- Forums
- Security | Computer, Devices, Software and Systems
- Viruses, Spyware and Malware
- HijackThis Logs (finished)
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.
You should upgrade or use an alternative browser.
Windows Shutdown,HJT log for review/action
- Thread starter Thaqalain
- Start date
- Status
- Not open for further replies.
Found.000 to Found.014 Folders
I forget to mention that I have noticed these light yellow folders as far as I remember since last months,I don't know why these folders are in D (Windows XP) and what they representing,I am providing some info from properties:
(1)File0000.CHK,File0001.CHK Type Extension showing when I moved mouse at these folders.Inside these folders files are shown as File000Numeric#.CHK,Recovered File Fragments(Pieces of files found when your disc was scanned).
(2)Size 10.7 MB to 32 KB.
(3) Date Dec8/2004 and Jan/2005 and many other dates.
(4)Readonly,hidden file
noticed some other files in D with extensions:
.DAT
.BIN
.TMP
.$$$
.SET
.TXT
.SYS (Light Color)
.INI
and finally a huge folder of System Volume Information of 637 MB having
_restore(FBEBCE06-979D-4D..)fo_lders:RP1 to RP12 Snapshot folders eachone of 35.9 MB,Files:.txt,.cfg
What to do above folders and it's content files.
Please advice me will I delete these folders/files or keep it as it is ?
Thanks
I forget to mention that I have noticed these light yellow folders as far as I remember since last months,I don't know why these folders are in D (Windows XP) and what they representing,I am providing some info from properties:
(1)File0000.CHK,File0001.CHK Type Extension showing when I moved mouse at these folders.Inside these folders files are shown as File000Numeric#.CHK,Recovered File Fragments(Pieces of files found when your disc was scanned).
(2)Size 10.7 MB to 32 KB.
(3) Date Dec8/2004 and Jan/2005 and many other dates.
(4)Readonly,hidden file
noticed some other files in D with extensions:
.DAT
.BIN
.TMP
.$$$
.SET
.TXT
.SYS (Light Color)
.INI
and finally a huge folder of System Volume Information of 637 MB having
_restore(FBEBCE06-979D-4D..)fo_lders:RP1 to RP12 Snapshot folders eachone of 35.9 MB,Files:.txt,.cfg
What to do above folders and it's content files.
Please advice me will I delete these folders/files or keep it as it is ?
Thanks
Keep the files....
All File0000.CHK, File0001.CHK can be deleted.
The _restore folder is the system restore folder which houses restore points. If everything is fine...you can disable and then re-enable system restore. This will clear that folder and make a new restore point.
Procedure...
Create a new System Restore point
Windows XP
===============
All File0000.CHK, File0001.CHK can be deleted.
The _restore folder is the system restore folder which houses restore points. If everything is fine...you can disable and then re-enable system restore. This will clear that folder and make a new restore point.
Procedure...
Create a new System Restore point
Windows XP
===============
- Click Start >> Run - type SYSDM.CPL & press Enter
- Select the System Restore Tab
- Tick on the checkbox - "Turn off System Restore on all drives"
- Click Apply
- Then untick the same checkbox & click OK
Deleted Found Folders ,Disable and Enable System Info
I have deleted found folders,disable and enable System Volume Info,now inside it's folder remaining is only _restore folder of 35.9 MB.I want to get my computer free of this,can I delete this ,too?
What about other file extension sI mentioned in my last post,delete or not?
I have deleted found folders,disable and enable System Volume Info,now inside it's folder remaining is only _restore folder of 35.9 MB.I want to get my computer free of this,can I delete this ,too?
What about other file extension sI mentioned in my last post,delete or not?
Re: Deleted Found Folders ,Disable and Enable System Info
No..leave the other files extentions
No..leave the other _restore folder alone. If you use XP's system restore feature...you'll always have one or more of these folders. These are XP's restore points. If you don't want to use that feature..Tick on the checkbox - "Turn off System Restore on all drives" and leave it checked.
This will disable system restore and get rid of the folder you want to delete...but leaves you no option to roll the PC back if you encounter a problem.
Thaqalain said:I have deleted found folders,disable and enable System Volume Info,now inside it's folder remaining is only _restore folder of 35.9 MB.I want to get my computer free of this,can I delete this ,too?
What about other file extension sI mentioned in my last post,delete or not?
No..leave the other files extentions
No..leave the other _restore folder alone. If you use XP's system restore feature...you'll always have one or more of these folders. These are XP's restore points. If you don't want to use that feature..Tick on the checkbox - "Turn off System Restore on all drives" and leave it checked.
This will disable system restore and get rid of the folder you want to delete...but leaves you no option to roll the PC back if you encounter a problem.
I have tried to run 2 monitors same time thru 2 separate cards and tried to access download search via system and system 32 , later in morning I get message that Win32 Host Processed want to close:Here is log, Pls tell remedy:
Logfile of HijackThis v1.99.1
Scan saved at 5:55:52 AM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Norton Antivirus\navapsvc.exe
D:\PROGRA~1\NORTON~2\navapw32.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\hotfoon4.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\COMPROB\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups-beta.google.com/group/24hoursupport.helpdesk?hl=en
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HOTFOON2] C:\Program Files\hotfoon4.exe /h
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE
Logfile of HijackThis v1.99.1
Scan saved at 5:55:52 AM, on 8/11/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Norton Antivirus\navapsvc.exe
D:\PROGRA~1\NORTON~2\navapw32.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\hotfoon4.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\WINDOWS\system32\wscntfy.exe
D:\COMPROB\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups-beta.google.com/group/24hoursupport.helpdesk?hl=en
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar1.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HOTFOON2] C:\Program Files\hotfoon4.exe /h
O8 - Extra context menu item: &Google Search - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://D:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://D:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://D:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://D:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://D:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entrusttruepassapplet-epf.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE
Bloodhound.HybridCOM attack on Aug26/05
I was happy when looking NAV finished scanning and did'nt find any virus or infected file,moments later I wonder while found a NAV Virus Alert,here is detail;
object Name: ...\CAK565BO.Com%2Fmessage_board%2F%3BFORID%3A1%
Virus Name: Bloodhound.HybridCOM
Action Taken: Unable to repair this file,Access to file was denied.
Logfile of HijackThis v1.99.1
Scan saved at 8:56:16 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Norton Antivirus\navapsvc.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\PROGRA~1\NORTON~2\navapw32.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\hotfoon4.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\COMPROB\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups-beta.google.com/group/24hour....helpdesk?hl=en
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HOTFOON2] C:\Program Files\hotfoon4.exe /h
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE
Kindly help me how to kill this virus.
I was happy when looking NAV finished scanning and did'nt find any virus or infected file,moments later I wonder while found a NAV Virus Alert,here is detail;
object Name: ...\CAK565BO.Com%2Fmessage_board%2F%3BFORID%3A1%
Virus Name: Bloodhound.HybridCOM
Action Taken: Unable to repair this file,Access to file was denied.
Logfile of HijackThis v1.99.1
Scan saved at 8:56:16 PM, on 8/26/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\system32\spoolsv.exe
D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
D:\Program Files\ewido\security suite\ewidoctrl.exe
D:\Program Files\Norton Antivirus\navapsvc.exe
D:\Program Files\Norton Internet Security\NISUM.EXE
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Norton Internet Security\SymProxySvc.exe
D:\WINDOWS\system32\WFXSVC.EXE
D:\Program Files\Symantec\WinFax\WFXMOD32.EXE
D:\Program Files\Norton Internet Security\NISSERV.EXE
D:\PROGRA~1\NORTON~2\navapw32.exe
D:\Program Files\Norton Internet Security\IAMAPP.EXE
D:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\hotfoon4.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\svchost.exe
D:\Program Files\Common Files\Real\Update_OB\realsched.exe
D:\COMPROB\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://groups-beta.google.com/group/24hour....helpdesk?hl=en
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - d:\program files\google\googletoolbar2.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - D:\Program Files\Norton Antivirus\NavShExt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - d:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NAV Agent] D:\PROGRA~1\NORTON~2\navapw32.exe
O4 - HKLM\..\Run: [iamapp] D:\Program Files\Norton Internet Security\IAMAPP.EXE
O4 - HKLM\..\Run: [TkBellExe] "D:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [msnmsgr] "D:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [HOTFOON2] C:\Program Files\hotfoon4.exe /h
O8 - Extra context menu item: &Google Search - res://d:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://d:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://d:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://d:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://d:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://d:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - D:\Program Files\Yahoo!\Messenger\yhexbmes0521.dll
O9 - Extra button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra 'Tools' menuitem: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - D:\Program Files\AOL Toolbar\toolbar.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Share in Hello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra 'Tools' menuitem: Share in H&ello - {B13B4423-2647-4cfc-A4B3-C7D56CB83487} - D:\Program Files\Hello\PicasaCapture.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: D:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: TruePass EPF 7,0,100,684 - https://blrscr3.egs-seg.gc.ca/applets/entru...sapplet-epf.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O20 - Winlogon Notify: igfxcui - D:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Adobe Systems - D:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - D:\PROGRA~1\COMMON~1\AOL\ACS\AOLACSD.EXE
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - D:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\\aolserv.exe
O23 - Service: ewido security suite control - ewido networks - D:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - D:\Program Files\Norton Antivirus\navapsvc.exe
O23 - Service: Norton Internet Security Service (NISSERV) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISSERV.EXE
O23 - Service: Norton Internet Security Accounts Manager (NISUM) - Symantec Corporation - D:\Program Files\Norton Internet Security\NISUM.EXE
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - D:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - D:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Norton Internet Security Proxy Service (SymProxySvc) - Symantec Corporation - D:\Program Files\Norton Internet Security\SymProxySvc.exe
O23 - Service: WinFax PRO (wfxsvc) - Symantec Corporation - D:\WINDOWS\system32\WFXSVC.EXE
Kindly help me how to kill this virus.
Little research does wonders...
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.html
http://securityresponse.symantec.com/avcenter/venc/data/bloodhound.html
- Status
- Not open for further replies.
Similar threads
- Replies
- 0
- Views
- 2K
- Replies
- 1
- Views
- 3K
