Results 1 to 4 of 4

Thread: Hijackthislog

  1. #1
    Member
    Join Date
    Aug 2006
    Posts
    3
    Points
    0

    Default Hijackthislog

    Logfile of HijackThis v1.99.1
    Scan saved at 12:13:43 PM, on 8/14/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\cvn0.exe
    C:\WINDOWS\system32\wfxqhv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\WINDOWS\system32\ghynf.exe
    C:\WINDOWS\system32\zqskw.exe
    C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe
    C:\Program Files\Secretmaker\secretmaker.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\WINDOWS\system32\devldr32.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,gelgyvl.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
    O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [ad8rIU3s] C:\WINDOWS\system32\cvn0.exe
    O4 - HKLM\..\Run: [k6mmN5IOU] "C:\WINDOWS\system32\wfxqhv.exe"
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_9.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_9.exe
    O4 - HKLM\..\Run: [gbdabriA] C:\WINDOWS\gbdabriA.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [eqrpno] C:\WINDOWS\system32\fanyoq.exe reg_run
    O4 - HKLM\..\Run: [pdnc17b9] RUNDLL32.EXE w005b82c.dll,n 002c17b700000003005b82c
    O4 - HKLM\..\Run: [w005ca8b.dll] RUNDLL32.EXE w005ca8b.dll,I2 002c17b70005ca8b
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
    O4 - HKCU\..\Run: [ziqf] C:\PROGRA~1\COMMON~1\ziqf\ziqfm.exe
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - HKCU\..\Run: [bnyrp] C:\WINDOWS\system32\fanyoq.exe reg_run
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
    O4 - Global Startup: Belkin Wireless Utility.lnk = ?
    O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\guard.tmp (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

  2. #2
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    Please go here and run all the recommended programs :-

    http://www.help2go.com/component/opt...wtopic/t,9709/

    Then do this as well :-

    Please download and run these :-

    Download CCleaner from :-

    http://www.filehippo.com/download_ccleaner/ (click the download tab)

    During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

    doubleclick the ccsetup.exe file and install the program...

    After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

    Make sure the "windows" tab is selected

    Under "internet explorer" tick...

    Temporary internet files
    Cookies* > see Note below
    History
    Recently typed URL's
    (leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
    Delete index.dat files
    Last download location
    Autocomplete form history


    under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

    Other explorer MRU's
    (leave this unticked if you DON'T want to clear lists such as the start\run list)

    under "System"

    Tick ALL these ...


    under "Advanced"

    no need to tick any of these (but you can if you want, and realise what they do)


    Applications tab...

    These will mostly clean out old log files for these applications...

    Clean:- (if you use them)

    Firefox/Mozilla (optional - leave the cookies - see note)
    Opera
    Sun Java
    ZoneAlarm

    ...
    Personally I clean everything in the applications tab... but you tick what you want...

    Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your passward when you next visit that site) ... click options > cookies > then keep the cookies you want.

    click "analyse" if you want to see a list of what is going to be removed, before it is removed.

    Or

    click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

    "This process will permanently delete files from your system. Are you sure you wish to proceed?"

    click OK.

    THEN........

    Download ewido security suite install, update and run it.

    Please set up as :-

    1. When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".

    2. Run Ewido --- When you run it for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.

    3. From the main ewido screen, click on update in the left menu, then click the Start update button.

    4. After the update finishes (the status bar at the bottom will display "Update successful")

    5. You may need to manually update the definitions which you can get HERE

    6. Exit Ewido. DO NOT scan yet.

    Boot into safemode...and scan with Ewido

    7. Click on the Scanner button in the left menu, then click on Complete System Scan. This scan can take quite a while to run.

    8. If ewido finds anything, it will pop up a notification. We have been finding some cases of false positives with the new version of Ewido, so we need to step through the fixes one-by-one. If Ewido finds something that you KNOW is legitimate (for example, parts of AVG Antivirus, AOL pcAnywhere and the game "Risk" have been flagged), select "none" as the action. DO NOT check "Perform action with all infections". If you are unsure of an entry, select "none" for the time being. I'll see that in the log you will post later and let you know if ewido needs to be run again.

    9. Once the ewido scan has completed, there will be a button located on the bottom of the screen called Save report.

    Important - You need to click "Save report" and Save it to your desktop, or you wont have a log

    reboot

    post a new hijackthis log + the ewido log

    cheers

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -

  3. #3
    Member
    Join Date
    Aug 2006
    Posts
    3
    Points
    0

    Default

    Logfile of HijackThis v1.99.1
    Scan saved at 6:25:08 PM, on 8/20/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\terminals.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
    C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
    C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Belkin\Belkin 802.11g Wireless PCI Card Configuration Utility\Belkinwcui.exe
    C:\Program Files\Secretmaker\secretmaker.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
    R3 - URLSearchHook: (no name) - _{EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
    F2 - REG:system.ini: UserInit=userinit.exe,gelgyvl.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: IeHelper Class - {A491D208-B353-490F-B81A-A8A3DC97042D} - C:\WINDOWS\system32\smiehlp.dll
    O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll
    O2 - BHO: (no name) - {E5E2A3E7-00FE-4D31-A030-A10799DDCA66} - (no file)
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [keyboard] C:\\kybrdff_9.exe
    O4 - HKLM\..\Run: [defender] C:\\dfndrff_9.exe
    O4 - HKLM\..\Run: [gbdabriA] C:\WINDOWS\gbdabriA.exe
    O4 - HKLM\..\Run: [TheMonitor] C:\WINDOWS\SYSC00.exe
    O4 - HKLM\..\Run: [eqrpno] C:\WINDOWS\system32\fanyoq.exe reg_run
    O4 - HKLM\..\Run: [pdnc17b9] RUNDLL32.EXE w005b82c.dll,n 002c17b700000003005b82c
    O4 - HKLM\..\Run: [w005ca8b.dll] RUNDLL32.EXE w005ca8b.dll,I2 002c17b70005ca8b
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\system32\kernels8.exe
    O4 - HKCU\..\Run: [ziqf] C:\PROGRA~1\COMMON~1\ziqf\ziqfm.exe
    O4 - HKCU\..\Run: [CAS2] "C:\Program Files\System Files\System.exe"
    O4 - HKCU\..\Run: [bnyrp] C:\WINDOWS\system32\fanyoq.exe reg_run
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.0.711.1664\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - Global Startup: Belkin Wireless Utility.lnk = ?
    O4 - Global Startup: SECRETMAKER.lnk = C:\Program Files\Secretmaker\secretmaker.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O10 - Broken Internet access because of LSP provider 'smnsp.dll' missing
    O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15015/CTSUEng.cab
    O16 - DPF: {0D6709DD-4ED8-40CA-B459-2757AEEF7BEE} (Dldrv2 Control) - http://download.gigabyte.com.tw/object/Dldrv.ocx
    O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Trend Micro ActiveX Scan Agent 6.5) - http://housecall65.trendmicro.com/ho...vex/hcImpl.cab
    O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
    O16 - DPF: {B64F4A7C-97C9-11DA-8BDE-F66BAD1E3F3A} - http://download.cdn.winsoftware.com/...reeInstall.cab
    O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
    O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
    O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
    O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15023/CTPID.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\WINDOWS\system32\xeymi.dll
    O20 - Winlogon Notify: MCD - C:\WINDOWS\system32\guard.tmp (file missing)
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
    O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Terminal Connections (terms) - Unknown owner - C:\WINDOWS\system32\terminals.exe



    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 5:18:24 PM 8/20/2006

    + Scan result:



    :mozilla.68:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.2o7 : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
    :mozilla.88:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.89:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.90:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.95:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adbrite : No action taken.
    :mozilla.82:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Addynamix : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@ads.addynamix[2].txt -> TrackingCookie.Addynamix : No action taken.
    :mozilla.87:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.91:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.92:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.93:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.94:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    :mozilla.96:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Adrevolver : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@www.adtrak[2].txt -> TrackingCookie.Adtrak : No action taken.
    :mozilla.123:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.125:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.126:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.127:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.128:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Advertising : No action taken.
    :mozilla.48:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@bfast[1].txt -> TrackingCookie.Bfast : No action taken.
    :mozilla.55:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.56:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.57:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.58:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.59:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.60:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.61:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.62:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Casalemedia : No action taken.
    :mozilla.133:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Cpvfeed : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
    :mozilla.49:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
    :mozilla.134:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.135:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.136:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.137:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@as-eu.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
    :mozilla.18:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.19:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.20:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.21:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.22:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    :mozilla.23:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@linksynergy[1].txt -> TrackingCookie.Linksynergy : No action taken.
    :mozilla.35:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.36:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Mediaplex : No action taken.
    :mozilla.100:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.97:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.98:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.99:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Pointroll : No action taken.
    :mozilla.65:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.66:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    :mozilla.67:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Questionmarket : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@revenue[1].txt -> TrackingCookie.Revenue : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@edge.ru4[2].txt -> TrackingCookie.Ru4 : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@banners.searchingbooth[1].txt -> TrackingCookie.Searchingbooth : No action taken.
    :mozilla.69:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.70:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.71:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    :mozilla.72:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Serving-sys : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@anad.tacoda[2].txt -> TrackingCookie.Tacoda : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
    :mozilla.155:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.156:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.157:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.158:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.159:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.160:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.161:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Trafficmp : No action taken.
    :mozilla.26:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.27:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.28:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.29:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Tribalfusion : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
    :mozilla.41:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.42:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.43:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.44:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.45:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.46:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.47:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Yieldmanager : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
    :mozilla.30:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.31:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.32:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.33:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    :mozilla.34:C:\Documents and Settings\shane\Application Data\Mozilla\Firefox\Profiles\w180cdse.default\cookies.txt -> TrackingCookie.Zedo : No action taken.
    C:\Documents and Settings\shane\Cookies\shane@zedo[1].txt -> TrackingCookie.Zedo : No action taken.


    ::Report end

  4. #4
    Member steamwiz's Avatar
    Join Date
    Sep 2003
    Location
    Yorkshire U.K.
    Posts
    14,022
    Points
    2335

    Default

    Hi

    There's something weird going on with your logs...

    your first ewido scan found :-

    ewido anti-spyware - Scan Report
    ------------------------------------------------------- --

    + Created at: 2:21:16 PM 8/20/2006

    + Scan result:

    C:\Documents and Settings\shane\Start Menu\Play Poker Online!.lnk -> Adware.Generic : No action taken.
    C:\WINDOWS\system32\bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
    C:\WINDOWS\system32\cvn0.exe -> Adware.SearchAssistant : No action taken.
    C:\WINDOWS\system32\ghynf.exe -> Adware.SearchAssistant : No action taken.
    C:\WINDOWS\system32bez6n4r21.exe -> Adware.SearchAssistant : No action taken.
    C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : No action taken.
    C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : No action taken.
    C:\WINDOWS\system32\wfxqhv.exe -> Adware.Suggestor : No action taken.
    C:\WINDOWS\system32\xeymi.dll -> Adware.Suggestor : No action taken.
    C:\t.inx -> Downloader.Tibs.gc : No action taken.
    C:\Program Files\MSN Gaming Zone\hozyq.html -> Hijacker.Small.jf : No action taken.
    C:\Program Files\Windows Media Player\kycesopum.html -> Hijacker.Small.jf : No action taken.

    ::Report end

    ---

    I told you to fix these with ewido & your second ewido scan only found cookies ... which it never found in your first scan

    If you ran ewido and fixed the above ....

    your latest hijackthis shoud have an entry which says ...

    O2 - BHO: Ozbyq Class - {D623BC2F-A58D-4A75-A10D-CC244A702A35} - C:\WINDOWS\system32\xeymi.dll (file missing)

    but it doesn't say (file missing)

    All the entries above should have appeared in the ewido lag as ...: Cleaned with backup (quarantined).

    for axample:

    C:\WINDOWS\system32\iqqr.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\n9nyb.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
    C:\WINDOWS\system32\wfxqhv.exe -> Adware.Suggestor : Cleaned with backup (quarantined).

    None of the above appear in your new ewido log... Have you run ewido several times ?

    Please run ewido again & let it clean all it finds

    Post the new ewido log and a new hijackthis log ... we'll clean the hijackthis log next...

    steam
    Look here for Ways to keep your computer safe
    M'SOFT MVP -Windows Security 2004/8 .member ASAP -