Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

trojan downloader?

Started by kcasper , Oct 12 2005 03:01 PM

  • Please log in to reply

#1
kcasper
Posted 12 October 2005 - 03:01 PM

kcasper

    New Member

  • Member
  • Pip
  • 1 posts
i ran ad-aware, cwshredder, s & d, ewido, trend housecall, panda(unable to remove most of what it found), trojan hunter, and updated to SP1. rebooted and s&d found 60 problems. assuming i didn't do something right, or there is something still there pulling more and more stuff down. i had the trojan qoologic at one point, but now can't tell if it's gone.

here are my logs - your help is appreciated, and needed!

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 9:19:12 AM, 10/12/2005
+ Report-Checksum: D4B948B6

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{9A9C9B69-F908-4AAB-8D0C-10EA8997F37E} -> Spyware.NetNucleus : Cleaned with backup
HKLM\SOFTWARE\Classes\MediaPassX.Installer\CLSID\\ -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Classes\PROTOCOLS\Name-Space Handler\res -> Spyware.WebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{9E248641-0E24-4DDB-9A1F-705087832AD6}\\CLSID -> Spyware.VX2 : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaPassX.dll\\.Owner -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/Downloaded Program Files/MediaPassX.dll\\{15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} -> Spyware.WinFavorites : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WinDH -> Spyware.DealHelper : Cleaned with backup
HKU\S-1-5-21-568730901-681764103-101265881-1005\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{5F1ABCDB-A875-46C1-8345-B72A4567E486} -> Spyware.ISTBar : Cleaned with backup
HKU\S-1-5-21-568730901-681764103-101265881-1005\Software\WinUpdt -> Spyware.SecondThought : Cleaned with backup
[576] C:\WINDOWS\System32\earan.dll -> TrojanDownloader.Qoologic.ac : Error during cleaning
[2512] C:\Program Files\SurfAccuracy\SAcc.exe -> Spyware.SurfAccuracy : Cleaned with backup
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\raui.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
:mozilla.10:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.11:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.12:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.13:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.14:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.15:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.2o7 : Cleaned with backup
:mozilla.34:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.35:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.43:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Overture : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Questionmarket : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.107:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.108:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.109:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.121:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.122:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.123:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.124:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.125:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.126:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.127:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.128:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.129:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.130:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.133:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.134:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
:mozilla.135:C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Firefox\Profiles\cbadeazj.default\cookies.txt -> Spyware.Cookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya casper@abetterinternet[2].txt -> Spyware.Cookie.Abetterinternet : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][1].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][2].txt -> Spyware.Cookie.Specificclick : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][1].txt -> Spyware.Cookie.Euniverseads : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya casper@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][2].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya casper@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][2].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][1].txt -> Spyware.Cookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya casper@hypertracker[2].txt -> Spyware.Cookie.Hypertracker : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][1].txt -> Spyware.Cookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][2].txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya [email protected][1].txt -> Spyware.Cookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Cookies\kaya casper@yieldmanager[2].txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temp\iinstall.exe -> TrojanDownloader.IstBar.lz : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temp\KM2M4DAR.dll -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temp\res92E.tmp -> Spyware.180Solutions : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temp\sahagent.exe -> Adware.SAHA : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temp\~os27.tmp\OSMIM.DLL -> Spyware.RK : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temp\~os27.tmp\ossproxy.exe -> Spyware.RK : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temp\~os27.tmp\rk.bin -> Spyware.RK : Cleaned with backup
C:\Documents and Settings\Kaya Casper\Local Settings\Temporary Internet Files\Content.IE5\WXMZGTAV\downloaddll[1].htm -> Spyware.DealHelper : Cleaned with backup
C:\Program Files\Media Pass\MediaPassC.dll -> Spyware.WinAD : Cleaned with backup
C:\Program Files\SurfAccuracy -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.cfg -> Adware.SurfAccuracy : Cleaned with backup
C:\Program Files\SurfAccuracy\SAcc.exe -> Adware.SurfAccuracy : Error during cleaning
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP368\A0092920.exe -> Adware.SAHA : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP370\A0094250.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097238.dll -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097257.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097258.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097259.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097260.dll -> Spyware.VirtualBouncer : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097262.exe -> TrojanDownloader.Apropo.r : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097266.dll -> Spyware.AproposMedia : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097267.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097617.exe -> TrojanProxy.Agent.fn : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097622.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097677.dll -> Trojan.EliteBar.c : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097689.exe -> Trojan.EliteBar.c : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097690.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097691.exe -> Backdoor.Rbot.tv : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0097692.exe -> Spyware.MarketScore : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP376\A0098620.dll -> Trojan.EliteBar.c : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP377\A0101639.exe -> TrojanDownloader.Agent.dn : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0103669.exe -> TrojanDownloader.Agent.dn : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106683.exe -> TrojanDownloader.Agent.dn : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106703.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106704.dll -> TrojanDownloader.IstBar.kq : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106705.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106720.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106738.exe -> TrojanDownloader.Agent.dn : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106740.dll -> Trojan.EliteBar.c : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106741.exe -> Trojan.EliteBar.c : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106750.exe -> TrojanDownloader.Agent.dn : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP378\A0106756.exe -> TrojanDownloader.Agent.dn : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP395\A0109363.exe -> Spyware.MarketScore : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP395\A0109364.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109383.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109384.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109385.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109396.exe -> Spyware.BargainBuddy : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109407.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109552.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109561.dll -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109563.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109564.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109565.exe -> Spyware.BookedSpace : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109566.exe -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP397\A0109567.exe -> Adware.BetterInternet : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109588.exe -> Trojan.LowZones.bs : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109641.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109648.exe -> TrojanDownloader.IstBar.gi : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109649.dll -> TrojanDownloader.IstBar.lv : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109659.exe -> Adware.Saha : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109661.exe -> Spyware.WinAD : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109664.exe -> TrojanDownloader.Dyfuca.ei : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109666.exe -> TrojanDownloader.IstBar : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP399\A0109667.dll -> Spyware.DealHelper : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP409\A0113062.cpl -> TrojanDownloader.Qoologic.ad : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP409\A0113282.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP409\A0113283.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP409\A0113284.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP409\A0113285.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP412\A0113327.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP412\A0113328.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP412\A0113330.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP412\A0113333.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP436\A0113612.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP436\A0113613.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP436\A0113614.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP436\A0113615.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP436\A0113621.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\System Volume Information\_restore{E87A81FB-FDCF-4B92-A20C-951710F82D7C}\RP436\A0113685.dll -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\bsx32 -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3ABSPLAT.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3ACCUQ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3AMERS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3ASKNOW2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3CARQ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3CARQ2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3CCB.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3CHOCPBMM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3CHRISMORT.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3CREDITCARD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3DIRTYH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3ENDOMET.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3FREECS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3FREEIPOD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3FREEIPOD2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3FREEXBOX.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3HAIRLOSS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3HYDRO.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3KAN1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3KAN10.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3KAN11.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3KAN12.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3KAN2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3KAN6.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3KAN7.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3LEXREPAIR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3LMORON.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3LOWRATE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3MYDISH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3MYINKS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3NETFLIX2.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3ODYSSEY.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3PARTYPOKER.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3PCHSWEEPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3SPORTSINT.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3SUPERIOR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASI3WEIGHTL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASICLRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIEPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIPP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASIRCPRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISS2RE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\ASISSRE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\bspace.html -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPECAUTO.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPECENTER.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPC.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPD.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPE.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPF.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFAM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFI.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPFIN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPG.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPH.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPHL.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPJ.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPM.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPMTV.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPN.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPR.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPS.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSHOP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPSP.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\bsx32\TMPW.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\EECH1.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\cfgmgr52\SPZ3.bsx -> Spyware.BookedSpace : Cleaned with backup
C:\WINDOWS\elos.exe -> Spyware.MediaMotor : Cleaned with backup
C:\WINDOWS\rk.exe -> Spyware.MarketScore : Cleaned with backup
C:\WINDOWS\rlvknlg.exe -> Spyware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\Bnilgu.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\bs51-egihsg51-va.exe -> Spyware.BookedSpace.e : Cleaned with backup
C:\WINDOWS\SYSTEM32\Cache\dist006.exe -> TrojanDownloader.VB.eu : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\05I7CX2F\pre[1].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\SYSTEM32\CONFIG\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\05I7CX2F\pre[2].exe -> TrojanDownloader.Small.bnd : Cleaned with backup
C:\WINDOWS\SYSTEM32\daxmnoc.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\dun.exe -> Spyware.DealHelper : Cleaned with backup
C:\WINDOWS\SYSTEM32\rk.bin -> Spyware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\rlls.dll -> Spyware.RK : Cleaned with backup
C:\WINDOWS\SYSTEM32\spxsgd.exe -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\wuauclt.dll -> TrojanDownloader.Small : Cleaned with backup
C:\WINDOWS\SYSTEM32\wugka.dat -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__earan.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\SYSTEM32\__delete_on_reboot__fsfsjgd.dll -> TrojanDownloader.Qoologic.ac : Cleaned with backup
C:\WINDOWS\vtlnqaay.exe -> Spyware.BookedSpace : Cleaned with backup


::Report End

Logfile of HijackThis v1.99.1
Scan saved at 4:32:58 PM, on 10/12/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\AIM95\aim.exe
C:\WINDOWS\System32\SNDVOL32.EXE
C:\Program Files\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.naturallyyoumagazine.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R3 - URLSearchHook: (no name) - _{257C6D25-285B-AE44-DBB7-09CCC6CBD76B} - (no file)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CProgram%20Files%5CNetscape%5CNetscape%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\Kaya Casper\Application Data\Mozilla\Profiles\default\4fsm54gj.slt\prefs.js)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5A72F860-7F60-37B1-9C5B-28AD38E16C79} - C:\WINDOWS\Xvnfrrbm.dll
O3 - Toolbar: Search - {AD19926A-19A1-00D3-6850-EE78082ACD08} - C:\WINDOWS\Xvnfrrbm.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [npjklevb] C:\WINDOWS\System32\npjklevb.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\RunServices: [NPF Value] NPFMONTR.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\AIM95\aim.exe -cnetwait.odl
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: QuickBooks Update Agent.lnk = C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra 'Tools' menuitem: Java - {9E248641-0E24-4DDB-9A1F-705087832AD6} - (no file)
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128921995033
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

:tazz:
  • 0

Advertisements

Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP