my hijackthis and ewido logs

Question

grungetta 0 Newbie Poster

18 Years Ago

hi,

not that i wana be introduced as whom, but, i'm the fool who posted my first hijackthis log to the Community Introductions forum, ironically. now that i'm in the correct place, and after carrying out the tasks as advised by tayspen (thank you kindly), can you pls take a look at the attached logs. btw, ewido is schmick - i like!

windows-virus

hijackthis.txt (4.34 KB)

Logfile of HijackThis v1.99.1
Scan saved at 1:47:25 AM, on 25/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\inst\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106143609765
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Scan_report_20060425.txt_.txt (21.71 KB)

The attachment preview is chopped off after the first 10 KB. Please download the entire file.

---------------------------------------------------------

 ewido anti-malware - Scan report

---------------------------------------------------------



 + Created on:			1:46:21 AM, 25/04/2006

 + Report-Checksum:		2F334626



 + Scan result:



	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Bargain Buddy -> Adware.BargainBuddy : Cleaned without backup

	HKU\S-1-5-21-448539723-1644491937-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{21B4ACC4-8874-4AEC-AEAC-F567A249B4D4} -> Adware.ZangoSearch : Cleaned without backup

	:mozilla.6:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned without backup

	:mozilla.21:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned without backup

	:mozilla.34:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned without backup

	:mozilla.37:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup

	:mozilla.38:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup

	:mozilla.39:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup

	:mozilla.40:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup

	:mozilla.41:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup

	:mozilla.42:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned without backup

	:mozilla.43:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Myaffiliateprogram : Cleaned without backup

	:mozilla.57:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup

	:mozilla.58:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup

	:mozilla.59:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned without backup

	:mozilla.62:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup

	:mozilla.66:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Com : Cleaned without backup

	:mozilla.73:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned without backup

	:mozilla.74:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Revenue : Cleaned without backup

	:mozilla.76:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.77:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.78:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.82:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.85:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.86:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.88:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.91:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned without backup

	:mozilla.99:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned without backup

	:mozilla.100:C:\Documents and Settings\Huey\Application Data\Mozilla\Firefox\Profiles\plw31x0u.default\cookies.txt -> TrackingCookie.Zedo : Cleaned wit

3 Contributors
6 Replies
202 Views
2 Days Discussion Span
Latest Post 17 Years Ago Latest Post by 'Stein

All 6 Replies

tayspen 28 <Insert title here>

18 Years Ago

Hi again :). Nothing looks to bad in your log, if you don't know what Mail.Com is I would Uninstall that.

Begin by downloading CCLeaner , and specifically choosing the most recent version.

Then, follow these steps:

1. Close all programs so that you are at your desktop.
2. Double-click on the "My Computer" icon.
3. Select the "Tools" menu and click "Folder Options".
4. After the new window appears select the "View" tab.
5. Place a checkmark in the checkbox labeled "Display the contents of system folders".
6. Under the "Hidden files and folders" section select the radio button labeled "Show hidden files and folders".
7. Remove the checkmark from the checkbox labeled "Hide file extensions for known file types".
8. Remove the checkmark from the checkbox labeled "Hide protected operating system files".
9. Press the "Apply" button and then the "OK" button.
10. Now your computer is configured to show all hidden files.

Now, install the program. Open it, and choose the 'Options' tab. Inside, hit the 'Custom' tab, and add the following folders (Note: Not all of these files are on every computer. If one of these isn't present, skip it):

C:\Windows\Temp
C:\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temp
C:\Documents and Settings\<Every user listed>\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\<Every user listed>\History
C:\Documents and Settings\<Every user listed>\Cookies
C:\Windows\Prefetch

After doing this, move back to the 'Cleaner' tab, and inside this, be sure your open to the 'Windows' tab. Inside, check the box labeled 'Custom Files and Folders'.

Next, after following all of these steps, you're ready to scan. Run scans in both the 'Cleaner' and 'Issues'. Note: It might take several scans in each to remove all of the junk.

Then please post a new log. And a new ewido log.

Thanks jhay116 for the CCLeaner, type out, I hope you don't mind I used, I didn't want to re type it :)

'Stein 150 Lapsed Skeptic

18 Years Ago

Haha no worries, use ahead. If ya want, post back and ill send ya some other canned msgs. i use (Spyaxe fix, L2me Fix, Vundofix, Nail fix, resetting system restore, reinstalling IE, etc...)

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

grungetta 0 Newbie Poster · Answer 1 · 2006-04-25T15:53:50+00:00

just sometimes, my browser closes and i get that msg asking me if i wana send an error report. could this hav anything to do with the fact i hav netscape, IE, and mozilla installed??? other than this, things are running pretty well so far. thx again.

tayspen 28 <Insert title here> Team Colleague · Answer 2 · 2006-04-25T17:02:01+00:00

Please post a new log, so we can ensure your clean.

Thanks jhay116 I have a few of my own , I just didn't havCCleaner ;).

grungetta 0 Newbie Poster · Answer 3 · 2006-04-26T21:02:41+00:00

grungetta 0 Newbie Poster

18 Years Ago

here they are, wot do ya thk? and how come everytime i remove critical objects, there's still more to be found the next time i scan?

hijackthis.txt (4.34 KB)

Logfile of HijackThis v1.99.1
Scan saved at 1:09:25 AM, on 27/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\OptusNet DSL Internet\DSC.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\mail.com\mcalert.exe
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\inst\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [Desktop Service Centre] C:\Program Files\OptusNet DSL Internet\DSC.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Mail.com] C:\Program Files\mail.com\mcalert.exe -auto
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O9 - Extra 'Tools' menuitem: Edit with XML Spy - {2222EF56-F49E-4d07-A14E-8D2B08766958} - C:\Program Files\Altova\xmlspy\spy.htm (HKCU)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1106143609765
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

Scan_report_20060427.txt_.txt (1.96 KB)

---------------------------------------------------------

 ewido anti-malware - Scan report

---------------------------------------------------------



 + Created on:			1:09:04 AM, 27/04/2006

 + Report-Checksum:		B64FAC02



 + Scan result:



	:mozilla.9:C:\Documents and Settings\Huey\Application Data\Netscape\NSB\Profiles\3juxdqoy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup

	:mozilla.10:C:\Documents and Settings\Huey\Application Data\Netscape\NSB\Profiles\3juxdqoy.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned without backup

	:mozilla.11:C:\Documents and Settings\Huey\Application Data\Netscape\NSB\Profiles\3juxdqoy.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned without backup

	C:\Documents and Settings\Huey\Cookies\huey@fastclick[2].txt -> TrackingCookie.Fastclick : Cleaned without backup

	C:\Documents and Settings\Huey\Cookies\huey@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned without backup





::Report End

'Stein 150 Lapsed Skeptic Team Colleague · Answer 4 · 2006-04-27T09:44:19+00:00

Yep, all clean.

The critical objects thing--generally, it classifies 'cookies' as critical objects, so oftentimes this is why they occur so frequently.

If ya could mark the thread as solved, it'd be incredible.

Thanks.

my hijackthis and ewido logs

Recommended Answers Collapse Answers

All 6 Replies

Recommended Answers