954,253 Members — Technology Publication meets Social Media
Username:
Password:
Lost login information?
Have something to say? Contribute New Article Reply to this Article
6 Years Ago
0

hjt logs for hacktool.rootkit

Logfile of HijackThis v1.99.1
Scan saved at 20:21:08, on 2006-4-7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Network ICE\BlackICE\blackd.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\acstp\icserv.exe
C:\WINDOWS\system32\acstp\wake_up.exe
C:\oracle\ora92\bin\omtsreco.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\Rundll32.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\RSA Security\Web PassPort\Plug-In\System\sdlss.exe
C:\Program Files\Network ICE\BlackICE\blackice.exe
D:\05 Temp\hijackthis\HijackThis.exe
C:\WINDOWS\system32\acstp\upgragnt.exe

O1 - Hosts: 134.96.33.102 crmud01
O1 - Hosts: 134.96.33.103 crmud02
O1 - Hosts: 134.96.33.105 crmud04
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\04 Other\qqlite_06rc\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Dell Wireless Manager UI] C:\WINDOWS\system32\WLTRAY
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\RSA Security\Web PassPort\Plug-In\system\sdtray.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: RealSecure(r) Desktop Protector.lnk = ?ProgramFiles%\Network ICE\BlackICE\blackice.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O9 - Extra button: Yahoo Assistant - {5D73EE86-05F1-49ed-B850-E423120EC338} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yassist (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra 'Tools' menuitem: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\04 Other\qqlite_06rc\QQ.EXE
O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\04 Other\qqlite_06rc\QQ.EXE
O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\04 Other\qqlite_06rc\QQIEHelper.dll
O9 - Extra 'Tools' menuitem: QQ炫彩工具设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\04 Other\qqlite_06rc\QQIEHelper.dll
O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomsg (file missing)
O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=repair (file missing)
O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=clean (file missing)
O11 - Options group: [!CNS] Chinese keywords
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com/
O15 - Trusted Zone: *.accenture.com
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CF3B659-FA43-436F-92FE-09DAFDF681FF} (Siebel High Interactivity Framework) - http://bpo-4brsr1x-mob.accenture.com/18368/applets/SiebelAx_HI_Client.cab
O16 - DPF: {1416D7C8-8A28-11CF-9236-444553540000} (Infragistics Data Explorer Control) - https://mylearning-lms6.accenture.com/docent/lms/pvxplore8.cab
O16 - DPF: {252D8B73-FEEF-454D-97EB-F6BCF54DE48C} (Siebel High Interactivity Framework) - http://134.96.33.102/ecommunications_chs/18368/applets/SiebelAx_HI_Client.cab
O16 - DPF: {28EE9D9D-1A80-4BFF-B464-0E6B69E26B05} (Printer Class) - http://134.96.37.147:6001/CTZJPGWeb/ocx/printatl.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E07E152B-A291-4701-9C4D-AFD62B2ED430} (ClipboardAccess Class) - https://mylearning-lms6.accenture.com/docent/lms/LMSClipboard.cab
O16 - DPF: {FCEFD5DD-7152-4317-ABC1-16682376EE7A} (dddolsp Class) - http://ddddl.dudu.com/ddd/update/plugin/dddol.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{8163D00F-2B2A-4179-9381-D994345F559F}: NameServer = 202.101.172.35,202.101.172.36
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\blackd.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Gray_Pigeon_Server (GrayPigeonServer) - Unknown owner - C:\WINDOWS\G_Server.exe
O23 - Service: MC/Empower i.collect Service (iCollectService) - Unknown owner - C:\WINDOWS\system32\acstp\icserv.exe
O23 - Service: Accenture Media Viewer (MediaViewer) - - c:\program files\firm applications\media viewer\services\streamviewerservice.exe
O23 - Service: OracleMTSRecoveryService - Oracle Corporation - C:\oracle\ora92\bin\omtsreco.exe
O23 - Service: OracleOraHome92ClientCache - Unknown owner - C:\oracle\ora92\BIN\ONRSD.EXE
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\Network ICE\BlackICE\RapApp.exe
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Dell Wireless WLAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

flyfc
Newbie Poster
5 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 
6 Years Ago
0

Hi, please run HJT again, select Do system scan only and check the following.


O1 - Hosts: 134.96.33.102 crmud01

O1 - Hosts: 134.96.33.103 crmud02

O1 - Hosts: 134.96.33.105 crmud04

O2 - BHO: IE - {D157330A-9EF3-49F8-9A67-4141AC41ADD4} - C:\WINDOWS\DOWNLO~1\CnsHook.dll

O4 - HKLM\..\Run: [CnsMin] Rundll32.exe C:\WINDOWS\DOWNLO~1\CnsMin.dll,Rundll32

O9 - Extra button: QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\04 Other\qqlite_06rc\QQ.EXE

O9 - Extra 'Tools' menuitem: 腾讯QQ - {c95fe080-8f5d-11d2-a20b-00aa003c157b} - D:\04 Other\qqlite_06rc\QQ.EXE

O9 - Extra button: (no name) - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\04 Other\qqlite_06rc\QQIEHelper.dll

O9 - Extra 'Tools' menuitem: QQ炫彩工具设置 - {DEDEB80D-FA35-45d9-9460-4983E5A8AFE6} - D:\04 Other\qqlite_06rc\QQIEHelper.dll

O9 - Extra button: Instant Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - http://cn.zs.yahoo.com/cnsbutton.ht...ns&btn=yahoomsg (file missing)

O9 - Extra button: (no name) - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.ht...=cns&btn=repair (file missing)

O9 - Extra 'Tools' menuitem: Repair Browser - {ECF2E268-F28C-48d2-9AB7-8F69C11CCB71} - http://cn.zs.yahoo.com/cnsbutton.ht...=cns&btn=repair (file missing)

O9 - Extra button: (no name) - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.ht...e=cns&btn=clean (file missing)

O9 - Extra 'Tools' menuitem: Clean Internet access record - {FD00D911-7529-4084-9946-A29F1BDF4FE5} - http://cn.zs.yahoo.com/cnsbutton.ht...e=cns&btn=clean (file missing)

Close all browsers and click Fix Checked

------------------------------------------------------------------------
There are still more infections, but we are going to have the scanners knock them out for us.

Download the Free trial version of Spysweeper

http://www.webroot.com/consumer/pro...&rc=4129&ac=tsg

Update the defintions and run it, let it remove whatever it finds.

Then download ewido

www.ewido.net - Install. Update. Scan. Remove anything it finds.
-------------------------------------------------------------------------
Post new HJT log, and the ewido log

tayspen
<Insert title here>
Team Colleague
1,622 posts since Jul 2005
Reputation Points: 84
Solved Threads: 99
 
6 Years Ago
0

after executing the steps, HJT logs and ewido log are as follow:
Logfile of HijackThis v1.99.1
Scan saved at 18:01:26, on 2006-4-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\CCProxy\CCProxy.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
D:\05 Temp\hijackthis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: QQBrowserHelperObject Class - {54EBD53A-9BC1-480B-966A-843A333CA162} - D:\04 Other\qqlite_06rc\QQIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FlashGet\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: Yahoo 1G mail - {507F9113-CD77-4866-BA92-0E86DA3D0B97} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=yahoomail (file missing)
O9 - Extra button: E bazar - {59BC54A2-56B3-44a0-93E5-432D58746E26} - http://cn.zs.yahoo.com/cnsbutton.htm?source=cns&btn=taobao (file missing)
O14 - IERESET.INF: START_PAGE_URL=https://portal.accenture.com/
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://supportapj.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0CF3B659-FA43-436F-92FE-09DAFDF681FF} (Siebel High Interactivity Framework) - http://bpo-4brsr1x-mob.accenture.com/18368/applets/SiebelAx_HI_Client.cab
O16 - DPF: {1416D7C8-8A28-11CF-9236-444553540000} (Infragistics Data Explorer Control) - https://mylearning-lms6.accenture.com/docent/lms/pvxplore8.cab
O16 - DPF: {252D8B73-FEEF-454D-97EB-F6BCF54DE48C} (Siebel High Interactivity Framework) - http://134.96.33.102/ecommunications_chs/18368/applets/SiebelAx_HI_Client.cab
O16 - DPF: {28EE9D9D-1A80-4BFF-B464-0E6B69E26B05} (Printer Class) - http://134.96.37.147:6001/CTZJPGWeb/ocx/printatl.dll
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E07E152B-A291-4701-9C4D-AFD62B2ED430} (ClipboardAccess Class) - https://mylearning-lms6.accenture.com/docent/lms/LMSClipboard.cab
O16 - DPF: {FCEFD5DD-7152-4317-ABC1-16682376EE7A} (dddolsp Class) - http://ddddl.dudu.com/ddd/update/plugin/dddol.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\Software\..\Telephony: DomainName = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: Domain = accenture.com
O17 - HKLM\System\CS3\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = accenture.com,dir.svc.accenture.com
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe

ewido logs:

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 17:42:08, 2006-4-11
+ Report-Checksum: 56F245F9

+ Scan result:

HKLM\SOFTWARE\3721 -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\Assist\Modules -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\AutoLive\scrblock -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\CnsMinEx -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMin\Variant -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\3721\CnsMinCg -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\AutoLive.Live.1 -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CLSID -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook\CurVer -> Adware.CnsMin : Cleaned with backup
HKLM\SOFTWARE\Classes\CnsMinHK.CnsHook.1 -> Adware.CnsMin : Cleaned with backup
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_0_445900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_0_0_446000.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_1_0_448500.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_1_0_453800.gif -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_814200.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_815600.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\AdCache\B_434_2_0_815900.htm -> Adware.Cydoor : Cleaned with backup
C:\WINDOWS\system32\mmm.dat -> Backdoor.GrayBird.eh : Cleaned with backup
:mozilla.8:D:\Documents and Settings\f.zhu\Application Data\Mozilla\Firefox\Profiles\i9zwi37y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.9:D:\Documents and Settings\f.zhu\Application Data\Mozilla\Firefox\Profiles\i9zwi37y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.10:D:\Documents and Settings\f.zhu\Application Data\Mozilla\Firefox\Profiles\i9zwi37y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.11:D:\Documents and Settings\f.zhu\Application Data\Mozilla\Firefox\Profiles\i9zwi37y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.12:D:\Documents and Settings\f.zhu\Application Data\Mozilla\Firefox\Profiles\i9zwi37y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
:mozilla.17:D:\Documents and Settings\f.zhu\Application Data\Mozilla\Firefox\Profiles\i9zwi37y.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup
D:\Documents and Settings\f.zhu\Cookies\f.zhu@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
D:\Documents and Settings\f.zhu\Cookies\f.zhu@ehg-siebel.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
D:\Documents and Settings\f.zhu\Cookies\f.zhu@hitbox[2].txt -> TrackingCookie.Hitbox : Cleaned with backup
D:\Documents and Settings\f.zhu\Local Settings\Temp\Cookies\f.zhu@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
D:\Documents and Settings\f.zhu\Local Settings\Temp\Cookies\f.zhu@elong.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup


::Report End

flyfc
Newbie Poster
5 posts since Mar 2006
Reputation Points: 10
Solved Threads: 0
 

This question has already been solved

Post: Markdown Syntax: Formatting Help
You
 
© 2012 DaniWeb® LLC
Home | About Us | Contact Us | Terms of Service | Advertising Opportunities
RSS Feed RSS Feed