Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Casalemedia spyware and tracking cookies [RESOLVED]


  • This topic is locked This topic is locked

#16
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Delete:

D:\Download\2coolbigcats01.exe/setup.zip/WinDir/msmgr.exe
D:\Download\2coolbigcats01.exe/setup.zip
D:\Download\2coolbigcats01.exe


Empty recycle bin..
  • 0

Advertisements


#17
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Done Sir, I run the scan again and the results are:

Scan Statistics:
Total number of scanned objects: 218342
Number of viruses found: 2
Number of infected objects: 4
Number of suspicious objects: 0
Duration of the scan process: 5965 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Kelvin\Local Settings\Temporary Internet Files\Content.IE5\3RHR398W\wbkB.tmp Infected: Trojan-Spy.HTML.Bankfraud.ci
D:\System Volume Information\_restore{7EFFB0F5-19B2-4E5E-840F-F29E1214B8DD}\RP517\A0071003.exe/setup.zip/WinDir/msmgr.exe Infected: Trojan.Win32.VB.jd
D:\System Volume Information\_restore{7EFFB0F5-19B2-4E5E-840F-F29E1214B8DD}\RP517\A0071003.exe/setup.zip Infected: Trojan.Win32.VB.jd
D:\System Volume Information\_restore{7EFFB0F5-19B2-4E5E-840F-F29E1214B8DD}\RP517\A0071003.exe Infected: Trojan.Win32.VB.jd

How to treat that, Doctor? :tazz:
  • 0

#18
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Disable System Restore;

1. Click Start > Programs > Accessories > Windows Explorer
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Check the "Turn off System Restore"
5. Click Apply. An message shows up.
6. Click "Yes" to do this.
7. Confirm with "Ok".
  • Clean out temporary files:
  • Click Start -> Run and type in: cleanmgr
  • Click "Ok".
  • Let it scan your system.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
Reboot.

Enable System Restore;

1. Click Start.
2. Right-click My Computer, and then click Properties.
3. Click the System Restore tab.
4. Uncheck the "Turn off System Restore" check box.
5. Click Apply, and then click "OK".


Then create a new restore point.. Nothing left from those infections once done :)

Post a final HiJackThis log to check.. :tazz:

Edited by Rawe, 15 September 2005 - 12:58 PM.

  • 0

#19
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Is it Clean?

Logfile of HijackThis v1.99.1
Scan saved at 下午 10:26:29, on 2005/9/16
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Kingsoft\Xdict\XDICT.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\HijackThis.exe

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [msmgr] msmgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [Configuration Loader] SERVlCES.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\System32\IEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\System32\IEPlugin.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall 線上掃毒) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_tw.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE
  • 0

#20
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
You do have one more infection there..

Click "Start", Run and type in; MRT
Click "Ok". When a window pops up, click "Next". Let it scan and let me know of the results.
  • 0

#21
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The Removal Tool does not detect any software for removal. :tazz: None of the following that it scanned.

Win32/Bagle, Bagz, Berbew, Bobax, Bropia, Doomjuice, Dumaru, Esbot, Gael, Gaobot, Goweh, Hackdef, Hacty, Kelvir, Korgo, Lovgate, Mimail, Msblast, Mydoom, Mytob, Nachi, Netsky, Optix, Optixpro, Prustiu, Randex, Rbot, Sasser, Sdbot, Sober, Sobig, Spybot, Spyboter, Wootbot, Yaha, Zafi, Zindos, Zotob, WinNT/Ispro.
  • 0

#22
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Ok.. Please go to the TrendMicro website HERE
  • Click Check my PC now
  • On the next page it will verify that Trendmicro scan can be run.
  • There should be 4 green checkmarks, if any of them stay a red X please let me know which one(s)
  • Read the agreement, the click continue with Next Step
  • Wait for the scanner to load, if you get a security warning about the Trend-Micro applet, click YES
  • It will install "Core-Packages", then please run the scan - let me know how many infected items it found and if any of them couldn't be cleaned and the name/location

  • 0

#23
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
:tazz: No infected items found:

"Scanned: 207981, Infected: 0
Congratulations, Clean System!
HouseCall did not find any infection on your system."
  • 0

#24
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I then run SpyHunter v2.0 to scan the PC. The following files are found infected:

g:\program files\...\advserev.sys - CreativeLabs
g:\program files\...\ctnews.ini - NewsUpd.exe
C:\Program Files\...\list.txt - eAnthology
g:\winme\gatorplugin.log - Gator
g:\winme\start menu...\gstartup.lnk - Gator
g:\winme\start menu...\gain website.url - Gator
c:\matlab6p5p1\...\jade.exe - Jade
c:\program files\freerip\community.url - WinActive

I deleted all these files manually.

The HJT are then:

Logfile of HijackThis v1.99.1
Scan saved at 上午 03:19:34, on 2005/9/18
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\PMJ151LA.BIN
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\System32\WFXSVC.EXE
C:\Program Files\WinFax\WFXMOD32.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\wfxsnt40.exe
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\FarStone\GameDrive\VDTask.exe
C:\WINDOWS\vcdplayx.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\Kingsoft\Xdict\XDICT.EXE
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
D:\Download\HijackThis.exe

O2 - BHO: (no name) - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
O4 - HKLM\..\Run: [WinFaxAppPortStarter] wfxsnt40.exe
O4 - HKLM\..\Run: [ZingSpooler] C:\Program Files\Common Files\Zing\ZingSpooler.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\GameDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [vcdplayx] "C:\WINDOWS\vcdplayx.exe"
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SpyHunter] C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe
O4 - HKLM\..\RunServices: [Configuration Loader] SERVlCES.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
O8 - Extra context menu item: &Download with &DAP - C:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: Download &all with DAP - C:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java 主控台 - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: Joyo - {8DE0FCD4-5EB5-11D3-AD25-00002100131B} - C:\WINDOWS\System32\IEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ZDNet - {C8CE29C5-7589-11D3-B81B-0080C8DC5DC8} - C:\WINDOWS\System32\IEPlugin.dll
O9 - Extra button: RealGuide - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall 線上掃毒) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...RdxIE601_tw.cab
O16 - DPF: {5E943D9C-F8DC-4258-8E3F-A61BB3405A33} (ZingBatchAXDwnl Class) - http://www.imagestat...ion=4,3,2,20802
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akama...meInstaller.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft...free/asinst.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\PROGRAM FILES\NORMAN\Nvc\BIN\nipsvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PMJ151 AutoLaunch Service (PMJ151LA) - Matsushita Electric Industrial Co. ,Ltd, - C:\WINDOWS\PMJ151LA.BIN
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WinFax Basic Edition (wfxsvc) - Symantec Corporation - C:\WINDOWS\System32\WFXSVC.EXE

Which line / object indicates something is infected?
  • 0

#25
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
The Activescan log is saved successfully this time as follows after Panda scan is completed:

Incident Status Location

Adware:adware/powerstrip No disinfected Windows Registry
  • 0

Advertisements


#26
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
I downloaded and run EMCO Network Malware Cleaner. It found:

NMC.BACKDOOR.BOTEX TROJAN Detected From : [FILE_EXISTS] : \\...\C$\WINDOWS\IsUn0404.exe
NMC.BITCOMET.0.56 PEERTOPEER Detected From : [FILE_VERSION] : \\...\C$\Program Files\BitComet\BitComet.exe - 0.56.9.23
NMC.DAP ADWARE Detected From : [DIR_EXISTS] : \\...\C$\Program Files\DAP
NMC.DOWNLOAD.ACCELERATOR ADWARE Detected From : [REGKEY_HKCR_EXISTS] : \clsid\{82351441-9094-11d1-a24b-00a0c932c7df}
NMC.DOWNLOAD.ACCELERATOR.PLUS ADWARE Detected From : [DIR_EXISTS] : \\...\C$\Program Files\dap
NMC.MIFENG.B TROJAN Detected From : [FILE_EXISTS] : \\...\C$\WINDOWS\IsUn0404.exe

Shall I follow to remove that in the Malware Cleaner?
  • 0

#27
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Go ahead..

Can you post this:
  • Open HiJackThis
  • Click on the configure button on the bottom right
  • Click on the tab "Misc Tools"
  • Click on the Box that says "Uninstall Manager"
  • Click on the button "Save list"
  • Copy and paste the List from the notebook onto your post

  • 0

#28
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
This is the list.

《模擬城市福爾摩沙 尖峰時刻》
3DMark03
3DMark05
ACDSee 7.0 PowerPack
Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe MPEG Encoder
Adobe Photoshop 7.0
Adobe Premiere 6.5
ADPCM Driver
Advanced WMA Workshop version 2.09.9
Ahriman's Prophecy
Animal Paradise
ArcSoft Software Suite
ArcSoft VideoImpression 1.6
ArtRage
AVG Free Edition
Canon Camera Support Core Library
Canon Camera Window for ZoomBrowser EX
Canon Digital Camera USB WIA Driver
Canon MovieEdit Task for ZoomBrowser EX
Canon PhotoRecord
Canon RAW Image Task for ZoomBrowser EX
Canon RemoteCapture Task for ZoomBrowser EX
Canon Utilities PhotoStitch 3.1
Canon Utilities RAW Image Converter
Canon Utilities RemoteCapture 2.1
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
CloneDVD Trial 3.0.2.5
Download Accelerator Plus
Drive Image 4.0
DV Studio3
Easy CD Creator 5 Platinum
EasyStudio Image Editor
Elmo Through the Looking Glass
Elmo's Deep Sea Adventure
EMCO Network Malware Cleaner
ewido security suite
Freddi Fish's One-Stop Fun Shop
FreeRIP v2.942
Google Toolbar for Internet Explorer
Grover's Travels
HijackThis 1.99.1
hp psc 1200 series
HP 相片與影像 2.0 - All-in-One
HP 相片與影像 2.0 - hp psc 1200 series
HP 相片與影像 2.0 版 - All-in-One 驅動程式
HP 記憶光碟
ImageStation Easy Upload Tools
Incoming
Indeo?software
infobox
infobox2.0
J2SE Runtime Environment 5.0 Update 1
J2SE Runtime Environment 5.0 Update 2
J2SE Runtime Environment 5.0 Update 4
Kaspersky On-line Scanner
Leeds Learning Color and Shapes
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
Macromedia Shockwave Player
MadOnion.com/3DMark2001
MATLAB 6.5.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Chinese (Traditional) Lang. Pack
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft Data Access Components KB870669
Microsoft Office Professional Edition 2003
Microsoft Speech API 4.0
Microsoft Text-to-Speech Engine
Microsoft Windows XP CD 寫入精靈 HighMAT 擴充
Microsoft Windows 筆記本檢視器
Microsoft 鋼彈司令 2
MSN Messenger 6.1
MYOB Premier 2
Nero Suite
NTI CD-Maker 2000 Plus
NTI CD-Maker 6 Platinum
NTI DriveBackup!
NTI FileCD
NVIDIA Display Driver
NVIDIA nForce Drivers
NVIDIA System Utility
Panda ActiveScan
PIMS & File Manager
Pinnacle Systems PCI Performance Enhancer
PowerDVD
PowerQuest PartitionMagic 7.0
Prince of Persia 3D
QuickTime
RealPlayer
Sesame Street ® Music Maker™
SmartSound Quicktracks Plugin
SpyHunter
Symantec WinFax Basic Edition 10.01
The Sims 2
The Three Grouchketeers
Ulead DVD MovieFactory 2
Ulead MediaStudio Pro 7.0
Ulead VideoStudio 9.0
USB Driver for Panasonic DVC (with Web Camera)
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Media Encoder 9 Series
Windows Media Encoder 9 Series
Windows Media Format Runtime
Windows Media Player 10
Windows Registry Repair Pro
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB886677
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
Windows XP 安全性更新 (KB883939)
Windows XP 安全性更新 (KB890046)
Windows XP 安全性更新 (KB893756)
Windows XP 安全性更新 (KB896358)
Windows XP 安全性更新 (KB896422)
Windows XP 安全性更新 (KB896423)
Windows XP 安全性更新 (KB896428)
Windows XP 安全性更新 (KB899587)
Windows XP 安全性更新 (KB899588)
Windows XP 安全性更新 (KB899591)
Windows XP 安全性更新 (KB901214)
Windows XP 安全性更新 (KB903235)
Windows XP 更新 (KB894391)
Windows XP 更新 (KB896727)
Windows XP 更新 (KB898461)
WinRAR archiver
WinZip
YAMAHA SMAF Sound Decorator
金山詞霸.net 2001
風雲2
虛擬光碟玩家版
  • 0

#29
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Do you still have problems?

Please read the following:

http://www.spywarewa...are.htm#sh_note

SpyHunter is NOT a recommended anti-spyware scanner, decide if you want to remove it.. Recommended.
  • 0

#30
SKLau

SKLau

    Member

  • Topic Starter
  • Member
  • PipPip
  • 17 posts
Seems fine right now. Spyhunter was uninstalled. :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP