Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 22

Thread: [LOGS] desktop hijack - Warning! Spyware detected on your computer.....

  1. #11
    Junior Member
    Join Date
    Mar 2006
    Posts
    14

    Default

    Lonny,

    I have been unable to send attachments to the site all day today, and unable to patch the log files into a message, either.

    Can I send the log files to you via an alternate method?

    sincerely,
    Derek

  2. #12
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Attach them at this forum please, there's no size limit there.
    http://www.thespykiller.co.uk/forum/index.php?board=1.0

  3. #13
    Junior Member
    Join Date
    Mar 2006
    Posts
    14

    Default

    Lonny,

    I was able to post the files at the forum. Here is the link.

    Derek


    http://www.thespykiller.co.uk/forum/...p?topic=1250.0

  4. #14
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    Nothing attached there, either try again or post them here, might have to post half a log at a time if they are to large.

  5. #15
    Junior Member
    Join Date
    Mar 2006
    Posts
    14

    Default

    Lonny,

    Please check the link below now. I zipped and attached the files.

    If you are still unable to view the files, please let me know if there are any other alternatives....

    Sincerely,

    Derek

    http://www.thespykiller.co.uk/forum/...p?topic=1250.0

  6. #16
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    I lost tract of your thread, sorry

    Describe your problems attaching or posting log here.
    Mention the current problems (again) please

    And if possible post not attach a current hijackthis log
    StartupList report, 3/6/2006, 3:26:38 PM
    StartupList version: 1.52.2
    Started from : C:\Program Files\Hijackthis\HijackThis.EXE
    Detected: Windows 2000 SP4 (WinNT 5.00.2195)
    Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)

    --------------------------------------------------
    Enumerating Windows NT/2000/XP services
    Microsoft ACPI Driver: System32\DRIVERS\ACPI.sys (system)
    AFD Networking Support Environment: \SystemRoot\System32\drivers\afd.sys (autostart)
    Intel AGP Bus Filter: System32\DRIVERS\agp440.sys (system)
    Alerter: %SystemRoot%\System32\services.exe (manual start)
    Application Management: %SystemRoot%\system32\services.exe (manual start)
    ASP.NET State Service: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (manual start)
    RAS Asynchronous Media Driver: System32\DRIVERS\asyncmac.sys (manual start)
    Standard IDE/ESDI Hard Disk Controller: System32\DRIVERS\atapi.sys (system)
    Ati HotKey Poller: %SystemRoot%\System32\ati2plab.exe (autostart)
    ati2mpab: System32\DRIVERS\ati2mpab.sys (manual start)
    atirage3: System32\DRIVERS\atimpab.sys (manual start)
    ATM ARP Client Protocol: System32\DRIVERS\atmarpc.sys (manual start)
    Audio Stub Driver: System32\DRIVERS\audstub.sys (manual start)
    pcAnywhere Host Service: C:\Program Files\Symantec\pcAnywhere\awhost32.exe (manual start)
    awlegacy: \SystemRoot\System32\Drivers\awlegacy.sys (system)
    AW_HOST: system32\drivers\aw_host5.sys (disabled)
    Background Intelligent Transfer Service: %SystemRoot%\System32\svchost.exe -k BITSgroup (manual start)
    Computer Browser: %SystemRoot%\System32\services.exe (autostart)
    CA License Client: C:\CA_LIC\lic98rmt.exe (manual start)
    CA License Server: C:\CA_LIC\lic98rmtd.exe (manual start)
    LANDesk(R) Management Agent: "C:\Program Files\LANDesk\Shared Files\residentagent.exe" (autostart)
    Closed Caption Decoder: System32\DRIVERS\CCDECODE.sys (manual start)
    cdrmkaun: \??\C:\DOCUME~1\dbain.SMC\LOCALS~1\Temp\cdrmkaun.sys (manual start)
    CD-ROM Driver: System32\DRIVERS\cdrom.sys (system)
    Indexing Service: C:\WINNT\System32\cisvc.exe (manual start)
    ClipBook: %SystemRoot%\system32\clipsrv.exe (manual start)
    ClntMgmt: \SystemRoot\System32\Drivers\ClntMgmt.sys (system)
    Microsoft ACPI Control Method Battery Driver: System32\DRIVERS\CmBatt.sys (manual start)
    Microsoft Composite Battery Driver: System32\DRIVERS\compbatt.sys (system)
    Compaq Remote Diagnostics Enabling Agent: C:\WINNT\CPQDIAG\CPQDFWAG.EXE (autostart)
    DHCP Client: %SystemRoot%\System32\services.exe (autostart)
    Disk Driver: System32\DRIVERS\disk.sys (system)
    Logical Disk Manager Administrative Service: %SystemRoot%\System32\dmadmin.exe /com (manual start)
    dmboot: System32\drivers\dmboot.sys (disabled)
    Logical Disk Manager Driver: System32\drivers\dmio.sys (system)
    dmload: System32\drivers\dmload.sys (disabled)
    Logical Disk Manager: %SystemRoot%\System32\services.exe (autostart)
    Microsoft DirectMusic SW Synth (WDM): system32\drivers\DMusic.sys (manual start)
    DNS Client: %SystemRoot%\System32\services.exe (autostart)
    Intel(R) PRO Adapter Driver: System32\DRIVERS\e100bnt5.sys (manual start)
    EntDrv50: \??\C:\WINNT\system32\drivers\EntDrv50.sys (manual start)
    Event Log: %SystemRoot%\system32\services.exe (autostart)
    COM+ Event System: C:\WINNT\System32\svchost.exe -k netsvcs (manual start)
    ewido security suite control: C:\Program Files\ewido anti-malware\ewidoctrl.exe (autostart)
    ewido security suite driver: \??\C:\Program Files\ewido anti-malware\guard.sys (system)
    ewido security suite guard: C:\Program Files\ewido anti-malware\ewidoguard.exe (autostart)
    Fax Service: %systemroot%\system32\faxsvc.exe (manual start)
    Floppy Disk Controller Driver: System32\DRIVERS\fdc.sys (manual start)
    McAfee Desktop Firewall: \??\C:\WINNT\system32\Drivers\Firehk5x.sys (system)
    firelm01: \??\C:\WINNT\system32\drivers\firelm01.sys (manual start)
    McAfee Desktop Firewall Policy Manager Driver: System32\Drivers\FirePM.sys (system)
    McAfee Desktop Firewall Service: "C:\Program Files\Network Associates\McAfee Desktop Firewall for Windows 2000\FireSvc.exe" (autostart)
    McAfee Desktop Firewall TDI Driver: \??\C:\WINNT\system32\Drivers\FireTDI.sys (system)
    Floppy Disk Driver: System32\DRIVERS\flpydisk.sys (manual start)
    Volume Manager Driver: System32\DRIVERS\ftdisk.sys (system)
    Game Port Enumerator: System32\DRIVERS\gameenum.sys (manual start)
    Microsoft SideWinder Value Add - Filter Driver: System32\DRIVERS\GcKernel.sys (manual start)
    Generic Packet Classifier: System32\DRIVERS\msgpc.sys (manual start)
    Microsoft SideWinder Virtual HID Device Mini-Driver: System32\DRIVERS\HIDSwvd.sys (manual start)
    Microsoft HID Class Driver: System32\DRIVERS\hidusb.sys (autostart)
    i8042 Keyboard and PS/2 Mouse Port Driver: System32\DRIVERS\i8042prt.sys (system)
    idisw2km: System32\DRIVERS\idisw2km.sys (disabled)
    Intel Local Scheduler Service: C:\Program Files\LANDesk\LDClient\LocalSch.EXE (autostart)
    Intel PDS: C:\WINNT\system32\CBA\pds.exe (autostart)
    Intel QIP Client Service: C:\Program Files\LANDesk\LDClient\qipclnt.exe (autostart)
    LANDesk Targeted Multicast: C:\Program Files\LANDesk\LDClient\tmcsvc.exe (autostart)
    IntelIde: System32\DRIVERS\intelide.sys (system)
    IP Traffic Filter Driver: System32\DRIVERS\ipfltdrv.sys (manual start)
    IP in IP Tunnel Driver: System32\DRIVERS\ipinip.sys (manual start)
    IP Network Address Translator: System32\DRIVERS\ipnat.sys (manual start)
    IPSEC driver: System32\DRIVERS\ipsec.sys (manual start)
    IrDA Protocol: System32\DRIVERS\irda.sys (autostart)
    IR Enumerator Service: System32\DRIVERS\irenum.sys (manual start)
    Infrared Monitor: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    PnP ISA/EISA Bus Driver: System32\DRIVERS\isapnp.sys (system)
    Ixia Performance Endpoint: C:\PROGRA~1\Ixia\Endpoint\endpoint.exe (autostart)
    Keyboard Class Driver: System32\DRIVERS\kbdclass.sys (system)
    Keyboard HID Driver: System32\DRIVERS\kbdhid.sys (system)
    SMS Virtual Input Device: System32\DRIVERS\kbstuff5.sys (manual start)
    Microsoft Kernel Wave Audio Mixer: system32\drivers\kmixer.sys (manual start)
    Server: %SystemRoot%\System32\services.exe (autostart)
    Workstation: %SystemRoot%\System32\services.exe (autostart)
    LicCtrl Service: C:\WINNT\runservice.exe (autostart)
    TCP/IP NetBIOS Helper Service: %SystemRoot%\System32\services.exe (autostart)
    Event Log Watch: C:\CA_LIC\LogWatNT.exe (autostart)
    Lucent Modem Driver: System32\DRIVERS\ltmdmnt.sys (manual start)
    ESS Maestro Audio Driver (WDM): system32\drivers\maestro.sys (manual start)
    McAfee Framework Service: "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" /ServiceStart (autostart)
    Network Associates McShield: "C:\Program Files\Network Associates\VirusScan\Mcshield.exe" (autostart)
    Network Associates Task Manager: "C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe" (autostart)
    Machine Debug Manager: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe" (autostart)
    Messenger: %SystemRoot%\System32\services.exe (disabled)
    NetMeeting Remote Desktop Sharing: C:\WINNT\System32\mnmsrvc.exe (manual start)
    Mouse Class Driver: System32\DRIVERS\mouclass.sys (system)
    BDA MPE Filter: System32\DRIVERS\MPE.sys (manual start)
    MRXSMB: System32\DRIVERS\mrxsmb.sys (system)
    Distributed Transaction Coordinator: C:\WINNT\System32\msdtc.exe (manual start)
    Windows Installer: C:\WINNT\System32\MsiExec.exe /V (manual start)
    Microsoft Streaming Service Proxy: system32\drivers\MSKSSRV.sys (manual start)
    Microsoft Streaming Clock Proxy: system32\drivers\MSPCLOCK.sys (manual start)
    Microsoft Streaming Quality Manager Proxy: system32\drivers\MSPQM.sys (manual start)
    Microsoft Streaming Tee/Sink-to-Sink Converter: system32\drivers\MSTEE.sys (manual start)
    Microsoft MPU-401 MIDI UART Driver: system32\drivers\msmpu401.sys (manual start)
    NABTS/FEC VBI Codec: System32\DRIVERS\NABTSFEC.sys (manual start)
    NaiAvFilter1: system32\drivers\naiavf5x.sys (manual start)
    NaiAvTdi1: system32\drivers\mvstdi5x.sys (system)
    Remote Access NDIS TAPI Driver: System32\DRIVERS\ndistapi.sys (manual start)
    NDIS Usermode I/O Protocol: system32\DRIVERS\ndisuio.sys (manual start)
    Remote Access NDIS WAN Driver: System32\DRIVERS\ndiswan.sys (manual start)
    NetBIOS Interface: System32\DRIVERS\netbios.sys (system)
    NetBios over Tcpip: System32\DRIVERS\netbt.sys (system)
    Network DDE: %SystemRoot%\system32\netdde.exe (manual start)
    Network DDE DSDM: %SystemRoot%\system32\netdde.exe (manual start)
    NetDetect: \SystemRoot\system32\drivers\netdtect.sys (manual start)
    Net Logon: %SystemRoot%\System32\lsass.exe (autostart)
    Network Connections: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Network Monitor Driver: system32\DRIVERS\NMnt.sys (manual start)
    NetGroup Packet Filter Driver: system32\drivers\npf.sys (manual start)
    NT LM Security Support Provider: %SystemRoot%\System32\lsass.exe (manual start)
    Removable Storage: %SystemRoot%\System32\svchost.exe -k netsvcs (autostart)
    IPX Traffic Filter Driver: System32\DRIVERS\nwlnkflt.sys (manual start)
    IPX Traffic Forwarder Driver: System32\DRIVERS\nwlnkfwd.sys (manual start)
    papycpu2: \SystemRoot\system32\drivers\papycpu2.sys (system)
    papyjoy: \SystemRoot\system32\drivers\papyjoy.sys (system)
    Parallel class driver: System32\DRIVERS\parallel.sys (manual start)
    Parallel port driver: System32\DRIVERS\parport.sys (system)
    PCI Bus Driver: System32\DRIVERS\pci.sys (system)
    Pcmcia: System32\DRIVERS\pcmcia.sys (system)
    Cisco Wireless LAN Adapters Driver: System32\DRIVERS\pcx500.sys (manual start)
    Cisco 350 Series Lower Device Filter: System32\DRIVERS\pcx500mp.sys (manual start)
    Plug and Play: %SystemRoot%\system32\services.exe (autostart)
    IPSEC Policy Agent: %SystemRoot%\System32\lsass.exe (autostart)
    WAN Miniport (PPTP): System32\DRIVERS\raspptp.sys (manual start)
    Protected Storage: %SystemRoot%\system32\services.exe (autostart)
    Direct Parallel Link Driver: System32\DRIVERS\ptilink.sys (manual start)
    Remote Access Auto Connection Driver: System32\DRIVERS\rasacd.sys (system)
    Remote Access Auto Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    WAN Miniport (IrDA Modem): System32\DRIVERS\rasirda.sys (manual start)
    WAN Miniport (L2TP): System32\DRIVERS\rasl2tp.sys (manual start)
    Remote Access Connection Manager: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Direct Parallel: System32\DRIVERS\raspti.sys (manual start)
    Microsoft Streaming Network Raw Channel Access: system32\drivers\RCA.sys (manual start)
    Rdbss: System32\DRIVERS\rdbss.sys (system)
    Digital CD Audio Playback Filter Driver: System32\DRIVERS\redbook.sys (system)
    Routing and Remote Access: %SystemRoot%\System32\svchost.exe -k netsvcs (disabled)
    Remote Registry Service: %SystemRoot%\system32\regsvc.exe (autostart)
    Remote Packet Capture Protocol v.0 (experimental): "%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" (manual start)
    Remote Procedure Call (RPC) Locator: %SystemRoot%\System32\locator.exe (manual start)
    Remote Procedure Call (RPC): %SystemRoot%\system32\svchost -k rpcss (autostart)
    QoS RSVP: %SystemRoot%\System32\rsvp.exe -s (manual start)
    Security Accounts Manager: %SystemRoot%\system32\lsass.exe (autostart)
    Smart Card Helper: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Smart Card: %SystemRoot%\System32\SCardSvr.exe (manual start)
    Task Scheduler: %SystemRoot%\system32\MSTask.exe (autostart)
    Secdrv: \??\C:\WINNT\System32\drivers\SECDRV.SYS (manual start)
    RunAs Service: %SystemRoot%\system32\services.exe (autostart)
    System Event Notification: %SystemRoot%\system32\svchost.exe -k netsvcs (autostart)
    Serenum Filter Driver: System32\DRIVERS\serenum.sys (manual start)
    Serial port driver: System32\DRIVERS\serial.sys (system)
    Serial Mouse Driver: system32\DRIVERS\sermouse.sys (manual start)
    Internet Connection Sharing: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Symbol LA-41x1/41x3 Spectrum24 Wireless LAN Card Driver: System32\DRIVERS\Sla41nd5.sys (manual start)
    BDA Slip De-Framer: System32\DRIVERS\SLIP.sys (manual start)
    SMC IrCC Miniport Device Driver: System32\DRIVERS\smcirda.sys (manual start)
    Smport: \??\C:\Oldgames\emulators\intelliv\intvwin\Smport.sys (manual start)
    SNMP Service: %SystemRoot%\System32\snmp.exe (autostart)
    SNMP Trap Service: %SystemRoot%\System32\snmptrap.exe (manual start)
    Sony Memory Stick Driver(SONYPVM1): System32\DRIVERS\SONYPVM1.SYS (system)
    Sony USB Filter Driver (SONYPVU1): System32\DRIVERS\SONYPVU1.SYS (manual start)
    Print Spooler: %SystemRoot%\system32\spoolsv.exe (autostart)
    Srv: System32\DRIVERS\srv.sys (manual start)
    BDA IPSink: System32\DRIVERS\StreamIP.sys (manual start)
    Software Bus Driver: System32\DRIVERS\swenum.sys (manual start)
    Microsoft Kernel GS Wavetable Synthesizer: system32\drivers\swmidi.sys (manual start)
    SymEvent: \??\C:\Program Files\Symantec\SYMEVENT.SYS (manual start)
    Synaptics TouchPad Driver: System32\DRIVERS\SynTP.sys (manual start)
    Microsoft System Audio Device: system32\drivers\sysaudio.sys (manual start)
    Performance Logs and Alerts: %SystemRoot%\system32\smlogsvc.exe (manual start)
    Telephony: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    TCP/IP Protocol Driver: System32\DRIVERS\tcpip.sys (system)
    Telnet: %SystemRoot%\system32\tlntsvr.exe (manual start)
    Distributed Link Tracking Client: %SystemRoot%\system32\services.exe (autostart)
    Microsoft USB Universal Host Controller Driver: System32\DRIVERS\uhcd.sys (manual start)
    Microcode Update Driver: System32\DRIVERS\update.sys (manual start)
    Uninterruptible Power Supply: %SystemRoot%\System32\ups.exe (manual start)
    Microsoft USB Standard Hub Driver: System32\DRIVERS\usbhub.sys (manual start)
    USB Mass Storage Driver: System32\DRIVERS\USBSTOR.SYS (manual start)
    Utility Manager: %SystemRoot%\System32\UtilMan.exe (manual start)
    VgaSave: \SystemRoot\System32\drivers\vga.sys (system)
    Windows Time: %SystemRoot%\System32\services.exe (autostart)
    Remote Access IP ARP Driver: System32\DRIVERS\wanarp.sys (manual start)
    Microsoft WINMM WDM Audio Compatibility Driver: system32\drivers\wdmaud.sys (manual start)
    Windows Management Instrumentation: %SystemRoot%\System32\WBEM\WinMgmt.exe (autostart)
    WMDM PMSP Service: C:\WINNT\System32\mspmspsv.exe (autostart)
    Portable Media Serial Number Service: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)
    Windows Management Instrumentation Driver Extensions: %SystemRoot%\system32\Services.exe (manual start)
    Windows Socket 2.0 Non-IFS Service Provider Support Environment: \SystemRoot\System32\drivers\ws2ifsl.sys (disabled)
    World Standard Teletext Codec: System32\DRIVERS\WSTCODEC.SYS (manual start)
    Automatic Updates: %systemroot%\system32\svchost.exe -k wugroup (autostart)
    Wireless Configuration: %SystemRoot%\System32\svchost.exe -k netsvcs (manual start)

    --------------------------------------------------

  7. #17
    Junior Member
    Join Date
    Mar 2006
    Posts
    14

    Default

    Lonny,

    My remaining issues are as follows:

    I am unable to launch IE or Windows Media Player

    wallpaper changes to white background while startup tasks are loading
    (I'm running Win2k Pro, you advised me to try something that
    seems to exist only in WinXP)

    Your most recent request was for the following logs:
    Ewido, StartupLog from Hijackthis, and winpfind.txt results
    I will try to attach them in my next reply, and I also attempted to upload them to the Spykiller forum, at this thread:
    http://www.thespykiller.co.uk/forum/...p?topic=1250.0

    Please review my log files at your earliest convenience.

    Sincerely,
    Derek

  8. #18
    Junior Member
    Join Date
    Mar 2006
    Posts
    14

    Default

    attempting to attach Ewido, startup logs, and Winpfind.txt results

    Derek

  9. #19
    Security Expert-Emeritus
    Join Date
    Oct 2005
    Posts
    5,025

    Default

    I am unable to launch IE or Windows Media Player
    expand on that if possible, like what happens when you try to run them
    wallpaper changes to white background while startup tasks are loading
    Does it ever show your wallpaper ?
    Try this
    For windows 2k: windows Control panel > display > web tab and uncheck
    Security Info or security, click apply, go to the background tab and change it to something other that what it is now click apply, now you can change it to whatever you like.

    Go here and submit both of these files one at a time and let us know if they are infected
    C:\WINNT\system32\WININET.DLL
    C:\WINNT\system32\dllcache\WININET.DLL
    http://virusscan.jotti.org/

  10. #20
    Junior Member
    Join Date
    Mar 2006
    Posts
    14

    Default

    I found the "web" tab under Display. Security or Security info is not listed as an option there. However, I unchecked Enable Active Desktop, then selected a new wallpaper photo, then I re-enabled Active Desktop. Wallpaper now appears in the background as expected.

    I re-installed Internet Explorer 6.1, and IE now works properly along with Media Player.

    I believe that finally takes care of all of the problems with my laptop computer.

    Thanks again for all of your assistance with the removal of the malware and related issues!!

    Sincerely,
    Derek

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •