Logfile of HijackThis v1.99.1 Scan saved at 00:08:43, on 25/09/2006 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\Program Files\ewido anti-spyware 4.0\guard.exe C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe C:\PROGRA~1\McAfee\MSC\mclogsrv.exe C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe c:\program files\common files\mcafee\mna\mcnasvc.exe C:\PROGRA~1\McAfee\MSC\mcpromgr.exe c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe c:\PROGRA~1\mcafee.com\vso\mcshield.exe C:\PROGRA~1\McAfee\MSC\mctskshd.exe C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe C:\Program Files\McAfee\MSK\MskSrver.exe C:\Norman\NVC\BIN\Zanda.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\QuickTime\qttask.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Norman\NVC\BIN\ZLH.EXE C:\Program Files\McAfee.com\VSO\mcvsshld.exe C:\Program Files\McAfee.com\VSO\oasclnt.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe C:\Program Files\McAfee\MSK\MskAgent.exe C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE C:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\MSN Messenger\MsnMsgr.Exe C:\PROGRA~1\mcafee.com\agent\mcagent.exe c:\progra~1\mcafee.com\vso\mcvsescn.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe C:\WINDOWS\system32\java.exe C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearchIndexer.exe c:\progra~1\mcafee.com\vso\mcvsftsn.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\hjt\HijackThis_v1.99.1.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.wanadoo.co.uk R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo R3 - Default URLSearchHook is missing O1 - Hosts: 66.98.136.25 auto.search.msn.com O1 - Hosts: 66.98.136.25 auto.search.msn.es O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {34DB0D52-923D-4A85-B824-08A1E3331075} - C:\Program Files\microsoft frontpage\mevogut.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: MSN Search Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O3 - Toolbar: MSN Search Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [sla] C:\WINDOWS\sla.exe O4 - HKLM\..\Run: [EPSON Stylus CX3600 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P26 "EPSON Stylus CX3600 Series" /O6 "USB002" /M "Stylus CX3600" O4 - HKLM\..\Run: [outlook] C:\Program Files\outlook\outlook.exe /auto O4 - HKLM\..\Run: [winlog] winlog.exe O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKLM\..\Run: [Norman ZANDA] C:\Norman\NVC\BIN\ZLH.EXE /LOAD /SPLASH O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe O4 - HKLM\..\Run: [Auto EPSON Stylus CX3600 Series on NPMILLER] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9BE.EXE /P43 "Auto EPSON Stylus CX3600 Series on NPMILLER" /O18 "\\NPMILLER\Printer" /M "Stylus CX3600" O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized O4 - HKLM\..\RunServices: [winlog] winlog.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized O4 - HKCU\..\Run: [omoz] C:\Program Files\Common Files\omoz\omozm.exe O4 - HKCU\..\Run: [Error Safe Free] "C:\Program Files\ErrorSafe Free\uers.exe" /scan O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe O4 - Global Startup: Adobe Gamma Loader.lnk = ? O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Office\Office10\OSA.EXE O4 - Global Startup: Ulead Photo Express 4.0 SE Calendar Checker .lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\MSN Toolbar Suite\DS\02.05.0001.1119\en-gb\bin\WindowsSearch.exe O8 - Extra context menu item: &MSN Search - res://C:\Program Files\MSN Toolbar Suite\TB\02.05.0000.1082\en-gb\msntb.dll/search.htm O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/229?fa3101124e1949e198b58fa23d8f28e O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\MSN Toolbar Suite\TAB\02.05.0001.1119\en-gb\msntabres.dll/230?fa3101124e1949e198b58fa23d8f28e O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O14 - IERESET.INF: START_PAGE_URL=http://www.wanadoo.co.uk O16 - DPF: {3B5E9B23-7537-4601-A9E8-FA0D956DEA16} (csauie1 Control) - http://www.couponreport.net/ftp/v3123/csauie1.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\aoipdlxx.dll (file missing) O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe O23 - Service: Norman ZANDA - Unknown owner - C:\Norman\NVC\BIN\Zanda.exe O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 23:51:22 24/09/2006 + Scan result: C:\Documents and Settings\nik\Cookies\nik@adrevolver[2].txt -> TrackingCookie.Adrevolver : No action taken. C:\Documents and Settings\nik\Cookies\nik@adtech[2].txt -> TrackingCookie.Adtech : No action taken. C:\Documents and Settings\nik\Cookies\nik@advertising[2].txt -> TrackingCookie.Advertising : No action taken. C:\Documents and Settings\nik\Cookies\nik@adviva[2].txt -> TrackingCookie.Adviva : No action taken. C:\Documents and Settings\nik\Cookies\nik@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken. C:\Documents and Settings\nik\Cookies\nik@bluestreak[1].txt -> TrackingCookie.Bluestreak : No action taken. C:\Documents and Settings\nik\Cookies\nik@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken. C:\Documents and Settings\nik\Cookies\nik@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken. C:\Documents and Settings\nik\Cookies\nik@as1.falkag[2].txt -> TrackingCookie.Falkag : No action taken. C:\Documents and Settings\nik\Cookies\nik@ehg-bskyb.hitbox[2].txt -> TrackingCookie.Hitbox : No action taken. C:\Documents and Settings\nik\Cookies\nik@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken. C:\Documents and Settings\nik\Cookies\nik@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken. C:\Documents and Settings\nik\Cookies\nik@questionmarket[1].txt -> TrackingCookie.Questionmarket : No action taken. C:\Documents and Settings\nik\Cookies\nik@web4.realtracker[1].txt -> TrackingCookie.Realtracker : No action taken. C:\Documents and Settings\nik\Cookies\nik@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : No action taken. C:\Documents and Settings\nik\Cookies\nik@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken. ::Report end
Go to Add/Remove Programs. Look for these or similar. If found, uninstall. [bold]Error Safe Free 360Share Pro[/bold] Look for this folder, if found, delete. [bold]C:\Program Files\ErrorSafe Free[/bold] Run a scan only with HijackThis, check these. [bold]R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank R3 - Default URLSearchHook is missing O1 - Hosts: 66.98.136.25 auto.search.msn.com O1 - Hosts: 66.98.136.25 auto.search.msn.es O2 - BHO: (no name) - {34DB0D52-923D-4A85-B824-08A1E3331075} - C:\Program Files\microsoft frontpage\mevogut.dll (file missing) O2 - BHO: (no name) - {549B5CA7-4A86-11D7-A4DF-000874180BB3} - (no file) O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file) O4 - HKLM\..\Run: [ACTX1] C:\WINDOWS\v1201.exe O4 - HKCU\..\Run: [Error Safe Free] "C:\Program Files\ErrorSafe Free\uers.exe" /scan O4 - Startup: 360Share Pro On Startup.lnk = C:\Program Files\360Share Pro\Gui\360Share Pro.exe O20 - Winlogon Notify: BITS - C:\WINDOWS\system32\aoipdlxx.dll (file missing)[/bold] Close all windows except hijackThis and click Fix checked. Your Java is out of date. Go here and download [bold]Java 5.0 Update 8[/bold]. Uninstall all previous versions of Java via Add/Remove Programs. Restart and install Update 8. Then, go here and download CCleaner. Install and run both the cleaner and the issues fix(when prompted to backup regisrty, click Yes). Go here and run Kaspersky Online Scanner. When it finishes, save the log. Post a new HijackThis log and the Kaspersky Scanner log. Edit: Missed one.
