how do i remove these adwares

**gotodreams** · 02-05-2006, 10:14 PM

when i ran spysweeper it detected the following adwares. internet optimizer, roings search enhancement, money tree,webhancer. when i ran spyware doctor it said all spywares are removed. why is it so. when i open a browser page it auto matically gets directed to adultfriendfinder site. its a browser attack how do i remove all these. please help.

**classicsoftware** · 02-05-2006, 10:30 PM

Download a copy of Hijackthis. Unzip it into a permanent folder.
Click on the icon.
Choose the option to scan and create a log.
Post the contents of the log here for review.

**gotodreams** · 02-11-2006, 07:27 PM

Logfile of HijackThis v1.99.1
Scan saved at 5:54:45 AM, on 2/12/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\system32\csrss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\Explorer.EXE
C:\WINXP\System32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\windows\eee2.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINXP\System32\msgconfigrs.exe
C:\WINXP\System32\alg.exe
D:\norton antivirus v.imp\navapsvc.exe
C:\Program Files\Network Monitor\netmon.exe
C:\Program Files\Common Files\AOL\1132619104\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1132619104\ee\AOLServiceHost.exe
D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
D:\norton antivirus v.imp\SAVScan.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Spyware Doctor\Update.exe
C:\Documents and Settings\swapna\Desktop\HijackThis.exe
C:\Program Files\Spyware Doctor\swdoctor.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0...ir.asp?Ext=pdf
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINXP\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\NORTON~1.IMP\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132619104\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\Run: [ahkw] C:\windows\eee2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~1\tools\iesdpb.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E25A70-9663-449B-9FB6-91FE0F364123}: NameServer = 10.100.100.1,202.63.164.18,202.63.164.17,202.71.13 6.67
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\norton antivirus v.imp\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\norton antivirus v.imp\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

when i start windows after sometime a blank browser opens at the corner of which is written duf

**classicsoftware** · 02-11-2006, 08:44 PM

Let's see what Ewido can fix w/o doing it manually.

Please download, install, and update the NEW free version of Ewido trojan scanner:

When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
When you run Ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
From the main Ewido screen, click on update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")

Perform a full system scan and fix all that it finds.

Post back with a new HJT log and the Ewido log.

**gotodreams** · 02-19-2006, 10:41 PM

thanks.

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:56:04 AM, 2/20/2006
+ Report-Checksum: 3581B4CB

+ Scan result:

D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\PocketLAN for Pocket PC 2002 2.51 FULL.rar/PocketLAN for Pocket PC 2002 2.51 FULL\Navigon 2 Keygenerator.exe -> Backdoor.RCServ.c : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\PocketLAN for Pocket PC 2002 2.51 FULL.rar/PocketLAN for Pocket PC 2002 2.51 FULL\SetupPL2520.exe -> Backdoor.Wollf.a : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\hack\complete_set_hacking_tools+manuals\ hacking_tools\hvlscan.zip/UHANFO.EXE -> Trojan.ControlDuSockets.a : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\hack\complete_set_hacking_tools+manuals\ hacking_tools\wingatespoof_hlp.zip/UHANFO.EXE -> Trojan.ControlDuSockets.a : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\Ghost.Keylogger.3.73..(by.king-alp).rar/Ghost Keylogger v3.73 Crack contains viruses according to panda online scan\syncagent.EXE -> Logger.GhostKeyLogger.c : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\spywares\iOpus_Software+Serialsz_Starr_P C_Monitor_Pro3.23_Password_RecoveryXP4.0_Internet_ Macros3.04_Beee2.24-www.eselgate.de.rar/iOpus-Software\Starr 3.23 pro\iopus-starr-pro-setup.exe/wsys.exe -> Not-A-Virus.Monitor.Win32.Starr.323 : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\WUSave.cab/Save.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\WUSave.cab/SaveUninst.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\2 WUSave.cab/Save.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\2 WUSave.cab/SaveUninst.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/Save.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/SaveUninst.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/Save.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/SaveUninst.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/Weather.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/Uninst.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/Weather.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\adware\saveinstwm.exe/Uninst.exe -> Adware.SaveNow : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\hack tool danger\Hacking Tools - Complete Set - Scan, crack, password, all u need! Banned Illegal CIA FBI Army.zip/HaxTools/enum.exe -> Not-A-Virus.HackTool.Win32.EnumPlus.a : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\hack tool danger\Hacking Tools - Complete Set - Scan, crack, password, all u need! Banned Illegal CIA FBI Army.zip/HaxTools/NC.EXE -> Backdoor.Ncx.a : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\2 iSpyNow v2.0 (keylogger).zip/iSpyNow v2.0.zip/hs-is2py.rar/ispynow-setup.exe -> Backdoor.Delf.bz : Ignored
D:\my downloads\from d\My Downloads\hack,serial,peer\danger (viruses,spyware, diallers)\2 iSpyNow v2.0 (keylogger).zip/ISpyNow v2.0 WinALL.zip/hs-is2py.rar/ispynow-setup.exe -> Backdoor.Delf.bz : Ignored
:mozilla.155:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.158:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup

::Report End

"about the d drive im aware of these malwares"

can u please suggest me a very good antivirus.

**gotodreams** · 02-19-2006, 10:42 PM

Logfile of HijackThis v1.99.1
Scan saved at 8:57:19 AM, on 2/20/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINXP\System32\msgconfigrs.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Common Files\AOL\1132619104\ee\AOLHostManager.exe
C:\Program Files\Common Files\AOL\1132619104\ee\AOLServiceHost.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
D:\norton antivirus v.imp\navapsvc.exe
D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
D:\norton antivirus v.imp\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\swapna\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0...ir.asp?Ext=pdf
R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINXP\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\NORTON~1.IMP\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1132619104\ee\AOLHostManager.exe
O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E25A70-9663-449B-9FB6-91FE0F364123}: NameServer = 10.100.100.1,202.63.164.18,202.63.164.17,202.71.13 6.67
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\norton antivirus v.imp\navapsvc.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\norton antivirus v.imp\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

**classicsoftware** · 02-25-2006, 10:33 PM

Why did you choose to ignore those items. If you are downloading stuff like that you will never be clean.

Did you place these in your trusted Zone?

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com

**gotodreams** · 02-26-2006, 07:36 PM

im aware that those items that i ignored are dangerous. ive kept them to be moved on to a separate cd

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com

no ive not placed them in my trusted zone. what shud i do now.

can u suggest me a very good antivirus like ewido.
what security softwares shud i always have on my pc that can detect these malwares, adwares, keyloggers, trojans, viruses etc.

can u suggest me a good book that can teach me about security.

**classicsoftware** · 02-26-2006, 09:15 PM

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://about:blank

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://shell.windows.com/fileassoc/0...ir.asp?Ext=pdf

R3 - URLSearchHook: (no name) - _{EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O4 - HKLM\..\Run: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKLM\..\RunServices: [Microsoft Configs 32] msgconfigrs.exe
O4 - HKCU\..\Run: [Microsoft Configs 32] msgconfigrs.exe

O15 - Trusted Zone: *.media-motor.net
O15 - Trusted Zone: *.popuppers.com

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

Close all open program and browser windows except hijack this and click
fix checked,

Re-boot and post a new log

**gotodreams** · 02-26-2006, 11:32 PM

Logfile of HijackThis v1.99.1
Scan saved at 10:00:23 AM, on 2/27/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINXP\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\spoolsv.exe
C:\WINXP\System32\ezSP_Px.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
D:\norton antivirus v.imp\navapsvc.exe
D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
D:\norton antivirus v.imp\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\swapna\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINXP\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\NORTON~1.IMP\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E25A70-9663-449B-9FB6-91FE0F364123}: NameServer = 10.100.100.1,202.63.164.18,202.63.164.17,202.71.13 6.67
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\norton antivirus v.imp\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\norton antivirus v.imp\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

can u suggest me a very good antivirus like ewido.
what security softwares shud i always have on my pc that can detect these malwares, adwares, keyloggers, trojans, viruses etc.

can u suggest me a good book that can teach me about security.

**classicsoftware** · 02-27-2006, 08:54 AM

For security:

For anti-virus I recommend Avast

For a firewall I use Sygate It is no longer supported so others like Kerio

For what you do I would purchse the Ewido and all of it's updates.

I would scan regularly with spy sweeper, Ewido and Avast.

and lastly:

Get that garbage off your PC and on to a CD pronto

**gotodreams** · 02-27-2006, 09:39 AM

thank you very much for helping me out.

For a firewall I use Sygate It is no longer supported so others like Kerio .....what do u mean by this statement

can u suggest me a good book so that i can learn security from basics

now is my pc clear of all the viruses.
i will surely get the garbage out of my pc soon.

**classicsoftware** · 02-27-2006, 12:07 PM

The company that makes Sygate was sold and there are no updates. I like it for the depth of the configuration.

Security changes too fast for books.....

Remove the crap and then post another HJT and ewido log then we will know if you are clean for sure.

**gotodreams** · 02-28-2006, 05:15 AM

ok i will do that and mail u the log

**gotodreams** · 03-04-2006, 10:53 PM

please let me know which startup items are not necessary. what is this ezshieldprotector

ewido anti-malware - Startup report
---------------------------------------------------------

+ Created on: 9:12:16 AM, 3/5/2006
+ Report-Checksum: BEB5DFF7

Reg\HKLM\Run ezShieldProtector for Px C:\WINXP\System32\ezSP_Px.exe

Reg\HKLM\Run ccApp "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

Reg\HKLM\Run Advanced Tools Check D:\NORTON~1.IMP\AdvTools\ADVCHK.EXE

Reg\HKLM\Run SSC_UserPrompt C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe

Reg\HKCU\Run SpySweeper C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0

Reg\HKCU\Run Shareaza "C:\Program Files\Shareaza\Shareaza.exe" -tray

Reg\HKCU\Run MSMSGS "C:\Program Files\Messenger\msmsgs.exe" /background

Shell\CommonStartup Microsoft Office.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk

**gotodreams** · 03-04-2006, 10:54 PM

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:48:48 AM, 3/5/2006
+ Report-Checksum: F0F2550C

+ Scan result:

:mozilla.140:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.143:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.144:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.145:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.146:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.147:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.149:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.150:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.151:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.153:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.166:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.167:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.168:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.169:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.170:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.171:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.172:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.173:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.174:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.175:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.176:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.177:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.178:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.184:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.185:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.186:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.188:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.189:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.190:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.198:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.206:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.207:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.208:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.209:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.210:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.211:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup

::Report End

**gotodreams** · 03-04-2006, 10:55 PM

Logfile of HijackThis v1.99.1
Scan saved at 9:13:52 AM, on 3/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINXP\System32\smss.exe
C:\WINXP\SYSTEM32\winlogon.exe
C:\WINXP\system32\services.exe
C:\WINXP\system32\lsass.exe
C:\WINXP\system32\svchost.exe
C:\WINXP\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINXP\system32\spoolsv.exe
D:\norton antivirus v.imp\navapsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\Shareaza\Shareaza.exe
D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
C:\Program Files\Messenger\msmsgs.exe
D:\norton antivirus v.imp\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\WINXP\explorer.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Documents and Settings\swapna\Desktop\HijackThis.exe

N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csea rchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\prefs.j s)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINXP\System32\msdxm.ocx
O3 - Toolbar: (no name) - {ACB1E670-3217-45C4-A021-6B829A8A27CB} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\norton antivirus v.imp\NavShExt.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINXP\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] D:\NORTON~1.IMP\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [SpySweeper] C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe /0
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - D:\Program Files\AIM\aim.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/S.../bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{66E25A70-9663-449B-9FB6-91FE0F364123}: NameServer = 10.100.100.1,202.63.164.18,202.63.164.17,202.71.13 6.67
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: Intel(R) Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel(R) Active Monitor\imonnt.exe
O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: InCD Helper (read only) (InCDsrvR) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\norton antivirus v.imp\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - D:\norton antivirus v.imp\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - D:\norton antivirus v.imp\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe

awaiting for a reply. ive sent u 3 reports startup items , ewido and hijack this

**classicsoftware** · 03-05-2006, 07:36 AM

Your log looks clean.

I would kill:

Reg\HKCU\Run Shareaza "C:\Program Files\Shareaza\Shareaza.exe" -tray

from startup you can load it when you need it.

How is the system running?

**gotodreams** · 03-05-2006, 09:41 PM

today as my system started i got the msg "unable to load driver 2" i had to press ok. then it went off after sometime.
few days back norton detected w32spybot worm. i ran the antivirus in safe mode. i did not get any msg but in the final window it displayed detected virus one and deleted one .i was not sure was it the spybot worm. since then no worm was detected. i did got to nav site to check removal of spybot worm. it said to delete some registry entries. since spybot was not detected again i did not check the registry.
in my start up log from ewido there were one entry

Reg\HKLM\Run ezShieldProtector for Px C:\WINXP\System32\ezSP_Px.exe

which program has installed ezShieldProtector and is it necessary .if not how do i remove it

i use shareza to download music videos. i will disable shareza from startup list.

im again sending u the report from ewido scan which a performed today

**gotodreams** · 03-05-2006, 09:42 PM

-
why am i getting these below result even after ewido removes it always
--------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:08:01 AM, 3/6/2006
+ Report-Checksum: AC339C93

+ Scan result:

:mozilla.126:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Atdmt : Cleaned with backup
:mozilla.129:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.130:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.131:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.132:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.133:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.135:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.136:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.137:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.139:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.148:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Doubleclick : Cleaned with backup
:mozilla.152:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.153:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.154:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.155:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.156:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.157:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.158:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.159:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.160:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.161:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.162:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.163:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.164:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.170:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.171:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.172:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tacoda : Cleaned with backup
:mozilla.174:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.175:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Burstnet : Cleaned with backup
:mozilla.176:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Mediaplex : Cleaned with backup
:mozilla.182:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Tribalfusion : Cleaned with backup
:mozilla.189:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Questionmarket : Cleaned with backup
:mozilla.190:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.191:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.192:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.193:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Pointroll : Cleaned with backup
:mozilla.194:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.197:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.198:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.199:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.200:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.201:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup
:mozilla.202:C:\Documents and Settings\swapna\Application Data\Mozilla\Profiles\default\xk1hebj0.slt\cookies .txt -> TrackingCookie.Esomniture : Cleaned with backup

::Report End

**classicsoftware** · 03-05-2006, 09:57 PM

You system appears free of malware.........

How is it running?

Any pop-ups?

**gotodreams** · 03-05-2006, 10:47 PM

which program has installed ezshield protector
in the ewido log the tracking cookies which are detected are they dangerous and do i have to remove them always using ewido

**classicsoftware** · 03-05-2006, 11:15 PM

Originally Posted by gotodreams

which program has installed ezshield protector

The answer is here

Originally Posted by gotodreams

in the ewido log the tracking cookies which are detected are they dangerous and do i have to remove them always using ewido

You will always get cookies unless you turn them off. They are really of no consequence. You can remove them if you want.

**gotodreams** · 03-08-2006, 12:58 PM

thanks a lot for all ur help. god bless. hope to be in touch with u soon

**classicsoftware** · 03-08-2006, 11:55 PM

Now you need to armor up so this does not happen again.

Step One: Switch to Firefox. Since switching to Firefox I am spyware free. It's just a better browser and safer to boot. Add the Noscript Extension and you are very safe.

Step Two: Download, install and keep updated SpywareBlaster

Step Three:Get yourself a firewall. Your choices for a free firewall are Kerio and Sygate

Step Four: Make sure you keep your AV software updated.

Thread: how do i remove these adwares

Thread Tools