Hi,
After carrying out your instructions above and booting into ‘normal’ mode, ewido picked up 2 viruses, oops sorry I got rid of them so quick I didn’t see what they were
.
Here are the two reports you requested, thank you again.
Linda
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 20:48:47, 15/06/2005
+ Report-Checksum: A2539A35
+ Date of database: 15/06/2005
+ Version of scan engine: v3.0
+ Duration: 54 min
+ Scanned Files: 63208
+ Speed: 19.23 Files/Second
+ Infected files: 107
+ Removed files: 107
+ Files put in quarantine: 107
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0
+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes
+ Scanned items:
C:\
X:\
Y:\
Z:\
+ Scan result:
C:\Documents and Settings\Linda Gillan\Cookies\linda gillan@advertising[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\Cookies\linda gillan@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\Cookies\linda gillan@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\Cookies\linda gillan@mediaplex[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\Cookies\linda
gillan@servedby.advertising[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\Local Settings\Temporary Internet Files\Content.IE5\AQ9SZOV5\dsldbaccess[1].exe -> Spyware.Hijacker.Generic -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\My Documents\Sonic\Backup Job.boe/IECookies/dave@atdmt[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\My Documents\Sonic\Backup Job.boe/IECookies/dave@bluestreak[2].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\My Documents\Sonic\Backup Job.boe/IECookies/dave@doubleclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\My Documents\Sonic\Backup Job.boe/IECookies/dave@valueclick[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\Documents and Settings\Linda Gillan\My Documents\Sonic\one\IECookies\dave@www.vibrantmedia[1].txt -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\ixplore.exe -> Trojan.Agent.am -> Cleaned with backup
C:\lf_1A8.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\lf_288.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\lf_474.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\lf_864.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\lf_8C0.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\lf_95C.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\lf_E38.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\lf_F14.tmp -> TrojanDownloader.Dluca -> Cleaned with backup
C:\Program Files\Norton AntiVirus\Quarantine\41322A1F.class -> Trojan.Java.ClassLoader.c -> Cleaned with backup
C:\Program Files\Norton AntiVirus\Quarantine\57910CF9.class -> Trojan.Java.ClassLoader.c -> Cleaned with backup
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\33161412-C563-4F45-95D1-87F446\A67B4E36-7F74-4686-8FF0-4C454D -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\416B47B5-D1FD-42CA-8058-0AD64C\FED9B31C-11FA-407F-AA17-1FCB18 -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\45555319-BB83-410D-8375-18D4CB\46BBF633-C41E-4ADD-833C-6C2B0F -> Trojan.Agent.db -> Cleaned with backup
C:\Program Files\Sunbelt Software\CounterSpy Client\Quarantine\730A8407-0898-4DEF-B052-CF167B\80875C39-5FF4-4908-8D2D-1CFAFB -> Trojan.Agent.db -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116509.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116510.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116600.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116821 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116822 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116831 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116851 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116860 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116885 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116890 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116891 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116892 -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116899 -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116900 -> Trojan.Agent.db -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116912.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00116920.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117140 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117143 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117151 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117154 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117155 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117161 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117166 -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117167 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117168 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117223.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117232.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117623.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117631.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117632.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117802 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117808 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117811 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117819 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117822 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117823 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117829 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117834 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117835 -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117836 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117842 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117845 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117853 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117859 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117864 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117865 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117866 -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\NPROTECT\00117867 -> Trojan.Agent.db -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118002.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118092.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118100.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118276 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118277 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118286 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118306 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118315 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118333 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118383.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118397.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118573 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118574 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118583 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118603 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118612 -> Spyware.Tracking-Cookie -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118635 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118640 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118641 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118642 -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118645 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118650 -> Trojan.Stervis.c -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118651 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118652 -> Trojan.Agent.db -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118653 -> Trojan.Nail -> Cleaned with backup
C:\RECYCLER\NPROTECT\00118757.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\lloeshqksuc.exe -> Spyware.BetterInternet -> Cleaned with backup
C:\WINDOWS\Nail.exe -> Trojan.Nail -> Cleaned with backup
C:\WINDOWS\system32\6797.exe -> Trojan.Agent.am -> Cleaned with backup
C:\WINDOWS\system32\aaepynwo.exe -> TrojanDownloader.Dluca -> Cleaned with backup
C:\WINDOWS\system32\lwbogmt.exe -> Trojan.Agent.cp -> Cleaned with backup
C:\WINDOWS\system32\nkfrfesl.exe -> TrojanDownloader.Dluca -> Cleaned with backup
C:\WINDOWS\system32\nnedewii.exe -> TrojanDownloader.Dluca -> Cleaned with backup
::Report End
Logfile of HijackThis v1.99.1
Scan saved at 20:58:04, on 15/06/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Winamp3\winampa.exe
C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
C:\Program Files\uy3khk20\uy3khk20.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\Washer\washer.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\uy3khk20\68172470.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\uy3khk20\uy3khk20.exe
C:\Documents and Settings\Linda Gillan\Desktop\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL =
http://www.popupsearches.com/sidesearch.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
http://www.euro.dell.com/countries/uk/e ... efault.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://www.dogpile.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext =
http://www.euro.dell.com/countries/uk/e ... efault.htm
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\Nail.exe
O2 - BHO: (no name) - {00000000-0000-4075-A63B-6D35FCF7DE30} - C:\Program Files\uy3khk20\uy3khk20.dll
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp3\winampa.exe"
O4 - HKLM\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe"
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [msnappau] "C:\Program Files\MSN Apps\Updater\01.02.3000.1001\en-gb\msnappau.exe"
O4 - HKLM\..\Run: [sunasDtServ] C:\Program Files\Sunbelt Software\CounterSpy Client\sunasDtServ.exe
O4 - HKLM\..\Run: [uy3khk20] C:\Program Files\uy3khk20\uy3khk20.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe "Linda Gillan"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /0
O4 - HKCU\..\Run: [Washer] C:\Program Files\Washer\washer.exe /0
O4 - Global Startup: Device Detector 2.lnk = C:\Program Files\Olympus\DeviceDetector\DevDtct2.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel -
res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -
http://ak.imgfarm.com/images/nocache/fu ... .0.0.8.exe
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2004 ... scan53.cab
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) -
http://www.worldwinner.com/games/shared/wwlaunch.cab
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe