|
Logfile of HijackThis v1.98.2 - rtmanuel
Reference:
Here is what you should do.
End the below suspicious process :
C: \ Program Files \ ClockSync \ Sync.exe
C: \ PROGRA~1 \ ezula \ mmod.exe
C: \ WINDOWS \ system32 \ t?skmgr.exe
C: \ Documents and Settings \ Robert Manuel \ Application Data \ aclo.exe
Remove these additional browser plug-in keys (O2...O4):
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C: \ PROGRAM FILES \ MYWAY \ MYBAR \ 1.BIN \ MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ PROGRAM FILES \ ADOBE \ ACROBAT 5.0 \ READER \ ACTIVEX \ ACROIEHELPER.OCX
O2 - BHO: (no name) - {3BA9600F-B344-5892-8752-63550E822E4D} - C: \ WINDOWS \ system32 \ uwmqz.dll
O2 - BHO: (no name) - {3CAF630B-BC18-5D92-8752-63550E837947} - (no file)
O2 - BHO: (no name) - {3CFB6C0F-EA4C-0EC4-8752-63550ED8244F} - (no file)
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C: \ PROGRAM FILES \ MYWAY \ MYBAR \ 1.BIN \ MYBAR.DLL
O4 - HKLM \ .. \ Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM \ .. \ Run: [Windows Update] C: \ WINDOWS \ System32 \ gdtugg.exe
O4 - HKLM \ .. \ Run: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKLM \ .. \ Run: [WhenUSave] C: \ PROGRA~1 \ Save \ Save.exe
O4 - HKLM \ .. \ RunServices: [Miscrosoft Instant Messager] msbb.exe
O4 - HKLM \ .. \ RunServices: [Microsoft Update Machine] systemse.exe
O4 - HKLM \ .. \ RunServices: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKCU \ .. \ Run: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKCU \ .. \ Run: [Microsoft Update Machine] systemse.exe
O4 - HKCU \ .. \ Run: [ClockSync] "C: \ Program Files \ ClockSync \ Sync.exe" / q
O4 - HKCU \ .. \ Run: [eZmmod] C: \ PROGRA~1 \ ezula \ mmod.exe
O4 - HKCU \ .. \ Run: [Jcorxlh] C: \ WINDOWS \ system32 \ t?skmgr.exe
O4 - HKCU \ .. \ Run: [Maer] C: \ Documents and Settings \ Robert Manuel \ Application Data \ aclo.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
Remove these extra items in IE menu (O8...O9):
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
Remove these ActiveX Objects (aka Downloaded Program Files) if you are not using them (O16):
O16 - DPF: Win32 Classes -
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - website: xxxtoolbar.com / ist / softwares / v4.0 / 0006_adult.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - website: esb.alcena.com / ESBAdultInstaller.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - website: mt-download.com / MediaTicketsInstaller.cab
Reboot the computer and put it to safe mode. Then delete these files from your C: drive.
C: \ Program Files \ ClockSync \ Sync.exe
C: \ PROGRA~1 \ ezula \ mmod.exe
C: \ WINDOWS \ system32 \ t?skmgr.exe
C: \ Documents and Settings \ Robert Manuel \ Application Data \ aclo.exe
Original log but with private information removed.
Scan saved at 5:32:29 PM, on 20 / 11 / 2004
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C: \ WINDOWS \ System32 \ smss.exe
C: \ WINDOWS \ system32 \ winlogon.exe
C: \ WINDOWS \ system32 \ services.exe
C: \ WINDOWS \ system32 \ lsass.exe
C: \ WINDOWS \ system32 \ svchost.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ WINDOWS \ system32 \ spoolsv.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccSetMgr.exe
C: \ Program Files \ Common Files \ Microsoft Shared \ VS7DEBUG \ MDM.EXE
C: \ Program Files \ Norton AntiVirus \ navapsvc.exe
C: \ Program Files \ Norton AntiVirus \ SAVScan.exe
C: \ WINDOWS \ System32 \ svchost.exe
C: \ Program Files \ Common Files \ Symantec Shared \ CCPD-LC \ symlcsvc.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccEvtMgr.exe
C: \ Program Files \ Common Files \ Symantec Shared \ Security Center \ SymWSC.exe
C: \ WINDOWS \ SYSTEM32 \ USRmlnkA.exe
C: \ PROGRA~1 \ TEXTBR~1.0 \ BIN \ INSTAN~1.EXE
C: \ WINDOWS \ SYSTEM32 \ USRshutA.exe
C: \ WINDOWS \ SYSTEM32 \ USRmlnkA.exe
C: \ Program Files \ Microsoft Hardware \ Keyboard \ type32.exe
C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe
C: \ WINDOWS \ system32 \ ctfmon.exe
C: \ Program Files \ ClockSync \ Sync.exe
C: \ PROGRA~1 \ ezula \ mmod.exe
C: \ WINDOWS \ system32 \ t?skmgr.exe
C: \ Documents and Settings \ Robert Manuel \ Application Data \ aclo.exe
C: \ WINDOWS \ explorer.exe C: \ Program Files \ MSN Messenger \ msnmsgr.exe
C: \ Program Files \ Evidence Eliminator \ Ee.exe
C: \ PROGRA~1 \ WINZIP \ winzip32.exe
C: \ Documents and Settings \ Robert Manuel \ Local Settings \ Temp \ HijackThis.exe
C: \ Program Files \ Messenger \ msmsgs.exe
R0 - HKCU \ Software \ Microsoft \ Internet Explorer \ Main,Start Page = website: google.ca / R0 - HKLM \ Software \ Microsoft \ Internet Explorer \ Main,Local Page = C: \ WINDOWS \ SYSTEM \ blank.htm
R1 - HKCU \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet Settings,ProxyOverride = 127.0.0.1
O2 - BHO: NavErrRedir Class - {00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
O2 - BHO: myBar BHO - {0494D0D1-F8E0-41ad-92A3-14154ECE70AC} - C: \ PROGRAM FILES \ MYWAY \ MYBAR \ 1.BIN \ MYBAR.DLL
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C: \ PROGRAM FILES \ ADOBE \ ACROBAT 5.0 \ READER \ ACTIVEX \ ACROIEHELPER.OCX
O2 - BHO: (no name) - {3BA9600F-B344-5892-8752-63550E822E4D} - C: \ WINDOWS \ system32 \ uwmqz.dll
O2 - BHO: (no name) - {3CAF630B-BC18-5D92-8752-63550E837947} - (no file)
O2 - BHO: (no name) - {3CFB6C0F-EA4C-0EC4-8752-63550ED8244F} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O3 - Toolbar: My &Search Bar - {0494D0D9-F8E0-41ad-92A3-14154ECE70AC} - C: \ PROGRAM FILES \ MYWAY \ MYBAR \ 1.BIN \ MYBAR.DLL
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C: \ Program Files \ Norton AntiVirus \ NavShExt.dll
O4 - HKLM \ .. \ Run: [USRpdA] C: \ WINDOWS \ SYSTEM32 \ USRmlnkA.exe RunServices \ Device \ 3cpipe-USRpdA
O4 - HKLM \ .. \ Run: [SystemTray] SysTray.Exe
O4 - HKLM \ .. \ Run: [InstantAccess] C: \ PROGRA~1 \ TEXTBR~1.0 \ BIN \ INSTAN~1.EXE / h
O4 - HKLM \ .. \ Run: [Microsoft Update Machine] systemse.exe
O4 - HKLM \ .. \ Run: [AdaptecDirectCD] C: \ Program Files \ Adaptec \ Easy CD Creator 5 \ DirectCD \ DirectCD.exe
O4 - HKLM \ .. \ Run: [%%DELETE_VALUE%%] CreateCD50
O4 - HKLM \ .. \ Run: [Windows Update] C: \ WINDOWS \ System32 \ gdtugg.exe
O4 - HKLM \ .. \ Run: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKLM \ .. \ Run: [IntelliType] "C: \ Program Files \ Microsoft Hardware \ Keyboard \ type32.exe"
O4 - HKLM \ .. \ Run: [ccApp] "C: \ Program Files \ Common Files \ Symantec Shared \ ccApp.exe"
O4 - HKLM \ .. \ Run: [WhenUSave] C: \ PROGRA~1 \ Save \ Save.exe
O4 - HKLM \ .. \ RunServices: [Miscrosoft Instant Messager] msbb.exe
O4 - HKLM \ .. \ RunServices: [Microsoft Update Machine] systemse.exe
O4 - HKLM \ .. \ RunServices: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKCU \ .. \ Run: [NAVSCAN32.EXE] NAVSCAN32.exe
O4 - HKCU \ .. \ Run: [Microsoft Update Machine] systemse.exe
O4 - HKCU \ .. \ Run: [ctfmon.exe] C: \ WINDOWS \ system32 \ ctfmon.exe
O4 - HKCU \ .. \ Run: [ClockSync] "C: \ Program Files \ ClockSync \ Sync.exe" / q
O4 - HKCU \ .. \ Run: [eZmmod] C: \ PROGRA~1 \ ezula \ mmod.exe
O4 - HKCU \ .. \ Run: [Jcorxlh] C: \ WINDOWS \ system32 \ t?skmgr.exe
O4 - HKCU \ .. \ Run: [Maer] C: \ Documents and Settings \ Robert Manuel \ Application Data \ aclo.exe
O4 - Global Startup: Microsoft Office.lnk = C: \ Program Files \ Microsoft Office \ Office \ OSA9.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res: / / C: \ PROGRA~1 \ MICROS~1 \ OFFICE11 \ EXCEL.EXE / 3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \ WINDOWS \ SYSTEM32 \ MSJAVA.DLL
O9 - Extra ´Tools´ menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C: \ WINDOWS \ SYSTEM32 \ MSJAVA.DLL
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C: \ PROGRA~1 \ MICROS~1 \ OFFICE11 \ REFIEBAR.DLL
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: \ Program Files \ Messenger \ msmsgs.exe
O9 - Extra ´Tools´ menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C: \ Program Files \ Messenger \ msmsgs.exe
O12 - Plugin for .pdf: C: \ PROGRA~1 \ INTERN~1 \ PLUGINS \ nppdf32.dll
O12 - Plugin for .spop: C: \ PROGRA~1 \ INTERN~1 \ Plugins \ NPDocBox.dll
O16 - DPF: Win32 Classes -
O16 - DPF: {2359626E-7524-4F87-B04E-22CD38A0C88C} (ICSScannerLight Class) - website: download.zonelabs.com / bin / free / cm / ICSCM.cab
O16 - DPF: {386A771C-E96A-421F-8BA7-32F1B706892F} (Installer Class) - website: xxxtoolbar.com / ist / softwares / v4.0 / 0006_adult.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - website: a1540.g.akamai.net / 7 / 1540 / 52 / 20021205 / qtinstall.info.apple.com / borris / us / win / QuickTimeInstaller.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - website: a840.g.akamai.net / 7 / 840 / 537 / d052c1d7d32ead / housecall.antivirus.com / housecall / xscan53.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - website: esb.alcena.com / ESBAdultInstaller.ocx
O16 - DPF: {9EB320CE-BE1D-4304-A081-4B4665414BEF} (MediaTicketsInstaller Control) - website: mt-download.com / MediaTicketsInstaller.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - website: chat.msn.com / bin / msnchat45.cab
|
Post your comment