Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

The Trojans are attacking

Started by katbo , Sep 18 2007 08:09 AM

  • Please log in to reply

#1
katbo
Posted 18 September 2007 - 08:09 AM

katbo

    New Member

  • Member
  • Pip
  • 6 posts
Went through all the steps under "you must Read this Before posting..."
Still having problems.
Here is AVG Spyware, HiJack & Panda Activescan.

Please help...

If I reformat my drive will that get rid of the trojans?


Carol

________________________________________________________________________________
_

AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 9:06:08 AM 9/18/2007

+ Scan result:



:mozilla.6:I:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\r0sikg5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.7:I:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\r0sikg5b.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
I:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.12:I:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\r0sikg5b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
I:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Atdmt : Cleaned.
I:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.33:I:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\r0sikg5b.default\cookies.txt -> TrackingCookie.Esomniture : Cleaned.
I:\Documents and Settings\Carol\Cookies\[email protected][2].txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.32:I:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\r0sikg5b.default\cookies.txt -> TrackingCookie.Paypal : Ignored and added to exceptions
:mozilla.36:I:\Documents and Settings\Carol\Application Data\Mozilla\Firefox\Profiles\r0sikg5b.default\cookies.txt -> TrackingCookie.Specificclick : Cleaned.
I:\Documents and Settings\Carol\Cookies\[email protected][1].txt -> TrackingCookie.Webtrends : Cleaned.


::Report end

____________________________________________________________________________

Logfile of HijackThis v1.99.1
Scan saved at 8:52:33 AM, on 9/18/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
I:\WINDOWS\System32\smss.exe
I:\WINDOWS\system32\winlogon.exe
I:\WINDOWS\system32\services.exe
I:\WINDOWS\system32\lsass.exe
I:\WINDOWS\system32\svchost.exe
I:\WINDOWS\System32\svchost.exe
I:\WINDOWS\system32\spoolsv.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
I:\Program Files\NCH Software\BroadCam\broadCam.exe
I:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
I:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe
I:\Program Files\NCH Swift Sound\Components\mp3el\mp3enc.exe
I:\Program Files\NCH Software\Eyeline\eyeline.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
I:\WINDOWS\Explorer.EXE
I:\WINDOWS\System32\nvsvc32.exe
I:\WINDOWS\system32\HPZipm12.exe
I:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
I:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
I:\Program Files\Analog Devices\Core\smax4pnp.exe
I:\Program Files\Analog Devices\SoundMAX\Smax4.exe
I:\WINDOWS\system32\RUNDLL32.EXE
I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
I:\PROGRA~1\Grisoft\AVG7\avgcc.exe
I:\Program Files\NCH Software\BroadCam\broadCam.exe
I:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe
I:\Program Files\NCH Software\Eyeline\eyeline.exe
I:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe
I:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe
I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
I:\Program Files\Messenger\MSMSGS.EXE
I:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe
I:\Program Files\BitTorrent\bittorrent.exe
I:\Program Files\ASUS WiFi-AP Solo\RtWLan.exe
I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
I:\Program Files\SEC\Natural Color Pro\NCProTray.exe
I:\PROGRA~1\INCRED~1\bin\IMApp.exe
I:\Program Files\Common Files\Roxio Shared\SharedCOM8\CPSHelpRunner.exe
I:\WINDOWS\System32\svchost.exe
I:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
I:\WINDOWS\system32\wpabaln.exe
I:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
I:\Program Files\Internet Explorer\iexplore.exe
I:\Program Files\Mozilla Firefox\firefox.exe
I:\Program Files\IncrediMail\bin\IncMail.exe
I:\WINDOWS\system32\wuauclt.exe
I:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - I:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {733E9132-53CA-4C97-9AC9-145C4502FA20} - I:\WINDOWS\system32\gebbyxw.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - i:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - I:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - i:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "I:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [SoundMAXPnP] I:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [SoundMAX] "I:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE I:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE I:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NeroFilterCheck] I:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] I:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [AVG7_CC] I:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "I:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BroadCamRun] "I:\Program Files\NCH Software\BroadCam\broadCam.exe" -logon
O4 - HKLM\..\Run: [RecordPadRun] "I:\Program Files\NCH Swift Sound\RecordPad\recordpad.exe" -logon
O4 - HKLM\..\Run: [BroadWaveRun] "I:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -logon
O4 - HKLM\..\Run: [EyelineRun] "I:\Program Files\NCH Software\Eyeline\eyeline.exe" -logon
O4 - HKLM\..\Run: [QuickTime Task] "I:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] I:\Program Files\Macrogaming\SweetIM\SweetIM.exe
O4 - HKLM\..\Run: [RoxWatchTray] "I:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatchTray.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "I:\Program Files\Roxio\Easy Media Creator 8\Drag to Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] "I:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [IncrediMail] I:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [SpybotSD TeaTimer] I:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "I:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [DW4] "I:\Program Files\The Weather Channel FW\Desktop Weather\DesktopWeather.exe"
O4 - HKCU\..\Run: [BitTorrent] "I:\Program Files\BitTorrent\bittorrent.exe" --force_start_minimized
O4 - Startup: Adobe Gamma.lnk = I:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS WiFi-AP Solo.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = I:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: NCProTray.lnk = ?
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - I:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - I:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - I:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1190122195734
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O20 - Winlogon Notify: gebbyxw - I:\WINDOWS\SYSTEM32\gebbyxw.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - I:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Adobe LM Service - Adobe Systems - I:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - I:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - I:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: BroadCam Service (BroadCamService) - Unknown owner - I:\Program Files\NCH Software\BroadCam\broadCam.exe" -service (file missing)
O23 - Service: BroadWave Service (BroadWaveService) - Unknown owner - I:\Program Files\NCH Swift Sound\BroadWave\broadwave.exe" -service (file missing)
O23 - Service: Eyeline Service (EyelineService) - Unknown owner - I:\Program Files\NCH Software\Eyeline\eyeline.exe" -service (file missing)
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Unknown owner - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe" -k runservice (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - I:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - I:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: NBService - Nero AG - I:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - I:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - I:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - I:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - I:\WINDOWS\system32\HPZipm12.exe
O23 - Service: LiveShare P2P Server (RoxLiveShare) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxLiveShare.exe
O23 - Service: RoxMediaDB - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxMediaDB.exe
O23 - Service: RoxUpnpRenderer (RoxUPnPRenderer) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\SharedCom\RoxUpnpRenderer.exe
O23 - Service: RoxUpnpServer - Sonic Solutions - I:\Program Files\Roxio\Easy Media Creator 8\Digital Home\RoxUpnpServer.exe
O23 - Service: Roxio Hard Drive Watcher (RoxWatch) - Sonic Solutions - I:\Program Files\Common Files\Roxio Shared\SharedCOM8\RoxWatch.exe

________________________________________________________________________________
__

ActiveScan


Incident Status Location

Spyware:Cookie/Atlas DMT Not disinfected I:\Documents and Settings\Carol\Cookies\[email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected I:\Documents and Settings\Carol\Cookies\[email protected][1].txt
Spyware:Cookie/Mediaplex Not disinfected I:\Documents and Settings\Carol\Cookies\[email protected][2].txt
Adware:Adware/WinAntiSpyware Not disinfected I:\Documents and Settings\Carol\Local Settings\Temp\qz5kho62.exe
Virus:Trj/Lineage.FHD Disinfected I:\WINDOWS\system32\fccabcb.dll
Virus:Trj/Downloader.OZB Disinfected I:\WINDOWS\system32\wuifqmgm.exe .ren

________________________________________________________________________________
____[/size][/size]
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP