Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 28.11.2024 / 13:30
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > cowabanga.exe?
Show topics
 
Forums
Forums
Cowabanga.exe?
  Jump to:
 
Posted Message
dikitty
Newbie
_ 		24. June 2006 @ 02:36 _ Link to this message    Send private message to this user   
I found this random file in my program files not two hours ago. I'm pretty sure it's malicious. Ran the HjT scan. Here it is:

Logfile of HijackThis v1.99.1
Scan saved at 3:32:09 AM, on 6/24/2006
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP2 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINNT\System32\RUNDLL32.EXE
C:\WINNT\System32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\System32\SCardSvr.exe
C:\WINNT\System32\SMBOLS~1\iexplore.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\PROGRA~1\YSTEM~1\WNLOGO~1.EXE
C:\HJT\HijackThis.exe

R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Orac] "C:\WINNT\System32\SMBOLS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Mzgg] C:\Program Files\?ystem\w?nlogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\PROGRA~1\AIM\aim.exe
O15 - Trusted Zone: *.moove.com
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx...
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O20 - AppInit_DLLs: NVDESK32.DLL C:\WINNT\System32\chkdsk.dll
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

I've been running online scanners all night, and nothing seems to have picked it up. Should I just remove it using the add/remove program option? Thanks for the help.
[ + quote]
Advertisement
_ 		__
Xeres
Junior Member
_ 		24. June 2006 @ 08:21 _ Link to this message    Send private message to this user   
Hi Dikitty:
Please download a copy of Smitfraudfix to your desktop from:http://siri.geekstogo.com/SmitfraudFix.zip unzip and save to a new folder on your destop.

Make a copy of these instructions so you have them handy as the next steps need to be done in safe mode with IE closed.

Make sure your PC is configured to show hidden files
How to Show Hidden Files
http://www.xtra.co.nz/help/0,,4155-1916458,00.html


Click Start.

Open My Computer.

Select the Tools menu and click Folder Options.

Select the View Tab.

Under the Hidden files and folders heading select Show hidden files and folders.

Uncheck the Hide protected operating system files (recommended) option.

Click Yes to confirm.

Click OK.


Reboot your PC into SAFE MODE

How to start the computer in Safe mode
http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/20010524...

Open HijackThis and choose *scan only*

Run HjT in scan mode and place a check mark to each of the following

R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKCU\..\Run: [Orac] "C:\WINNT\System32\SMBOLS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Mzgg] C:\Program Files\?ystem\w?nlogon.exe

Delete the following files and/or folders:

C:\PROGRAM FILES\STEM... (folder) Folder name is longer but begins with those letters and may contain spaces.

C:\Program Files\Common Files\?ymbols (folder) That question mark in the name is a *wild card character* and may look like an alphabet letter

If you are not sure, make a note of folder found with names similar to what you see and let me know what you found.

Next while still in safe mode open the smitfraudfix folder and run the program with option 1. It will save a file to C: Rapport.txt

Reboot in normal mode. Run HjT scan & save the log file. Post the smitfrad lrapport and the new HjT log back here.

Xeres

[ + quote]
AMDFX 60 2gig Corsair 3200 Asusmb 8armvr Dual ATI1900xt 1 Tbyt raid 0 ,XP-PRO .Do not mess in the affairs of dragons as you taste good and are cruchy.
-kemisti-
AfterDawn Addict
_ 		24. June 2006 @ 08:31 _ Link to this message    Send private message to this user   
@Xeres:This one is legit:

O4 - HKLM\..\Run: [nwiz] nwiz.exe /install

And these are purityscan ;)

O4 - HKCU\..\Run: [Orac] "C:\WINNT\System32\SMBOLS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Mzgg] C:\Program Files\?ystem\w?nlogon.exe

These need to be fixed:

O15 - Trusted Zone: *.moove.com
O20 - AppInit_DLLs: NVDESK32.DLL C:\WINNT\System32\chkdsk.dll

And this must be deleted(purityscan related):

C:\WINNT\System32\chkdsk.dll

No need for smitfraudfix, no signs in log.

@dikitty:

Look in your control panels add/remove programs for PuritySCAN By OIN, OuterInfo, OIN or similar , click on it and click remove.
Reboot and delete this folder if found:
C:\Program Files\PurityScan

If not listed, download and run this uninstaller:
http://www.outerinfo.com/OiUninstaller.exe

http://www.outerinfo.com/howto.html
Tutorial for the uninstaller if needed

Reboot when done and delete this folder if found:
C:\Program Files\PurityScan

Fix with HjT:


R3 - Default URLSearchHook is missing
O15 - Trusted Zone: *.moove.com
O20 - AppInit_DLLs: NVDESK32.DLL C:\WINNT\System32\chkdsk.dll

Download the http://www.downloads.subratam.org/KillBox.zip
Killbox.
Unzip it to the desktop

Double-click Killbox.exe to run it.

Select "Delete on Reboot".
Place the following line (complete path) in bold in the "Full Path of File to Delete" box in Killbox:
C:\WINNT\System32\chkdsk.dll
Put a mark next to "Delete on Reboot"
Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.
If your computer does not restart automatically, please restart it manually.

Send a fresh HjT log.
[ + quote]

This message has been edited since posting. Last time this message was edited on 24. June 2006 @ 08:33
dikitty
Newbie
_ 		24. June 2006 @ 15:53 _ Link to this message    Send private message to this user   
Wee, followed the instructions you gave, kemisti (no offense to Xeres).

Here's the new HjT log:

Logfile of HijackThis v1.99.1
Scan saved at 4:54:17 PM, on 6/24/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\HJT\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - HKCU\..\Run: [Orac] "C:\WINNT\System32\SMBOLS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Mzgg] C:\Program Files\?ystem\w?nlogon.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx...
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

Seems all clear? Certainly hope so. Thanks so much for you guys' help. :)
[ + quote]
-kemisti-
AfterDawn Addict
_ 		25. June 2006 @ 00:30 _ Link to this message    Send private message to this user   
Looks pretty good :)

Fix these:

O4 - HKCU\..\Run: [Orac] "C:\WINNT\System32\SMBOLS~1\iexplore.exe" -vt yazr
O4 - HKCU\..\Run: [Mzgg] C:\Program Files\?ystem\w?nlogon.exe

Reboot.

Please download and install http://www.ewido.net/en/product/ ewido anti-spyware tool

[*]]Close all other Applications] Select language click Ok
[*]Click I Agree
[*]Click next
[*]Click Install
[*]Click Finish
[*]Wait Ewido will open main screen automatically.
[*]Wait again a few minutes and Ewido Should Auto update itself. If it doesn't click update at top of screen.
[*]]This in very important to get updates
[*]When updating has finished. Close Ewido.

If you have an "always on" connection to the internet, physically disconnect that connection until you are finished with Safe Mode and have rebooted back into normal mode.
[list]
[*]Next, please reboot your computer in Safe Mode by doing the following:
[*] Restart your computer
[*] After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
[*] Instead of Windows loading as normal, a menu should appear use arrow up to highlight
[*] Select the first option, to run Windows in Safe Mode hit enter.
[*]For additional help in booting into Safe Mode, see the following site: http://www.pchell.com/support/safemode.shtml

You MUST manage to get into Safe Mode for the fix to work.

Make sure to close all open windows/programs/folders. Have nothing else open while ewido performs its scan!
[*]Open Ewido
[*]Click on scanner top of Ewido sceen
[*]Click on Settings
[*]Under How to Act click on Recommended Action choose Quarantine
[*]Under How to scan all boxes should be selected
[*]Under Possibly unwanted software all boxes should be selected
[*]On right side under Reports: click on[color=blue] Automatically generate report after every scan.[/color]
[*]Under What to scan select scan every file
[*]Click On scan Tab
[*]Click on Complete system scan
[*]Let the program scan the machine It can take awhile give it time.
[*]When scan has finished At bottom of screen click Apply all Actions
[*]Click Save report
[*]Click Save Report as (Save as window's screen should pop up.)
[*]Click desktop
[*]Click Save
[*]Exit ewido
Reboot back to normal mode

Send a fresh HjT log and ewido report.
[ + quote]
dikitty
Newbie
_ 		25. June 2006 @ 01:38 _ Link to this message    Send private message to this user   
Uhm, I tried to boot up ewido in Safe Mode and... it wouldn't work. Unhappy kitty.
[ + quote]
-kemisti-
AfterDawn Addict
_ 		25. June 2006 @ 02:05 _ Link to this message    Send private message to this user   
Ewido didn't work in safe mode? Try running it in normal mode then.
[ + quote]
dikitty
Newbie
_ 		25. June 2006 @ 02:37 _ Link to this message    Send private message to this user   
Weee all right.

Here is the HjT log:

Logfile of HijackThis v1.99.1
Scan saved at 3:38:15 AM, on 6/25/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v5.00 SP4 (5.00.2920.0000)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\System32\nvsvc32.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\WINNT\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\WINNT\system32\internat.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [LVCOMSX] C:\WINNT\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [internat.exe] internat.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: WinZIP Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1DA3C4AB-E6B6-47A6-B0F3-1BD81524B51B} (ActiveWorldsDownload Control) - http://www.activeworlds.com/products/ActiveWorldsDownload.cab
O16 - DPF: {2EB1E425-74DC-4DC0-A9E1-03A4C852E1F2} (CPlayFirstTriJinxControl Object) - http://download.games.yahoo.com/games/web_games/playfirst/trijinx...
O16 - DPF: {3DA5D23B-EFE1-4181-ADB7-7D457567AACA} (TGOnlineCtrl Class) - http://zone.msn.com/bingame/pacz/default/pandaonline.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/cl...
O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} (MJLauncherCtrl Class) - http://zone.msn.com/bingame/luxr/default/mjolauncher.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {D54160C3-DB7B-4534-9B65-190EE4A9C7F7} (SproutLauncherCtrl Class) - http://download.games.yahoo.com/games/web_games/gamehouse/frenzy/...
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/unskin/gf.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINNT\System32\nvsvc32.exe

And the ewido log:

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 3:36:03 AM 6/25/2006

+ Scan result:



C:\WINNT\system32\sуmbols\iexplore.exe -> Adware.ClickSpring : No action taken.
C:\!KillBox\chkdsk.dll -> Adware.PurityScan : No action taken.
HKLM\SOFTWARE\Clickspring -> Adware.PurityScan : No action taken.
C:\WINNT\Downloaded Program Files\popcaploader.dll -> Not-A-Virus.Downloader.Win32.PopCap.b : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Tesseract\Cookies\tesseract@cnn.122.2o7[2].txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@ads.addynamix[1].txt -> TrackingCookie.Addynamix : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@z1.adserver[1].txt -> TrackingCookie.Adserver : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@advertising[2].txt -> TrackingCookie.Advertising : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@atdmt[2].txt -> TrackingCookie.Atdmt : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@citi.bridgetrack[2].txt -> TrackingCookie.Bridgetrack : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@burstnet[1].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@www.burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Tesseract\Cookies\tesseract@burstnet[2].txt -> TrackingCookie.Burstnet : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@cz4.clickzs[2].txt -> TrackingCookie.Clickzs : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@com[1].txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@cpvfeed[1].txt -> TrackingCookie.Cpvfeed : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@doubleclick[1].txt -> TrackingCookie.Doubleclick : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@adopt.euroclick[1].txt -> TrackingCookie.Euroclick : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@as-us.falkag[1].txt -> TrackingCookie.Falkag : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@media.fastclick[2].txt -> TrackingCookie.Fastclick : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@hypertracker[1].txt -> TrackingCookie.Hypertracker : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@ilead.itrack[1].txt -> TrackingCookie.Itrack : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@sales.liveperson[1].txt -> TrackingCookie.Liveperson : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@mediaplex[1].txt -> TrackingCookie.Mediaplex : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@ads.pointroll[2].txt -> TrackingCookie.Pointroll : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@questionmarket[2].txt -> TrackingCookie.Questionmarket : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@edge.ru4[1].txt -> TrackingCookie.Ru4 : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@serving-sys[2].txt -> TrackingCookie.Serving-sys : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@specificpop[1].txt -> TrackingCookie.Specificpop : No action taken.
C:\Documents and Settings\Administrator\Cookies\administrator@starware[2].txt -> TrackingCookie.Starware : No action taken.
C:\Documents and Settings\Tesseract\Cookies\tesseract@tacoda[1].txt -> TrackingCookie.Tacoda : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@trafficmp[2].txt -> TrackingCookie.Trafficmp : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Tesseract\Cookies\tesseract@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.
C:\Documents and Settings\Dionna\Cookies\dionna@zedo[2].txt -> TrackingCookie.Zedo : No action taken.


::Report end
[ + quote]
-kemisti-
AfterDawn Addict
_ 		25. June 2006 @ 03:24 _ Link to this message    Send private message to this user   
You'll have to rescan with ewido :)
"No action taken" for all -> nothing removed. Make sure that you let ewido remove everything it finds.
In other words, go to scanner -> settings
How to act? -> recommended actions -> select delete
Then re-scan using instructions I already gave you.
Send a fresh HjT log.
[ + quote]
anii
Newbie
_ 		27. June 2006 @ 21:53 _ Link to this message    Send private message to this user   
is this still thread still alive? because i just got this thing today >< i googled it and it got me here, i downloaded the HjT so i'll run it and copy the log on here, if this is still alive >< ...
[ + quote]

This message has been edited since posting. Last time this message was edited on 28. June 2006 @ 14:43
Advertisement
_ 		__
 
_
anii
Newbie
_ 		28. June 2006 @ 14:43 _ Link to this message    Send private message to this user   
edit: nvm, spyware doctor cleanned it =\
[ + quote]

This message has been edited since posting. Last time this message was edited on 29. June 2006 @ 17:55
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > cowabanga.exe?
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork