Bloodhound.w32.ep, w32.desktophijack, & possibly more

Posted 7/13/2005 12:52 AM
#17430
User avatar

deirdre Member

Date Joined Nov 2016
Total Posts: 1
i'm pretty sure i have several viruses. they seem to be infecting my wininet.dll file, and possibly some others.

anyway, i've read into other posts and have tried to rename the wininet.dll file but windows won't let me since it's currently in use.

the progs i've ran are:
-cleanup!
-lavasoft's adaware
-cwshredder
-spybot s&d
-ewido security suite
-trend housecall
-and lastly hijackthis.

thanks in advance for your help.

here's my log from hijackthis ::
Logfile of HijackThis v1.99.1
Scan saved at 7:01:07 PM, on 7/10/2005
Platform: Windows 2000 SP2 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\WINNT\System32\CTsvcCDA.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINNT\wanmpsvc.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\System32\devldr32.exe
C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLHOS~1.EXE
C:\PROGRA~1\COMMON~1\AOL\110109~1\EE\AOLServiceHost.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Netscape\Netscape\Netscp.exe
C:\Program Files\hijackthis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer,SearchURL = https://nonstopsearch.com/?a=2
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = https://nonstopsearch.com/?a=2
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,SearchURL = https://nonstopsearch.com/?a=2
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by America Online
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - URLSearchHook: (no name) - _{39C763CA-7420-2A12-3515-F5A456076FF8} - (no file)
O1 - Hosts: 64.91.255.87 www.dcsresearch.com
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file)
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: (no name) - {08BEC6AA-49FC-4379-3587-4B21E286C19E} - (no file)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Speed racer] C:\Program Files\Creative\PlayCenter\CTSRReg.exe
O4 - HKLM\..\Run: [AudioHQ] C:\Program Files\Creative\SBLive\AudioHQ\AHQTB.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINNT\Updreg.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINNT\System32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [Pure Networks Port Magic] "C:\PROGRA~1\PURENE~1\PORTMA~1\PortAOL.exe" -Run
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1101097927\EE\AOLHostManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [vmtune] gdlib.exe
O4 - HKLM\..\Run: [combop.exe] combop.exe
O4 - HKLM\..\Run: [Uint32] qwe.exe
O4 - HKLM\..\Run: [TorontoMail] ms-its.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164157_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\JEREMY~1\LOCALS~1\Temp\2005710164158_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [WareOut] "C:\Program Files\WareOut\WareOut.exe"
O4 - HKCU\..\Run: [avpmondll] driver32.exe
O4 - HKCU\..\Run: [nmdllw] ERTYDF.exe
O4 - HKCU\..\Run: [Serviceprocess] runload32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra 'Tools' menuitem: MaxSpeed - {120E090D-9136-4b78-8258-F0B44B4BD2AC} - C:\WINNT\System32\ms.exe (file missing)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINNT\System32\Shdocvw.dll
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX
O9 - Extra button: Microsoft® JavaScript® Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O9 - Extra 'Tools' menuitem: JavaScript Console - {FDC11D31-DBBE-450D-8E06-78A1061E312F} - C:\WINNT\system32\COMDLG32.OCX (HKCU)
O14 - IERESET.INF: START_PAGE_URL=https://www.aol.com
O16 - DPF: Aces Up! by pogo - https://game1.pogo.com/applet-6.1.5.28/aces...s-ob-assets.cab
O16 - DPF: Harvest Mania by pogo - https://game1.pogo.com/applet-6.1.5.21/harv...t-ob-assets.cab
O16 - DPF: Mah Jong Garden by pogo - https://game1.pogo.com/applet-6.2.3.36/mahj...g-ob-assets.cab
O16 - DPF: Phlinx by pogo - https://game1.pogo.com/applet-6.1.4.22/flin...r-ob-assets.cab
O16 - DPF: Tri-Peaks by pogo - https://game1.pogo.com/applet-6.1.4.22/peak...s-ob-assets.cab
O16 - DPF: WordJong by pogo - https://game1.pogo.com/applet-6.1.4.22/word...g-ob-assets.cab
O16 - DPF: {15AD6789-CDB4-47E1-A9DA-992EE8E6BAD6} - https://static.windupdates.com/cab/MediaAcc...e/bridge-c9.cab
O16 - DPF: {4A3CF76B-EC7A-405D-A67D-8DC6B52AB35B} (QDiagAOLCCUpdateObj Class) - https://aolcc.aol.com/computercheckup/qdiagcc.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - https://a840.g.akamai.net/7/840/537/2004061...all/xscan53.cab
O16 - DPF: {E53458D2-5A83-4BD1-8DE2-EEEBE73BAB49} (CheckControl Class) - https://www.content-loader.com/load/ccaccess.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C289BD10-714C-4574-ADFF-864FD4D28E13}: NameServer = 69.50.188.180,85.255.112.5
O17 - HKLM\System\CCS\Services\VxD\MSTCP: NameServer = 69.50.188.180,85.255.112.5
O19 - User stylesheet: (file missing)
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: AOL Spyware Protection Service (AOLService) - Unknown owner - C:\Program Files\Common Files\AOL\AOL Spyware Protection\\aolserv.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINNT\System32\CTsvcCDA.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINNT\wanmpsvc.exe




and here is my scan report from ewido ::
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 6:30:50 PM, 7/10/2005
+ Report-Checksum: D09D27FD

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{C0EF89EE-EEC7-4535-A041-F1EBF79560A7} -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\TypeLib\{52CACFDF-9170-46A9-AE2E-E594D324C72A} -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CLSID -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Classes\WEBInstaller.CExecute\CurVer -> Spyware.CashBack : Ignored
HKLM\SOFTWARE\Dsi -> Spyware.Delfin : Ignored
HKLM\SOFTWARE\MaxSpeed -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{120E090D-9136-4b78-8258-F0B44B4BD2AC} -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Ignored
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{8F9FBEB8-D216-4d6c-8D21-513157E09C0D} -> Spyware.Maxspeed : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\FirstRun -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Options -> TrojanDownloader.Wareout : Ignored
HKU\S-1-5-21-343818398-507921405-1060284298-1000\Software\WareOut\Registration -> TrojanDownloader.Wareout : Ignored
:mozilla.10:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.12:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.14:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.2o7 : Ignored
:mozilla.21:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.22:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Adtech : Ignored
:mozilla.35:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.36:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
:mozilla.37:C:\Documents and Settings\Jeremy Williamson\Application Data\Mozilla\Profiles\Default User\8z4w0y9x.slt\cookies.txt -> Spyware.Cookie.Ru4 : Ignored
C:\Documents and Settings\Jeremy Williamson\Local Settings\Temporary Internet Files\Content.IE5\2H8V61AJ\index[1].htm -> Not-A-Virus.Exploit.VBS.Phel.a : Ignored
C:\Documents and Settings\Jeremy Williamson\Local Settings\Temporary Internet Files\Content.IE5\U5WZSJS1\exploit[1].exe -> TrojanDropper.Vidro.p : Ignored
C:\WINNT\Downloaded Program Files\MediaGatewayX.dll -> Spyware.WinAD : Ignored
C:\WINNT\system32\ccaccess.dll -> Heuristic.Win32.Hijacker1 : Ignored
C:\WINNT\system32\rdsndin.exe -> Spyware.FindSpy : Ignored


::Report End
  • Unread posts or replies
  • No unread posts or replies
  • Unread Posts (Read Only Forum)
  • No Unread Posts (Read Only Forum)

Forum Information

Currently it is Saturday, January 19, 2019, 7:23 PM (GMT +1)
There are a total of 61,707 posts in 13,599 threads.
In the last 3 days there were 0 new threads and 0 reply posts.

Who's online

This forum has 38,441 registered members. Please welcome our newest member, Orlando Niles.
There are currently no users on-line.
We use cookies to ensure that we give you the best experience on our website. By continuing to browse, we are assuming that you have no objection in accepting cookies. You can change your cookie settings at any time.