Go Back   Cyber Tech Help Support Forums > Software > Malware Removal
Reload this Page Nasty virus(es)....
Register FAQ Calendar Today's Active Topics Search

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old March 23rd, 2006, 09:14 PM
dooley988 dooley988 is offline
New Member
  
Join Date: Mar 2006
Posts: 3
Nasty virus(es)....
Here is my Hi jack this log.

Logfile of HijackThis v1.99.1
Scan saved at 3:07:47 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\windows\eosxwwac.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Network\ipnetwork.exe
C:\program files\valve\steam\steam.exe
C:\windows\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\windows\newfrn.exe
C:\windows\system32\winlog.exe
C:\Documents and Settings\John Cs\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.findthewebsiteyouneed.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/...ch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/.../www.yahoo.com
R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\windows\DH.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ep0ru] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [bO²ùð#×y-¯Œ] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [bO²ùõö/ØG%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bO²ùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [Á³# *L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [keyboard] c:\windows\keyboard5.exe
O4 - HKLM\..\Run: [newname] c:\windows\newname5.exe
O4 - HKLM\..\Run: [mousepad] c:\windows\mousepad5.exe
O4 - HKLM\..\Run: [System service79] C:\windows\etb\pokapoka79.exe
O4 - HKLM\..\Run: [NewFrn] C:\windows\newfrn.exe
O4 - HKLM\..\Run: [MRT] "C:\windows\system32\MRT.exe" /R
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O8 - Extra context menu item: &AOL Toolbar Search - c:\program files\aol\aol toolbar 2.0\resources\en-US\local\search.html
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe (file missing)
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll


iv worked a long time on this and they keep coming back.. i have yet to find a program to remove it and i cant do it manually.. they just keep coming back....

i know the winlog, pokapoka79.exe, the keyboard5.exe, newname5.exe, and mousepad5.exe are all on there but they wont come off.. even after i turn them off... i stop the programs but im leaving something...
Reply With Quote
  #2  
Old March 23rd, 2006, 09:38 PM
dooley988 dooley988 is offline
New Member
  
Join Date: Mar 2006
Posts: 3
ok iv worked on this some.. and got this now

Logfile of HijackThis v1.99.1
Scan saved at 3:30:54 PM, on 3/23/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\Program Files\winsupdater\winsupdater.exe
C:\Program Files\ISTsvc\istsvc.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\windows\eosxwwac.exe
C:\Program Files\Network\ipnetwork.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\windows\system32\winlog.exe
C:\windows\System32\svchost.exe
C:\Program Files\Common Files\Windows\services32.exe
C:\Documents and Settings\John Cs\Desktop\HijackThis.exe

R3 - URLSearchHook: AOLTBSearch Class - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: (no name) - {6001CDF7-6F45-471b-A203-0225615E35A7} - C:\windows\DH.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: AOL Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 2.0\aoltb.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [winsupdater] C:\Program Files\winsupdater\winsupdater.exe /auto
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [ep0ru] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [bO²ùð#×y-¯Œ] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [bO²ùõö/ØG%)ßfÏNb½¾C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [bO²ùõš/‚²‘ÆßfÏNb‰»C:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [Á³# L"h'þ9Óœð3rÅWC:\Program Files\ISTsvc\istsvc.exe] C:\windows\eosxwwac.exe
O4 - HKLM\..\Run: [IpNetwork] C:\Program Files\Network\ipnetwork.exe
O4 - HKLM\..\Run: [] winlog.exe
O4 - HKLM\..\RunServices: [] winlog.exe
O4 - HKCU\..\Run: [Steam] "c:\program files\valve\steam\steam.exe" -silent
O4 - HKCU\..\Run: [services32] C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\npjpi150_06.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll

thanks for the help =)
Reply With Quote
  #3  
Old March 24th, 2006, 07:04 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
  
Join Date: Dec 2004
Posts: 52,284
Howdy dooley988,


A fair bit of infection there. Let's clean that up.


Download this Ist removal tool and click on it to run.



Next, download the trial version of Ewido Security Suite from here and install it.

When installing, under "Additional Options" uncheck "Install Background Guard" and "Install scan via context menu".

Launch Ewido, (there should be an icon on your desktop, doubleclick it). The program will now go to the main screen. You will need to update Ewido to the latest definition files.

On the left hand side of the main screen click update and then click on Start Update. The update will start and a progress bar will show the updates being installed. If you have problems with the updater, you can use this link to manually update ewido.
ewido manual updates http://www.ewido.net/en/download/updates/. Do not run a scan yet.


------------------------------------------------------------------

Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).

Run Ewido. Click on scanner and click Complete System Scan and the scan will begin. During the scan it will prompt you to clean files, click OK. When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK. When the scan is finished, click the Save report button at the bottom of the screen. Save the report to your desktop and close Ewido.


Then reboot. Run a new scan with HijackThis, and post that and the Ewido log back here for review please.
Reply With Quote
  #4  
Old March 24th, 2006, 09:54 PM
dooley988 dooley988 is offline
New Member
  
Join Date: Mar 2006
Posts: 3
Talking
It worked!!! thank you so much.. here are the logs just to be sure.

Symantec Adware.Istbar / Trojan.ISTsvc Removal Tool 1.1.0


registry: HKEY_USERS\S-1-5-21-746137067-1770027372-839522115-1003\Software\IST (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\ISTsvc (key deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Uninstall\ISTsvc (key deleted)
registry: HKEY_USERS\S-1-5-21-746137067-1770027372-839522115-1003\Software\Microsoft\Internet Explorer\Main: BandRest (value deleted)
registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main: BandRest (value deleted)

C:\System Volume Information: (not scanned)
Adware.Istbar has not been found on your computer.


--------------------------------------------------------------------------

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 3:48:32 PM, 3/24/2006
+ Report-Checksum: 8237B444

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{FFF4E223-7019-4ce7-BE03-D7D3C8CCE884} -> Adware.Shorty : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj -> Adware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CLSID -> Adware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj\CurVer -> Adware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Classes\Ysb.YsbObj.1 -> Adware.YourSiteBar : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uni nstall\YourSiteBar -> Adware.ISTBar : Cleaned with backup
HKLM\SOFTWARE\YourSiteBar -> Adware.ISTBar : Cleaned with backup
HKU\S-1-5-21-746137067-1770027372-839522115-1003\Software\DNS -> Adware.Shorty : Cleaned with backup
HKU\S-1-5-21-746137067-1770027372-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext \Stats\{6001CDF7-6F45-471B-A203-0225615E35A7} -> Adware.Generic : Cleaned with backup
C:\at.exe -> Backdoor.Rbot.adx : Cleaned with backup
C:\Documents and Settings\John Cs\astr.exe -> Downloader.VB.na : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@adopt.specificclick[2].txt -> TrackingCookie.Specificclick : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@ads.addynamix[1].txt -> TrackingCookie.Addynamix : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@ads.pointroll[2].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@ads1.revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@banners.searchingbooth[2].txt -> TrackingCookie.Searchingbooth : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@c.enhance[1].txt -> TrackingCookie.Enhance : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@c5.zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@data.coremetrics[1].txt -> TrackingCookie.Coremetrics : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@data2.perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@edge.ru4[1].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@highbeam.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@hypertracker[1].txt -> TrackingCookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@media.top-banners[1].txt -> TrackingCookie.Top-banners : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@paypopup[1].txt -> TrackingCookie.Paypopup : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@qksrv[2].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@revenue[2].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@targetnet[1].txt -> TrackingCookie.Targetnet : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@valueclick[2].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\John Cs\Cookies\john cs@zedo[1].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Documents and Settings\John Cs\Desktop\backups\backup-20060323-153450-791.dll -> Hijacker.Small.jf : Cleaned with backup
C:\Documents and Settings\John Cs\im.exe -> Not-A-Virus.PSWTool.Win32.Messen.103 : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\131304_912_1716_1204_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\131304_912_1716_1216_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\131304_912_1716_1432_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\196938_912_1716_1148_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\196938_912_1716_1416_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\262580_1656_2868_3020_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\262580_1656_2868_3024_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\459080_1516_3828_228_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\459386_2300_1584_3060_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\589968_1656_2868_3032_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\65996_1656_2868_3012_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\65996_1656_2868_3016_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\66194_1656_2868_3028_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\983202_3640_1440_3680_79.41.tst -> Trojan.EliteBar.h : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@advertising[2].txt -> TrackingCookie.Advertising : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@atdmt[2].txt -> TrackingCookie.Atdmt : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@bluestreak[1].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@casalemedia[1].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@doubleclick[1].txt -> TrackingCookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@media.fastclick[1].txt -> TrackingCookie.Fastclick : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@mediaplex[2].txt -> TrackingCookie.Mediaplex : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@project2.realtracker[2].txt -> TrackingCookie.Realtracker : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@tacoda[1].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\Cookies\john cs@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_29B.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_8E31.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_B1DB.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_C14C.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_C89F.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_D495.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_D793.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_D968.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_E241.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\k_E33.tmp -> Trojan.EliteBar.f : Cleaned with backup
C:\Documents and Settings\John Cs\Local Settings\Temp\s67YvF.exe -> Downloader.IstBar.mx : Cleaned with backup
C:\Documents and Settings\John Cs\pwha.exe -> Not-A-Virus.PSWTool.Win32.PassView.162 : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.x : Cleaned with backup
C:\keyboard2.exe -> Downloader.VB.yn : Cleaned with backup
C:\keyboard3.exe -> Downloader.VB.yv : Cleaned with backup
C:\mousepad3.exe -> Hijacker.VB.lv : Cleaned with backup
C:\MTE3NDI6ODoxNg.exe -> Downloader.Small.buy : Cleaned with backup
C:\newname2.exe -> Downloader.Adload.aa : Cleaned with backup
C:\newname3.exe -> Downloader.VB.ri : Cleaned with backup
C:\Program Files\Common Files\Download\freeprodtb.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\mc-58-12-0000137.exe -> Downloader.Small.bqq : Cleaned with backup
C:\Program Files\Common Files\services.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\Common Files\system32.dll/gui.exe -> Downloader.Agent.rv : Cleaned with backup
C:\Program Files\Common Files\Windows\mc-110-12-0000137.exe -> Dropper.Agent.aac : Cleaned with backup
C:\Program Files\Common Files\Windows\services32.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\ISTsvc -> Adware.ISTBar : Cleaned with backup
C:\Program Files\ISTsvc\istsvc.exe -> Adware.ISTBar : Cleaned with backup
C:\Program Files\MsMovies\MsMovies.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\MsMovies\p.zip/Video.exe -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\MsMovies\v.tmp -> Dropper.WinAD.h : Cleaned with backup
C:\Program Files\Network\ipnetwork.exe -> Adware.Maxifiles : Cleaned with backup
C:\Program Files\winsupdater\a.tmp -> Worm.VB.an : Cleaned with backup
C:\Program Files\winsupdater\a.zip/Setup.exe -> Worm.VB.an : Cleaned with backup
C:\WINDOWS\DH.dll -> Hijacker.Small.jf : Cleaned with backup
C:\WINDOWS\eosxwwac.exe -> Downloader.IstBar.ij : Cleaned with backup
C:\WINDOWS\etb\nt_hide79.dll -> Trojan.EliteBar.h : Cleaned with backup
C:\WINDOWS\etb\pokapoka79.exe -> Trojan.EliteBar.h : Cleaned with backup
C:\WINDOWS\mousepad4.exe -> Hijacker.VB.lv : Cleaned with backup
C:\WINDOWS\newfrn.exe -> Hijacker.VB.is : Cleaned with backup
C:\WINDOWS\newname5.exe -> Downloader.Adload.ae : Cleaned with backup
C:\WINDOWS\system32\ad.html -> Hijacker.Agent.e : Cleaned with backup
C:\WINDOWS\system32\mqexdlm.srg -> Adware.BargainBuddy : Cleaned with backup
C:\WINDOWS\system32\winlog.exe -> Backdoor.Rbot.adx : Cleaned with backup
C:\WINDOWS\wallpap.exe -> Hijacker.Agent.gp : Cleaned with backup
C:\WINDOWS\xqlyye.exe -> Downloader.IstBar.ij : Cleaned with backup


::Report End

--------------------------------------------------------------------------

Logfile of HijackThis v1.99.1
Scan saved at 3:52:43 PM, on 3/24/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\Explorer.EXE
C:\windows\system32\spoolsv.exe
C:\program files\valve\steam\steam.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\windows\System32\svchost.exe
C:\windows\system32\wuauclt.exe
C:\Documents and Settings\John Cs\Desktop\HijackThis.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe



Thank you so much!!!
Reply With Quote
  #5  
Old March 24th, 2006, 11:00 PM
Jintan's Avatar
Jintan Jintan is offline
Cyber Tech Help Moderator
  
Join Date: Dec 2004
Posts: 52,284
Yes, those tools did a handy job of it. That last HijackThis post appears very incomplete. Was it run in Safe Mode? Please do a fresh scan with HijackThis and post that back here.


Also, Go here for an online AV scan.

Scan "Local Disks" and when finished save the scan log and then post the log here.
Reply With Quote
Reply

Bookmarks

« Previous Topic | Next Topic »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
Nasty Virus...need help Cris_Toth Windows 7 2 January 10th, 2012 02:45 AM
Nasty virus!!!! chuckweis Malware Removal 29 March 13th, 2009 03:43 AM
Nasty virus idiotmyshkin Windows XP 5 October 29th, 2008 01:54 AM
Please help with another nasty Virus marvontherim Malware Removal 17 August 2nd, 2007 09:54 PM
Please help me get rid of this nasty virus zymase Malware Removal 7 February 28th, 2005 03:25 AM


All times are GMT +1. The time now is 05:50 AM.