Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

serious problem... tracking cookies reappearing [RESOLVED]


  • This topic is locked This topic is locked

#1
mojomagic

mojomagic

    New Member

  • Member
  • Pip
  • 4 posts
Hi
I have a big problem, but before I tell u about it, I'll let u know what I've done to try and fix it. I followed your instructions, started out w adaware, did the CWshredder in safe mode, ran spybot in normal mode, immunized, ran ewido in safe mode and ran an online scanner (trend housecall). I found a trojan ( or my mcafee virus scanner did), but ewido didn't show anything. When I started my comp in normal mode the online scanner found some different malware, but couldn't remove all of it.

So i'm sorted of stuck... everytime i run one of my scanners it finds something (tracking cookies or trojans) but i can't seem to get to the bottom of it.. i would post the ewido log but it said clean so I'll just post HijackThis:

Logfile of HijackThis v1.99.1
Scan saved at 04:31:22, on 25-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmer\CableConnect\CableConnect.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Documents and Settings\Administrator\Skrivebord\hijack-this\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\D-Tools\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: CableConnect.lnk = C:\Programmer\CableConnect\CableConnect.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download using FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.c...InkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113288630875
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.dans...B/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LBTServ - C:\Programmer\Fælles filer\Logitech\Bluetooth\lbtserv.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - C:\Programmer\iPod\bin\iPodService.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

plz help me, Im completely bummed :whistling:

I just had a look at add/remove programs... there was a program that said: Red swoosh EDN client (lol remove only)...

Edited by mojomagic, 25 March 2006 - 03:54 PM.

  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi mojomagic

Welcome to G2G! :whistling:

Sorry for the delay in response. If you still need help, please do the following:

* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Post a new HiJackThis log along with the results from ActiveScan


* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. Copy and paste that list here.
  • 0

#3
mojomagic

mojomagic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Flrman1

Thx for having a look at this, it's giving me grey hairs and i'm only 31 :whistling:

Here are the reports u asked for:

1. Panda scan:


Incident Status Location

Spyware:Cookie/Adtech Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@bfast[2].txt
Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Research-int Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@research-int[1].txt
Spyware:Cookie/WebPower Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Spyware:Cookie/Adtech Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@adtech[2].txt
Spyware:Cookie/adultfriendfinder Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@adultfriendfinder[2].txt
Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@belnk[1].txt
Spyware:Cookie/Bfast Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@bfast[2].txt
Spyware:Cookie/Belnk Not disinfected
C:\Documents and Settings\Administrator\Cookies\[email protected][2].txt
Spyware:Cookie/Research-int Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@research-int[1].txt
Spyware:Cookie/WebPower Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@webpower[2].txt
Spyware:Cookie/Xiti Not disinfected
C:\Documents and Settings\Administrator\Cookies\administrator@xiti[1].txt
Virus:Trj/Lager.AH Disinfected
C:\Documents and Settings\Administrator\Lokale indstillinger\Temporary Internet Files\Content.IE5\TS509N6A\parad[1].raw

2. new hijackthis log:

Logfile of HijackThis v1.99.1
Scan saved at 21:21:30, on 26-03-2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
C:\WINDOWS\system32\CTSvcCDA.EXE
C:\Programmer\ewido anti-malware\ewidoctrl.exe
C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
C:\Programmer\Network Associates\VirusScan\Mcshield.exe
C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
C:\Programmer\Fælles filer\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\system32\RunDll32.exe
C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE
C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe
C:\Programmer\MSN Messenger\MsnMsgr.Exe
C:\Programmer\WIDCOMM\Bluetooth-software\BTTray.exe
C:\Programmer\Logitech\SetPoint\kem.exe
C:\PROGRAMMER\LOGITECH\SETPOINT\KHALMNPR.EXE
C:\Programmer\CableConnect\CableConnect.exe
C:\Programmer\Microsoft AntiSpyware\gcasDtServ.exe
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programmer\Microsoft AntiSpyware\gcasServ.exe
C:\Programmer\Internet Explorer\IEXPLORE.EXE
C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Skrivebord\hijack-this\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Hyperlinks
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmer\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\windows\downloaded program files\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\windows\downloaded program files\googletoolbar1.dll
O4 - HKLM\..\Run: [Genvej til egenskabsside for High Definition Audio] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [ShStatEXE] "C:\Programmer\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Programmer\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [awxDTools] rundll32 C:\PROGRA~1\D-Tools\AWXDTO~1\awxDTools.dll,awxRegisterDll /r /s
O4 - HKLM\..\Run: [gcasServ] "C:\Programmer\Microsoft AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Programmer\Fælles filer\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [MsnMsgr] "C:\Programmer\MSN Messenger\MsnMsgr.Exe" /background
O4 - Startup: CableConnect.lnk = C:\Programmer\CableConnect\CableConnect.exe
O4 - Global Startup: Adobe Reader Hurtigstart.lnk = C:\Programmer\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech SetPoint.lnk = ?
O8 - Extra context menu item: Download using FlashGet - C:\Programmer\FlashGet\jc_link.htm
O8 - Extra context menu item: E&ksporter til Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Send til &Bluetooth - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie_ctx.htm
O9 - Extra button: Opslag - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programmer\WIDCOMM\Bluetooth-software\btsendto_ie.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmer\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {3D6DDD23-870A-4FC8-B3AF-5F67C935A9B7} (Util Class) - https://udstedelse.c...InkCSP-1204.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1113288630875
O16 - DPF: {6CB5E471-C305-11D3-99A8-000086395495} - http://toolbar.googl...g/GoogleNav.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.t...ivex/hcImpl.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/s...nfo/webscan.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.dans...B/e-Safekey.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: LBTServ - C:\Programmer\Fælles filer\Logitech\Bluetooth\lbtserv.dll
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Programmer\WIDCOMM\Bluetooth-software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTSvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Programmer\ewido anti-malware\ewidoctrl.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Programmer\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Programmer\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

3. and finally more hijackthis:

AC3Filter (remove only)
Ad-Aware SE Personal
Adobe Reader 7.0.5 - Dansk
arniWORX Daemon-Tools ShellExtension (remove only)
C-Media High Definition Audio Driver
CoreAAC Audio Codec
Creative DVD Audio Plugin for Audigy Series
Creative MediaSource
Cyberlink Mpeg2 Codec
DAEMON Tools
Deus Ex - Invisible War
Direct Show Ogg Vorbis Filter (remove only)
DivX
DivX Converter
DivX Player
DivX Web Player
Doom 3
ewido anti-malware
ffdshow (remove only)
Google Toolbar for Internet Explorer
High Definition Audio Driver Package - KB835221
HighMAT-udvidelse til Guiden Cd-skrivning til Microsoft Windows XP
HijackThis 1.99.1
Intervideo Mpeg2 Codec
InterVideo WinDVD 5
Logitech SetPoint
Macromedia Flash Player 8
Macromedia Shockwave Player
Marvell Miniport Driver
Matroska Pack (remove only)
McAfee VirusScan Enterprise
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Danish Language Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft AntiSpyware
Microsoft Office Professional Edition 2003
Mobile Phone Suite
MSN Messenger 7.5
NOMAD MuVo TX
NVIDIA Drivers
Opdatering til Windows XP (KB894391)
Opdatering til Windows XP (KB896727)
Opdatering til Windows XP (KB898461)
Opdatering til Windows XP (KB900930)
Opdatering til Windows XP (KB910437)
Panda ActiveScan
QuickTime
RealPlayer
Red Swoosh EDN Client (lol remove only)
RIFF/CDXA Source filter test6b (remove only)
Sid Meier's Pirates!
Sikkerhedsopdatering til Windows Media Player (KB911564)
Sikkerhedsopdatering til Windows Media Player 10 (KB911565)
Sikkerhedsopdatering til Windows XP (KB883939)
Sikkerhedsopdatering til Windows XP (KB890046)
Sikkerhedsopdatering til Windows XP (KB893756)
Sikkerhedsopdatering til Windows XP (KB896358)
Sikkerhedsopdatering til Windows XP (KB896422)
Sikkerhedsopdatering til Windows XP (KB896423)
Sikkerhedsopdatering til Windows XP (KB896424)
Sikkerhedsopdatering til Windows XP (KB896428)
Sikkerhedsopdatering til Windows XP (KB896688)
Sikkerhedsopdatering til Windows XP (KB899587)
Sikkerhedsopdatering til Windows XP (KB899588)
Sikkerhedsopdatering til Windows XP (KB899589)
Sikkerhedsopdatering til Windows XP (KB899591)
Sikkerhedsopdatering til Windows XP (KB900725)
Sikkerhedsopdatering til Windows XP (KB901017)
Sikkerhedsopdatering til Windows XP (KB901214)
Sikkerhedsopdatering til Windows XP (KB902400)
Sikkerhedsopdatering til Windows XP (KB903235)
Sikkerhedsopdatering til Windows XP (KB904706)
Sikkerhedsopdatering til Windows XP (KB905414)
Sikkerhedsopdatering til Windows XP (KB905749)
Sikkerhedsopdatering til Windows XP (KB905915)
Sikkerhedsopdatering til Windows XP (KB908519)
Sikkerhedsopdatering til Windows XP (KB911927)
Sikkerhedsopdatering til Windows XP (KB912919)
Sikkerhedsopdatering til Windows XP (KB913446)
Skype 1.4
Spybot - Search & Destroy 1.4
TDC CSP
VSFilter (Vobsub) 1.33
WIDCOMM Bluetooth Software
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
World of Warcraft

as u see, a new scan once again revealed something, and i can't seem to remove it entirely... Hope u can give me some good advice. ohh and once again, your help and time is truly appreciated :blink:

Edited by mojomagic, 26 March 2006 - 01:33 PM.

  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Go to Add/Remove programs and uninstall Red Swoosh EDN Client (lol remove only)


Go to Control Panel > Internet Options. On the General tab under "Temporary Internet Files" Click "Delete Files". Put a check by "Delete Offline Content" and click OK. Click on the "Delete Cookies" button to clear all cookies.


I see no reason for you to be worried about the state of your computer at this time. All the online scan found is more tracking cookies. Although we don't want to get tracking cookies, as far as threats go, they are not that high on the chart. We all get them from time to time
Read what a tracking cookie is here and how to block many of them:

http://www.mvps.org/...002/cookies.htm

If you have Spybot installed, you can use it's imminize feature to block a lot of them too.

I do understand your concern, but don't get yourself too worked up over them.
  • 0

#5
mojomagic

mojomagic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hello again :whistling:
I followed the steps u suggested and it has cleaned my comp of cookies. I've then run different scans again and Ewido found Trojan.agent.qe. I cleaned that and then rebooted comp. My spyware scanners didn't find anything, but McAfee found Downloader-zq and deleted it, but I'm not sure if it's really gone. I would like more helpful advice if possible. Thx :blink:
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Tell me the exact name of the file Mcafee found and where it is.
  • 0

#7
mojomagic

mojomagic

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Hi Flrman1
It seems all my problems r gone :help: i've run all my scanners and they find nothing now, not even the online ones :blink: but thx for helping me out, u rule :whistling:
mojomagic
  • 0

#8
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
You're welcome! :whistling:

* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#9
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP