1
   

Help Request: yukware and abi network REMOVAL/HIJACK Help

Forums: Computers
Email this Topic Print this Page
 
 
str82hell
 
Reply Tue 9 Aug, 2005 03:15 pm
ok. i have followed the updated yuckware removal/hijack this tips. and i am very grateful for them. thanks for everything. they were a great help. i think i might have rid the system of the crap. it took me 12 hours. i had never seen anything this bad as the abi network crap. i would like to post my logs and if someone has a chance to view them and give any other suggestions it would be much appreciated.

first, i had no trouble with any of the instructions except one. NAILFIX. But that was my fault. originally before i came upon this site, i had made a dummy text file called nail.exe and replaced the original with that. so when i ran nailfix, i received an error message saying that it couldn't be done (sorry i don't have the original message but i can get it if necessary).

here is my first ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 10:12:35 AM, 8/9/2005
+ Report-Checksum: 764F4B02

+ Scan result:

HKLM\SOFTWARE\motoin -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\Mvu -> Spyware.Delfin : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy -> Spyware.SearchRelevancy : Cleaned with backup
HKLM\SOFTWARE\SearchRelevancy\Update -> Spyware.SearchRelevancy : Cleaned with backup
HKU\S-1-5-21-606747145-57989841-725345543-1004\Software\Mvu -> Spyware.Delfin : Cleaned with backup
C:\Documents and Settings\All Users\Application Data\SecTaskMan\dees.exe.q_7DD601_q -> TrojanDownloader.PurityScan.y : Cleaned with backup
C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\A8YWFWRC\!update-2204[1].0000 -> TrojanDownloader.PurityScan.y : Cleaned with backup
:mozilla.34:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Atdmt : Cleaned with backup
:mozilla.35:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.36:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Valueclick : Cleaned with backup
:mozilla.40:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
:mozilla.42:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.48:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.49:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.50:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.51:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.52:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.61:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.62:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.63:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.65:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Bluestreak : Cleaned with backup
:mozilla.69:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
:mozilla.70:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.71:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.72:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.73:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.74:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.75:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.76:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.77:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.78:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.79:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.80:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.81:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.82:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.83:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Advertising : Cleaned with backup
:mozilla.104:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Coremetrics : Cleaned with backup
:mozilla.118:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.119:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.120:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.133:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.134:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.135:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.136:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.137:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.138:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Fastclick : Cleaned with backup
:mozilla.144:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.145:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Ru4 : Cleaned with backup
:mozilla.148:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.149:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.150:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.151:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.161:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.162:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.163:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Centrport : Cleaned with backup
:mozilla.171:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.172:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.173:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.174:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.225:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.226:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.227:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.231:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Hitbox : Cleaned with backup
:mozilla.235:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Trafic : Cleaned with backup
:mozilla.236:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
:mozilla.238:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Targetnet : Cleaned with backup
:mozilla.244:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.249:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.252:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.253:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.254:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.255:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.299:C:\Documents and Settings\richard f lansing\Application Data\Mozilla\Firefox\Profiles\geoj0gxk.default\cookies.txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\richard f lansing\Cookies\richard f lansing@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\richard f lansing\Cookies\richard f lansing@ivwbox[2].txt -> Spyware.Cookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\richard f lansing\Cookies\richard f [email protected][1].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\richard f lansing\Local Settings\Temp\Cookies\richard f lansing@abetterinternet[1].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\richard f lansing\Local Settings\Temporary Internet Files\Content.IE5\8VUZU5YL\AppWrap[1].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Documents and Settings\richard f lansing\Local Settings\Temporary Internet Files\Content.IE5\Q1SRI5KL\AppWrap[2].exe -> TrojanDropper.Agent.pb : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\078CAE64-0221-4A6F-BC66-92BE68\F25A5A08-8307-453E-B884-4CF450 -> Adware.BetterInternet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp -> Spyware.Cookie.Pro-market : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq31.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq49.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4A.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq60.tmp -> Spyware.Cookie.Serving-sys : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq61.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq63.tmp -> Spyware.Cookie.Onestat : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq64.tmp -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6B.tmp -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq6D.tmp -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq7.tmp -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq88.tmp -> Spyware.Cookie.Ru4 : Cleaned with backup
C:\Program Files\Yahoo!\YPSR\Quarantine\ppqE5.tmp -> Spyware.Cookie.Questionmarket : Cleaned with backup
C:\RECYCLER\NPROTECT\00000027.exe -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\dsr.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\dsr.exe -> Trojan.Imiserv.c : Cleaned with backup
C:\WINDOWS\etb\xud_62.dll -> Spyware.EliteBar : Cleaned with backup
C:\WINDOWS\system\UpdInst.exe -> Spyware.Look2Me : Cleaned with backup
C:\WINDOWS\system32\DrPMon.dll -> Adware.BetterInternet : Cleaned with backup
C:\WINDOWS\system32\PSDrvCheck.KO -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\system32\qjsbvo.exe -> Adware.BetterInternet : Cleaned with backup
F:\00 - DOWNLOAD (PocketPC)\00 - MODEM SETUP DIRECTIONS & SOFTWARE\dialer_driver.zip/CDMA_USBModem_Dialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
F:\00 - DOWNLOAD (PocketPC)\WMODEM Stuff\MODEM DIALER APPLICATION\harrierusb.zip/CDMA_USBModem_Dialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
F:\00 - DOWNLOAD (PocketPC)\WMODEM - use this for install\dialer\dialer_driver.zip/CDMA_USBModem_Dialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP367\A0146960.DLL -> Spyware.ClearSearch : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP375\A0151087.EXE -> Adware.SaveNow : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP376\A0151187.exe -> TrojanDownloader.Dyfuca.dq : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP376\A0151188.exe -> TrojanDownloader.Dyfuca.dq : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP376\A0151190.dll -> Adware.eZula : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP377\A0152364.DLL -> Spyware.MyWay : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP396\A0158317.dll -> Spyware.HotBar : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP397\A0161607.dll -> Spyware.HotBar : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP412\A0164402.dll -> Spyware.HotBar : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP413\A0164564.DLL -> Spyware.ClearSearch : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP423\A0167929.dll -> Spyware.Alexa : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP445\A0180838.exe -> Trojan.Small.cr : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP445\A0180895.exe -> Trojan.Small.cr : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP451\A0182491.exe -> Adware.SaveNow : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP452\A0182556.exe -> Adware.SaveNow : Cleaned with backup
F:\System Volume Information\_restore{0193FC1C-0A70-478B-8107-B531B8E70CAB}\RP461\A0184045.dll -> Adware.Gator : Cleaned with backup


::Report End






here is my 2nd ewido report:

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:50:13 PM, 8/9/2005
+ Report-Checksum: 875961

+ Scan result:

No infected objects found.


::Report End


here is my hijack report:

Logfile of HijackThis v1.99.1
Scan saved at 1:39:02 PM, on 8/9/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Diskeeper9\DkService.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\GEARSec.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
C:\Program Files\ATI Multimedia\main\launchpd.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\IMAGE\NEROPH~1\data\Xtras\mssysmgr.exe
C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HIJACK THIS\HijackThis.exe
C:\HIJACK THIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = "What Do I Know?"
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\SPYWAR~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\yt.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Norton Ghost 9.0] C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\GhostTray.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\video\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DiskeeperSystray] "C:\Program Files\Diskeeper9\DkIcon.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [Spy Protector] C:\Program Files\Security Task Manager\SpyProtector.exe/autostart
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKCU\..\Run: [ATI Launchpad] "C:\Program Files\ATI Multimedia\main\launchpd.exe"
O4 - HKCU\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /M "Stylus Photo RX500" /EF "HKCU"
O4 - HKCU\..\Run: [Norton SystemWorks] "C:\Program Files\Norton SystemWorks\cfgwiz.exe" /GUID {05858CFD-5CC4-4ceb-AAAF-CF00BF39736A} /MODE CfgWiz
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Zinio DLM] C:\PROGRA~1\Zinio\ZINIOD~2.EXE /hide
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\IMAGE\NEROPH~1\data\Xtras\mssysmgr.exe
O4 - Startup: TASK MANAGER.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: BTTray.lnk = C:\Program Files\Linksys\Bluetooth Utility\BTTray.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Open PDF in Word - res://C:\OFFICE HOME\OMNIPAGE PRO v14.0\PdfCnv\IEShellExt.dll /100
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie_ctx.htm
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\tv\EXPLBAR.DLL
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0411.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Linksys\Bluetooth Utility\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: Yahoo! Chess - http://download.games.yahoo.com/games/clients/y/ct1_x.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://support.gateway.com/support/profiler/PCPitStop.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yinst0401.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.com/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1093531347953
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {862FB893-B24B-4FAD-80D3-A1158EB34DB4} (CNET SearchBar) - http://www.search.com/cnetsearchbar.cab
O16 - DPF: {8AA1AE9E-9FB0-41B3-8911-89A1068A7FD1} (Installer Class) - https://www5.wirelesssync.vzw.com/en/SyncInstall.cab
O16 - DPF: {93CEA8A4-6059-4E0B-ADDD-73848153DD5E} (CWebLaunchCtl Object) - http://gateway.cf1live.com/eSupport/static/weblaunch/weblaunch.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/yse/ymmapi_416.dll
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcafee.com/molbin/iss-loc/vso/en-us/tools/mcfscan/2,0,0,4549/mcfscan.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/bin/msnchat45.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - http://winfixer.com/pages/scanner/WFI.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AdobeVersionCue - Adobe Sytems - C:\IMAGE\Adobe\Version Cue\service\VersionCue.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Linksys\Bluetooth Utility\bin\btwdins.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Diskeeper9\DkService.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: GBPoll - Unknown owner - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe (file missing)
O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Norton SystemWorks\Norton Ghost\Agent\PQV2iSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\NPROTECT.EXE
O23 - Service: PictureTaker - LANovation - C:\WINDOWS\System32\PCTKRNT.SYS
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Speed Disk service - Symantec Corporation - C:\PROGRA~1\NORTON~2\NORTON~1\SPEEDD~1\NOPDB.EXE
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
  • Topic Stats
  • Top Replies
  • Link to this Topic
Type: Discussion • Score: 1 • Views: 580 • Replies: 1
No top replies

 
timberlandko
 
  1  
Reply Tue 9 Aug, 2005 05:33 pm
Looks like you've got the baddies on the run - some touchup is needed, though, before you're done. Print out these instructions, as you will be carrying out most of these steps while in safe mode.

If you have not done so yet today, go to Windows Update and catch up on the updates that came out this morning. Don't reboot when prompted, though. First, update Microsoft Antispyware, don't run it, just update it, then reboot. Once your machine has fully rebooted normally, reboot into safe mode.

Launch HijackThis, and place a checkmark next to the following entries:

R3 - Default URLSearchHook is missing

O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)

O3 - Toolbar: (no name) - {2CDE1A7D-A478-4291-BF31-E1B4C16F92EB} - (no file)

O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)

O23 - Service: GBPoll - Unknown owner - C:\Program Files\Norton SystemWorks\Norton GoBack\GBPoll.exe (file missing)

Click "Fix Checked". Do not reboot.

Launch Microsoft Antispyware, select "Advanced Tools", select "Browser Restore", select "Check all", click "Restore", confirm, then run a full system scan with Miscrosoft Antispyware. "Fix" any issues found. Do not reboot. Run a second full system scan with Microsoft Antispyware, fixing anything found. Do not reboot.

Launch CCleaner, select "Issues", click to remove the checkmark from the "Unused File Extensions", "Help Files", and "Start Menu Ordering" boxes over in the left panel, select "Scan for issues", and when the scan has completed, select "Fix selected issues", confirm the registry backup as prompted, then select and confirm "Fix all issues". While still in CCleaner, select "Cleaner", select "Analyze", then select "Run Cleaner".

Reboot, immediately run a scan-and-save-log with HJT (don't "Fix" anything), and post the new log back here.

Oh, and it might be a very good idea to fully uninstall then re-install your Norton Systemworks - it appears to have a few problems. If you do decide to do so, first fully uninstall Spybot S&D (a long story - necessary, trust me), then uninstall Norton Systemworks and reboot normally, then re-install it. When it has re-installed, run Liveupdate, rebooting as necessary, untill you are informed no further updates are available. Configure NSW as you wish when it has been fully updated. Don't re-install Spybot S&D yet - you're gonna want to wait a bit before doing that. More detail to follow when you've got the rest of this done. Lemme know whether you did uninstall/reinstall NSW.
0 Replies
 
 

Related Topics

Super cool computer tricks, for dopes like me. - Discussion by OCCOM BILL
Clone of Micosoft Office - Question by Advocate
Do You Turn Off Your Computer at Night? - Discussion by Phoenix32890
The "Death" of the Computer Mouse - Discussion by Phoenix32890
Windows 10... - Discussion by Region Philbis
Surface Pro 3: What do you think? - Question by neologist
Windows 8 tips thread - Discussion by Wilso
Mac help/can't install new printer, don't remember passwd - Discussion by ossobuco
GOOGLE CHROME - Question by Setanta
.Net and Firefox... - Discussion by gungasnake
Hacking a computer and remote access - Discussion by trying2learn
 
  1. Forums
  2. » Help Request: yukware and abi network REMOVAL/HIJACK Help
Copyright © 2025 MadLab, LLC :: Terms of Service :: Privacy Policy :: Page generated in 0.03 seconds on 12/28/2025 at 12:23:30