - BHO: Class - {CD7284B3-8EE8-BD60-D1B9-0AE988FE60F0} - C:\WINNT\ntmu32.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINNT\system32\wer5760.dll
O2 - BHO: Class - {D4A9653C-7926-9AD3-0FE0-368F9E39B6EE} - C:\WINNT\system32\sysvb32.dll (file missing)
O2 - BHO: Class - {E94058CC-4A3A-0146-3B83-EDFE14346D33} - C:\WINNT\d3uy32.dll (file missing)
O2 - BHO: Class - {FC933DE0-621E-1983-2277-1A12EE5FF631} - C:\WINNT\winxu32.dll (file missing)
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [addpc32.exe] C:\WINNT\system32\addpc32.exe
O4 - HKLM\..\Run: [sysgg.exe] C:\WINNT\sysgg.exe
O4 - HKLM\..\Run: [addrd32.exe] C:\WINNT\addrd32.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanLeroy A. SingletonIndex.dat] "C:\Program Files\JSSoftware\PrivacyHistoryEraser\CleanLeroy A. Singleton.bat"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\Cosmi\SpyWare Killer Pro\shield\SDShield.exe"
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093695255701
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:\Program Files\Gateway\HelpSpot\StartFirstControl.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:\Program Files\Gateway\HelpSpot\XPLControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{0742CC6C-E9BD-45C3-8083-56DFC7E27A52}: NameServer = 85.255.114.44,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{29F68135-272D-4876-8A8C-938FFD0F7947}: NameServer = 85.255.114.44,85.255.112.95
O17 - HKLM\System\CCS\Services\Tcpip\..\{46C029C5-5951-4257-BB39-90708EFCF3F2}: NameServer = 85.255.114.44,85.255.112.95
O17 - HKLM\System\CS1\Services\Tcpip\..\{0742CC6C-E9BD-45C3-8083-56DFC7E27A52}: NameServer = 85.255.114.44,85.255.112.95
O17 - HKLM\System\CS2\Services\Tcpip\..\{0742CC6C-E9BD-45C3-8083-56DFC7E27A52}: NameServer = 85.255.114.44,85.255.112.95
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Need Serious Help With My HIJACKTHIS Log

 
0
  #2
Feb 3rd, 2006
Hi,
Download CCleaner and install it. Do not run it now!


Download these tools:-
1] KillBox, extract it to a folder.
2] CWShredder
3] AboutBuster and extract it to a folder.


Download and install Ewido Security Suite v3.5. After download, double click on the file to launch the install process. During installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu". Launch ewido by double-clicking the "e" icon on your desktop. The program will prompt you to update - click the "OK" button. On the left side of the main screen, click on "Update" and then click "Start Update". The update will start and a progress bar will show the updates being installed. After the updates are installed, you will see "Update Successful" in the lower left corner.
If you are having problems with the updater, use this link to manually update.
Exit Ewido when done - DO NOT perform a scan yet.


Make Windows to show all files:-
Go to Start > My Computer.
Go to Tools menu, click Folder Options. Uncheck Hide protected operating system files. Then, click to select the option Show hidden files and folders. Click Apply and then click OK to exit.


Reboot in Safe Mode:-
Restart (or switch ON) the PC. Then, keep tapping the F8 Key. From the menu that will be displayed, out of which choose Safe Mode and press Enter.


Run HijackThis and click Do only a System scan.
Then put a check mark infront of below listed entries:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {22CE7FFC-05AB-C5AC-0409-B058D6316A5B} - C:\WINNT\system32\syspc32.dll (file missing)
O2 - BHO: Class - {271426F4-5FBE-2534-7CE5-844818D62B60} - C:\WINNT\system32\netbb32.dll (file missing)
O2 - BHO: Class - {44B1AB52-F4A7-CC82-2B53-5515FEC14567} - C:\WINNT\system32\iexk32.dll (file missing)
O2 - BHO: Class - {5D9D7559-D914-CBE3-6283-E15E878CAF82} - C:\WINNT\javaff.dll (file missing)
O2 - BHO: (no name) - {65F13547-D296-4C57-8FE7-8C98FBD8FECB} - C:\WINNT\system32\bdie.dll (file missing)
O2 - BHO: Class - {6804012C-32E2-5657-5E4D-DA53A0138986} - C:\WINNT\system32\ntpu32.dll (file missing)
O2 - BHO: Class - {7E425653-11F8-9375-4508-C72B4089965F} - C:\WINNT\apiuu.dll (file missing)
O2 - BHO: Class - {83E711AF-3375-58B9-1C45-D98174625D04} - C:\WINNT\appit.dll (file missing)
O2 - BHO: Class - {86772A5F-35DA-9E3D-7905-710E57D5FE9F} - C:\WINNT\sysbb.dll (file missing)
O2 - BHO: Class - {9D3F3E33-95CF-B1C6-35F3-447AC2E1760F} - C:\WINNT\system32\d3ig32.dll (file missing)
O2 - BHO: Class - {CC6A6F8E-8D6F-6F97-DF97-1DFCA21C2D56} - C:\WINNT\system32\netqe.dll (file missing)
O2 - BHO: Class - {CD7284B3-8EE8-BD60-D1B9-0AE988FE60F0} - C:\WINNT\ntmu32.dll
O2 - BHO: Cls - {CF021F40-3E14-23A5-CBA2-717765725760} - C:\WINNT\system32\wer5760.dll
O2 - BHO: Class - {D4A9653C-7926-9AD3-0FE0-368F9E39B6EE} - C:\WINNT\system32\sysvb32.dll (file missing)
O2 - BHO: Class - {E94058CC-4A3A-0146-3B83-EDFE14346D33} - C:\WINNT\d3uy32.dll (file missing)
O2 - BHO: Class - {FC933DE0-621E-1983-2277-1A12EE5FF631} - C:\WINNT\winxu32.dll (file missing)
O4 - HKLM\..\Run: [addpc32.exe] C:\WINNT\system32\addpc32.exe
O4 - HKLM\..\Run: [sysgg.exe] C:\WINNT\sysgg.exe
O4 - HKLM\..\Run: [addrd32.exe] C:\WINNT\addrd32.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O16 - DPF: {02BED220-FBC7-4392-93A2-3A50B056F78E} - http://down.plaxo.com/down/release/instub.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{0742CC6C-E9BD-45C3-8083-56DFC7E27A52}: NameServer = 85.255.114.44,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{29F68135-272D-4876-8A8C-938FFD0F7947}: NameServer = 85.255.114.44,85.255.112.95O17 - HKLM\System\CCS\Services\Tcpip\..\{46C029C5-5951-4257-BB39-90708EFCF3F2}: NameServer = 85.255.114.44,85.255.112.95O17 - HKLM\System\CS1\Services\Tcpip\..\{0742CC6C-E9BD-45C3-8083-56DFC7E27A52}: NameServer = 85.255.114.44,85.255.112.95O17 - HKLM\System\CS2\Services\Tcpip\..\{0742CC6C-E9BD-45C3-8083-56DFC7E27A52}: NameServer = 85.255.114.44,85.255.112.95

Close all other open programs except Hijackthis and click the button Fix Checked in HijackThis.


Run CCleaner, click "Options" button and here go to "Advanced" tab and uncheck the option "Only delete files in Windows Temp folder older than 48 hours". Click OK to exit from the Options. Finally click "Run Cleaner" and click "OK" to continue cleaning.

Run Ewido, click on the "Scanner" button in the left menu, then click on the "Settings", here select the option "Scan every file" and click "OK". Next, click "Complete System Scan" button to start scan. If ewido finds anything, it will pop up a notification. You can select "Clean" and check the boxes "Perform action with all infections" and "Create encrypted backup" before clicking on OK.


Now, run CWShredder and click "Fix". After it completes the process, run AboutBuster and click "Begin Removal".


Next, open KillBox.exe. Check the following box:-

Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.
C:\WINNT\system32\addpc32.exe
C:\WINNT\sysgg.exe
C:\WINNT\addrd32.exe
Then in Killbox click File > Paste from Clipboard.

At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.
Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.

Note: Killbox will let you know if a file does not exist.

[If you have any issues with this method you can copy and paste the lines one at a time into the killbox top box. Then click the "Single File" button. Then click the Red X and for the confirmation message that will appear, you will need to click Yes. A second message will ask to Reboot now? you will need to click No until the last one at which time you click yes to allow the reboot.]


Reboot to Normal Mode. Perform an online virus scan at Kaspersky Online Scanner. Save the log it gives after the scan.

Run HijackThis again, click Do a System scan and save log, and post the fresh log along with the Kaspersky log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 3
Reputation: Pythonking is an unknown quantity at this point 
Solved Threads: 0
Pythonking Pythonking is offline Offline
Newbie Poster

Re: Need Serious Help With My HIJACKTHIS Log

 
0
  #3
Feb 4th, 2006
SwatKat,

I have taken all the steps per instructions provided and I have noticed a marked improvement in my computers overal operations. Below are the final readings form "HIJACKTHIS" and "KASPERSKY (minus the 3000+viruses caught on Symatics-Nortons quarantine list).:"

HIJACKTHIS:

Logfile of HijackThis v1.99.1
Scan saved at 5:09:48 PM, on 2/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\devldr32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\cws\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanLeroy A. SingletonIndex.dat] "C:\Program Files\JSSoftware\PrivacyHistoryEraser\CleanLeroy A. Singleton.bat"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\Cosmi\SpyWare Killer Pro\shield\SDShield.exe"
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093695255701
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:\Program Files\Gateway\HelpSpot\StartFirstControl.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:\Program Files\Gateway\HelpSpot\XPLControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{29F68135-272D-4876-8A8C-938FFD0F7947}: NameServer = 199.45.32.38,199.45.32.43
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe



KASPERSKY:

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, February 04, 2006 17:05:18
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 4/02/2006
Kaspersky Anti-Virus database records: 164165
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 87025
Number of viruses found: 54
Number of infected objects: 3872
Number of suspicious objects: 15
Duration of the scan process: 5293 sec

Infected Object Name - Virus Name

C:\sl-0.hta Infected: Trojan-Dropper.VBS.Inor.cj
C:\stassp.chm/1.htm Infected: Exploit.HTML.CodeBaseExec
C:\stassp.chm/on-line.exe Infected: Trojan.Win32.Small.af
C:\stassp.chm Infected: Trojan.Win32.Small.af
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP1\A0000007.ini:xprxbxDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP1\A0000008.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP1\A0000013.ini:iichxsDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000017.ini:xprxbxDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000018.ini:iichxsDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:cirpksDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:cjqlkiDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:cnzmnpDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:esymunDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:fpukdnDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:hbmrfeDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:houuyzDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:ietnneDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:innyozDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:jtyuwfDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:kbydsmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:nqndpuDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:ntrjxbDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:qchmimDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:slxjzlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:srhmhsDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:tpzfvlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:ugeaakDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:vomrbdDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:wnjjcmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000023.pif:zankasDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000026.ini:gvtlttDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000039.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:cirpksDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:cjqlkiDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:cnzmnpDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:esymunDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:fpukdnDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:hbmrfeDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:houuyzDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:ietnneDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:innyozDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:jtyuwfDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:kbydsmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:nqndpuDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:ntrjxbDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:qchmimDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:slxjzlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:srhmhsDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:tpzfvlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:ugeaakDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:vomrbdDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:wnjjcmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000040.pif:zankasDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000049.ini:gvtlttDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000055.ini:rtmsmzDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000058.ini:yverovDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000073.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000083.ini:rtmsmzDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000084.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:cirpksDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:cjqlkiDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:cnzmnpDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:esymunDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:fjdeyjDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:fpukdnDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:hbmrfeDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:houuyzDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:ietnneDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:innyozDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:jhiohmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:jtyuwfDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:kbydsmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:nqndpuDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:ntrjxbDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:qchmimDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:slxjzlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:srhmhsDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:tpzfvlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:ugeaakDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:vomrbdDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:wnjjcmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000085.pif:zankasDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000088.ini:gvtlttDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP2\A0000089.ini:yverovDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000105.ini:rtmsmzDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000606.ini:xprxbxDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:cirpksDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:cjqlkiDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:cnzmnpDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:esymunDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:fjdeyjDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:fpukdnDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:hbmrfeDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:houuyzDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:ietnneDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:innyozDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:jhiohmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:jtyuwfDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:kbydsmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:nqndpuDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:ntrjxbDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:qchmimDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:slxjzlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:srhmhsDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:tpzfvlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:ugeaakDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:vomrbdDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:wnjjcmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP3\A0000695.pif:zankasDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP4\A0001754.ini:xprxbxDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP4\A0004266.ini:iichxsDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP4\A0004267.ini:gvtlttDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP4\A0004268.ini:yverovDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:cirpksDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:cjqlkiDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:cnzmnpDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:esymunDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:fjdeyjDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:fpukdnDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:hbmrfeDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:houuyzDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:ietnneDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:innyozDATA Infected: Trojan-Downloader.Win32.Agent.td
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:jhiohmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:jtyuwfDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:kbydsmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:nqndpuDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:ntrjxbDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:qchmimDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:slxjzlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:srhmhsDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:tpzfvlDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:ugeaakDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:vomrbdDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:wnjjcmDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006393.pif:zankasDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006398.exe Infected: Trojan-Downloader.Win32.Small.bon
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006630.ini:ulioynDATA Infected: Trojan-Downloader.Win32.Agent.bc
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006631.ini:rtmsmzDATA Infected: Trojan.Win32.Agent.bi
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP6\A0006804.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP7\A0006818.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP7\A0007804.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP7\A0007816.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0007820.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0007834.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008926.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008927.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008928.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008929.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008930.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008931.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008932.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008933.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008934.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008935.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008936.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008937.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008938.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008939.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008940.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008941.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008942.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008943.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008944.dll Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008945.exe Infected: Trojan-Downloader.Win32.Small.cat
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008955.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008959.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008961.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008965.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008976.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008980.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0008989.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0009989.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0009993.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0009997.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0010000.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP8\A0010004.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP9\A0010026.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP9\A0010030.exe Infected: Trojan.Win32.Small.fb
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP9\A0010033.exe Infected: Trojan-Downloader.Win32.Agent.uj
C:\System Volume Information\_restore{E4DAB534-CD7A-413E-9BF3-ACA08D1785D7}\RP9\A0010037.exe Infected: Trojan.Win32.Small.fb
C:\WINNT\system32\dmhkb.exe Infected: Trojan.Win32.Small.fb
C:\WINNT\system32\dmmhe.exe Infected: Trojan.Win32.Small.fb
C:\WINNT\system32\dmncn.exe Infected: Trojan.Win32.Small.fb
C:\WINNT\system32\dmxqn.exe Infected: Trojan.Win32.Small.fb
C:\WINNT\system32\dmxzz.exe Infected: Trojan.Win32.Small.fb

Scan process completed.
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Need Serious Help With My HIJACKTHIS Log

 
0
  #4
Feb 5th, 2006
Hi Pythonking,

Right-click on this link and click "Save Link As" (or "Save Target As") and save the file with the default filename (default name will be IEFix.reg).


Run HijackThis and then select these entries and fix them:-

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R3 - Default URLSearchHook is missing


Now, double-click on the IEFix.reg and click "Yes" to merge it to Registry.


Kaspersky Scan has found few viruses, we have to delete them now.Open KillBox and check the following box:-

Delete on Reboot

Highlight all the entries in the quote box below and then Copy them.
C:\sl-0.hta
C:\stassp.chm
C:\WINNT\system32\dmhkb.exe
C:\WINNT\system32\dmmhe.exe
C:\WINNT\system32\dmncn.exe
C:\WINNT\system32\dmxqn.exe
C:\WINNT\system32\dmxzz.exe
Then in Killbox click File > Paste from Clipboard.

At this point the "All Files" button should be enabled so you can click it. Click the "All Files" button.

Then click the Red X button and for the confirmation message that will appear, you will need to click "Yes". A second message will ask to Reboot now? you will need to click "Yes" to allow the reboot.


Also, there are lots of virus files in the System Restore folder. If you do "System Restore", then they will get back to their original locations. So, its better delete the System Restore points created by Windows XP. To do that, please follow the steps provided here. Once you turn off the System Restore, it deletes all the restore points. After that, you can enable it again.


Run HijackThis and please post a new log.
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Join Date: Feb 2006
Posts: 3
Reputation: Pythonking is an unknown quantity at this point 
Solved Threads: 0
Pythonking Pythonking is offline Offline
Newbie Poster

Re: Need Serious Help With My HIJACKTHIS Log

 
0
  #5
Feb 6th, 2006
Thanks for your assistance. I have made several unsucceful attempts to fix the following in HIJACKTHIS:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =


Inaddition, I have posted the latest HIJACKTHIS file below after completing steps provided.


HIJACKTHIS LOG:

Logfile of HijackThis v1.99.1
Scan saved at 5:20:48 PM, on 2/6/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\Canon\MultiPASS\mpservic.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\Cosmi\SpyWare Killer Pro\shield\SDShield.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\WINNT\system32\msiexec.exe
C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
C:\WINNT\system32\wuauclt.exe
C:\WINNT\system32\devldr32.exe
C:\cws\Hijackthis\HijackThis.exe
C:\Program Files\Messenger\msmsgs.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = localhost:9095
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {60D3AAEB-AA39-4AE0-B2F9-E4AF0613A2A3} - C:\PROGRA~1\Cosmi\SPYWAR~1\pop\ABG_PL~1.DLL
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Common Files\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [CleanLeroy A. SingletonIndex.dat] "C:\Program Files\JSSoftware\PrivacyHistoryEraser\CleanLeroy A. Singleton.bat"
O4 - HKLM\..\RunServices: [RegisterDropHandler] C:\PROGRA~1\CANONC~1\TEXTBR~1\Bin\REGIST~1.EXE
O4 - HKCU\..\Run: [SpyDefender Shield] "C:\Program Files\Cosmi\SpyWare Killer Pro\shield\SDShield.exe"
O8 - Extra context menu item: Look Up in &Encyclopedia - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra 'Tools' menuitem: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM
O9 - Extra button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra 'Tools' menuitem: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.symantec.com/tech...l/LSSupCtl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/S...in/AvSniff.cab
O16 - DPF: {3CC943C7-3C99-11D4-8135-0050041A5144} (RunExeActiveX.UserControl1) - file://C:\Program Files\Gateway\HelpSpot\RunExeActiveX.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.co...?1093695255701
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {99CDFD87-F97A-42E1-9C13-D18220D90AD1} (StartFirstControl.CheckFirst) - file://C:\Program Files\Gateway\HelpSpot\StartFirstControl.CAB
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.symantec.com/tech...l/SymAData.cab
O16 - DPF: {CE37E095-ACFF-4380-A856-A560D389E5E1} (XPLControlProject.XPLControl) - file://C:\Program Files\Gateway\HelpSpot\XPLControl.CAB
O17 - HKLM\System\CCS\Services\Tcpip\..\{29F68135-272D-4876-8A8C-938FFD0F7947}: NameServer = 199.45.32.38,199.45.32.43
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINNT\System32\ImapiRox.exe
O23 - Service: MPService - Canon Information Systems - C:\Program Files\Canon\MultiPASS\mpservic.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Protection Center Service (NSCService) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
Reply With Quote Quick reply to this message  
Join Date: Jul 2005
Posts: 642
Reputation: swatkat is an unknown quantity at this point 
Solved Threads: 50
swatkat's Avatar
swatkat swatkat is offline Offline
Small Town Boy

Re: Need Serious Help With My HIJACKTHIS Log

 
0
  #6
Feb 7th, 2006
Hi,
Log looks clean. That R0 entry is not actually a bad one, and probably its not getting removed because of the background gurad of Antispyware software, which prevent changes in some important Registry area.

To improve system performance, you can run Disk Defragmenter. Its available in Start Menu > All Programs > Accessories > System Tools. Also, you can visit this page, which gives some tips'n'tricks to improve XP's performance.

Do you get any virus alerts from either your AntiVirus or AdAware, during a scan?
"Only two things are infinite, the universe and human stupidity, and I'm not sure about the former."
-Albert Einstein.
Reply With Quote Quick reply to this message  
Reply

Quick Reply to Thread
This thread is more than three months old.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple audio avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker control crosssitescripting cyber cybercrime cyberwarfare domains e-mafia education email europe exam facebook fancheckvirus gaming gtaiv halloween hijack hosting internet iphone kaspersky legal logfiles mail malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC