branding

Navigation



You are not logged in.
Login | New user registration 		Main Index | Search | Active Topics | Who's Online | FAQ / HELP

Security >> HijackThis logs help and analysis
Previous topic Previous   View all topics Index   Next topic Next   Threaded Mode Threaded  

 |  Print Topic
Jump to first unread post. Pages: 1
lindtjorn
new user


Reg'd: Wed
Posts: 4
hijack this
      #205717 - Wed Jul 06 2005 09:59 PM
Reply to this post Reply   Reply to this post Quote  

Logfile of HijackThis v1.99.1
Scan saved at 7:29:09 PM, on 7/6/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Norman\bin\ZLH.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\system32\poker3.exe
C:\Program Files\Internet Optimizer\optimize.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\WINDOWS\system32\poker3.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Norman\Nvc\BIN\NVCOD.EXE
C:\Program Files\Opera\Opera.exe
C:\Documents and Settings\Olav\434.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
c:\windows\system32\xeprbv.exe
C:\Documents and Settings\Olav\434.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Documents and Settings\Olav\434.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C:\Program Files\MyWay\myBar\1.bin\MYBAR.DLL (file missing)
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Media Access] C:\Program Files\Media Access\MediaAccK.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [ulhcgb] c:\windows\system32\xeprbv.exe r
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OUTLOO~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/177da021373047dc6418/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094409154834
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 31987
Loc: belfast
Re: hijack this [Re: lindtjorn]
      #205972 - Thu Jul 07 2005 07:08 PM
Reply to this post Reply   Reply to this post Quote  

Welcome to the Webuser forum.

Please download the trial version of Ewido Security Suite from
here. Install it and
update the program with the latest definitions. Setup the program
following the instructions here and then close it without running a scan.

Reboot into Safe Mode

Then please run Ewido security suite, and perform a full system scan.
Remove anything found, and save the logfile from the scan,

then reboot normally, and post a new HJT log, and the scan log from Ewido.

IF YOU FEEL I HAVE BEEN A HELP TO YOU, PLEASE CONSIDER MAKING A DONATION <<< click here

"If i had known i was going to live this long, i would have taken better care of myself"

Post Extras: Print Post   Remind Me!   Notify Moderator  
lindtjorn
new user


Reg'd: Wed
Posts: 4
Re: hijack this [Re: bricat]
      #206357 - Fri Jul 08 2005 10:00 PM
Reply to this post Reply   Reply to this post Quote  

I havve followed your guidlines. Found 105 infected files. Here are the logs:

The ewido report:

--------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:42:15 PM, 7/8/2005
+ Report-Checksum: E508BA70

+ Scan result:

HKLM\SOFTWARE\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Avenue Media\Internet Optimizer\Browser Helper\cf1 -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Bargains -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM25.ADM25\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4 -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ADM4.ADM4\CurVer -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\adm.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\AppID\Altnet Signing Module.EXE -> Spyware.Altnet : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CLSID -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\ClientAX.ClientInstaller\CurVer -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{014DA6C9-189F-421a-88CD-07CFE51CFF10} -> Spyware.MySearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{0494D0D9-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{DC341F1B-EC77-47BE-8F58-96E83861CC5A} -> Spyware.HotBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{0E704BA4-C517-4BE7-A1CD-C3FFDA1E1FFE} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{2B0ECEAC-F597-4858-A542-D966B49055B9} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{31CA5C07-7F5F-4502-8C77-99A91558ADD0} -> Spyware.TX4 : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{DDEA2E1D-8555-45E5-AF09-EC9AA4EA27AD} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CLSID -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaAccess.Installer\CurVer -> Spyware.WinAd : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CLSID -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TestContentMatchControl1.ContentMatchTag\CurVer -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{223A26D8-9F91-42F6-8ED3-094B637DE020} -> Spyware.TX4 : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{5B6689B5-C2D4-4DC7-BFD1-24AC17E5FCDA} -> Spyware.180Solutions : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{E9A5B71C-093B-4F34-AF07-34FCA89BA0DF} -> Spyware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\eXactUtil -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00D6A7E7-4A97-456f-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0494D0D1-F8E0-41ad-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BargainBuddy -> Spyware.BargainBuddy : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\CashBack -> Spyware.CashBack : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DyFuCA -> Spyware.MoneyTree : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Internet Optimizer -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kapabout -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SideFind -> Spyware.SideFind : Cleaned with backup
HKLM\SOFTWARE\NaviSearch -> Spyware.NaviSearch : Cleaned with backup
HKLM\SOFTWARE\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKLM\SOFTWARE\SideFind -> Spyware.SideFind : Cleaned with backup
HKU\S-1-5-21-1935655697-261478967-725345543-1003\Software\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1935655697-261478967-725345543-1003\Software\IST -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-1935655697-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00D6A7E7-4A97-456F-848A-3B75BF7554D7} -> Spyware.KeenValue : Cleaned with backup
HKU\S-1-5-21-1935655697-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D1-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1935655697-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0494D0D9-F8E0-41AD-92A3-14154ECE70AC} -> Spyware.MyWay : Cleaned with backup
HKU\S-1-5-21-1935655697-261478967-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Policies\AMeOpt -> Spyware.InternetOptimizer : Cleaned with backup
HKU\S-1-5-21-1935655697-261478967-725345543-1003\Software\Policies\Avenue Media -> Spyware.InternetOptimizer : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@bluestreak[1].txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@servedby.advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@www.shopathomeselect[2].txt -> Spyware.Cookie.Shopathomeselect : Cleaned with backup
C:\Documents and Settings\Anna\Cookies\anna@xxxtoolbar[2].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Anna\index.exe/5.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\Documents and Settings\Anna\index.exe/10.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@doubleclick[2].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temp\Cookies\anna@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.kn : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temp\RarSFX2\10.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temp\RarSFX2\5.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\Content.IE5\2REFEX6N\index[1].jpg/5.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\Content.IE5\2REFEX6N\index[1].jpg/10.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Anna\Local Settings\Temporary Internet Files\Content.IE5\BRL3F1W8\istdownload[1].exe -> TrojanDownloader.IstBar.kn : Cleaned with backup
C:\Documents and Settings\Anna\My Documents\groovylozzer@hotmail.com/2.exe -> Worm.Prex.i : Cleaned with backup
C:\Documents and Settings\Anna\My Documents\My Received Files\ova funny picture(1).exe -> Trojan.VB.mc : Cleaned with backup
C:\Documents and Settings\Maarten\Cookies\maarten@atdmt[1].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Olav\10sex.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Olav\Cookies\olav@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Olav\Cookies\olav@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Olav\Cookies\olav@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\Olav\Cookies\olav@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Olav\Cookies\olav@xxxtoolbar[2].txt -> Spyware.Cookie.Xxxtoolbar : Cleaned with backup
C:\Documents and Settings\Olav\index.exe/5.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\Documents and Settings\Olav\index.exe/10.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temp\CC.tmp\thnall1ac.exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temp\jfgudk.exe -> TrojanDownloader.IstBar.kn : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\CLYV8LIV\10[1].exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\CLYV8LIV\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\CP6J81UR\optimize[1].exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\CP6J81UR\Poller[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\HGKJ594P\abiuninst[1].exe -> Adware.BetterInternet : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\HGKJ594P\nem220[1].dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\KXMB4LUJ\CAHGJUTI.dll -> TrojanDownloader.Dyfuca : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\O1AJKPMJ\index[1].jpg/5.exe -> TrojanDownloader.IstBar.is : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\O1AJKPMJ\index[1].jpg/10.exe -> Spyware.WinAD : Cleaned with backup
C:\Documents and Settings\Olav\Local Settings\Temporary Internet Files\Content.IE5\O1AJKPMJ\istdownload[1].exe -> TrojanDownloader.IstBar.kn : Cleaned with backup
C:\Program Files\Media Access\MediaAccC.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\MyWay\myBar\1.bin\MYWAYPLUGINPROXY.CLASS -> Spyware.MyWay : Cleaned with backup
C:\WINDOWS\system32\bbchk.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\exdl3.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\poker3.exe -> Worm.Prex.i : Cleaned with backup
C:\WINDOWS\Temp\Altnet\pmfiles.cab/sysdetect.dll -> Adware.BrilliantDigital : Cleaned with backup
C:\WINDOWS\Temp\Altnet\Setup.exe -> Spyware.Altnet : Cleaned with backup
D:\Bilder\2005-06-18\barnevogn\installer_MARKETING55.exe -> TrojanDownloader.Adload.a : Cleaned with backup


::Report End

And then the highjack report:

Logfile of HijackThis v1.99.1
Scan saved at 9:54:56 PM, on 7/8/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Opera\Opera.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OUTLOO~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/177da021373047dc6418/netzip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094409154834
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

==============

Problem solved??

Thanks,

Olav

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 31987
Loc: belfast
Re: hijack this [Re: lindtjorn]
      #206361 - Fri Jul 08 2005 10:10 PM
Reply to this post Reply   Reply to this post Quote  

not quite yet.


Disable SPYSWEEPER before running HJT, it can stop HJT from working.


Rerun HJT,and put a checkmark beside these :-


O2 - BHO: Shorty - {11A4CA8C-A8B9-49c2-A6D3-3F64C9EEBAE6} - C:\Program Files\DNS\Catcher.dll
O2 - BHO: AuroraHandlerObj Class - {4AA870AC-8427-42a4-B92E-ECD956197489} - C:\WINDOWS\AuroraHandler.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - (no file)
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] poker3.exe
O15 - Trusted Zone: http://ny.contentmatch.net (HKLM)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/177da021373047dc6418/netzip/RdxIE601.cab

now close all windows and browsers and click FIX CHECKED


then reboot and post a fresh Hijackthis log.




IF YOU FEEL I HAVE BEEN A HELP TO YOU, PLEASE CONSIDER MAKING A DONATION <<< click here

"If i had known i was going to live this long, i would have taken better care of myself"

Post Extras: Print Post   Remind Me!   Notify Moderator  
lindtjorn
new user


Reg'd: Wed
Posts: 4
Re: hijack this [Re: bricat]
      #206474 - Sat Jul 09 2005 10:56 AM
Reply to this post Reply   Reply to this post Quote  

I have removed the items you specified, and also before running this HJT scan, ewido could not find more infected files.


Logfile of HijackThis v1.99.1
Scan saved at 10:52:57 AM, on 7/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Norman\bin\ZLH.EXE
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\devldr32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Norman\Bin\Zanda.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Norman\Nvc\BIN\NIP.EXE
C:\Norman\bin\NJEEVES.EXE
C:\Norman\Nvc\bin\nvcoas.exe
C:\Norman\Nvc\BIN\NVCSCHED.EXE
C:\Norman\Nvc\BIN\nipsvc.exe
C:\WINDOWS\System32\alg.exe
C:\Norman\Nvc\bin\cclaw.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [RemHelp] remhelp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [EM_EXEC] C:\PROGRA~1\Logitech\MOUSEW~1\SYSTEM\EM_EXEC.EXE
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\bin\ZLH.EXE /LOAD /SPLASH
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OUTLOO~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: RaptisoftGameLoader - http://www.miniclip.com/hamsterball/raptisoftgameloader.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab30149.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://bin.mcafee.com/molbin/shared/mcinsctl/en-us/4,0,0,84/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1094409154834
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab30149.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://bin.mcafee.com/molbin/shared/mcgdmgr/en-us/1,0,0,21/mcgdmgr.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: Adobe Active File Monitor (AdobeActiveFileMonitor) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsFileAgent.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman NJeeves - Unknown owner - C:\Norman\bin\NJEEVES.EXE
O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\Bin\Zanda.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Photoshop Elements Device Connect (PhotoshopElementsDeviceConnect) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 3.0\PhotoshopElementsDeviceConnect.exe

Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 31987
Loc: belfast
Re: hijack this [Re: lindtjorn]
      #206489 - Sat Jul 09 2005 11:39 AM
Reply to this post Reply   Reply to this post Quote  

that looks clean now.


DISABLE SYSTEM RESTORE run your anti virus, when you get the all clear
restart your system restore.(same page).then create a new restore point :-

click START\ALL PROGRAMS\ACCESSORIES\SYSTEM TOOLS\SYSTEM RESTORE. click on "create new restore point"
click on NEXT and follow the prompts.

this is to ensure that if you have to do a system restore in the future that you don't get all the nasties reinstalled again.

Then

Go to TOOLS\INTERNET OPTIONS. and delete all TEMP INTERNET FILES

Download CCLEANER


then run the scan under the windows tab.


then DEFRAG your C:\ drive.

to help speed up your system.

then let us know how the computer is running.

IF YOU FEEL I HAVE BEEN A HELP TO YOU, PLEASE CONSIDER MAKING A DONATION <<< click here

"If i had known i was going to live this long, i would have taken better care of myself"

Post Extras: Print Post   Remind Me!   Notify Moderator  
lindtjorn
new user


Reg'd: Wed
Posts: 4
Re: hijack this [Re: bricat]
      #206689 - Sun Jul 10 2005 02:12 PM
Reply to this post Reply   Reply to this post Quote  

everything seems to be clean now, but I discovered that a new user account had appeared on my computer, which i assumed had something to do with the infection, and therfore deleted.

Thanks for all the help,

Olav


Post Extras: Print Post   Remind Me!   Notify Moderator  
bricatModerator
HijackThis Helper


Reg'd: Wed
Posts: 31987
Loc: belfast
Re: hijack this [Re: lindtjorn]
      #206754 - Sun Jul 10 2005 07:09 PM
Reply to this post Reply   Reply to this post Quote  

you're welcome.

IF YOU FEEL I HAVE BEEN A HELP TO YOU, PLEASE CONSIDER MAKING A DONATION <<< click here

"If i had known i was going to live this long, i would have taken better care of myself"

Post Extras: Print Post   Remind Me!   Notify Moderator  
Pages: 1

Previous topic Previous   View all topics Index   Next topic Next   Threaded Mode Threaded  
Rate this topic

Jump to


Extra information
0 registered and 49 anonymous users are browsing this forum.

Moderator:  putasolutions, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, greysts, TheFatControlleR, Noviciate 


Print Topic

Forum Permissions
      You cannot start new topics
      You cannot reply to topics
      HTML is disabled
      Mark-up is enabled

Rating:
Topic views: 663

Contact Us | Privacy statement Main website

Webuser.co.uk

Web User Alerts

Web User Network

Site Policies

Magazine Subscription

Contacts


Search

© Copyright IPC Media Limited 2009, All rights reserved