Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

msw32 [CLOSED]


  • This topic is locked This topic is locked

#1
foontas

foontas

    Member

  • Member
  • PipPip
  • 19 posts
hi, ive taken all the steps advised to clear out the malware on my computer, and its found a lot, now im not sure if im entirely clean.

i keep seeing this msw32.pif in the startup and im not sure if its safe.

here is my log

Logfile of HijackThis v1.99.1
Scan saved at 12:14:34 PM, on 16/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Win Security] msw32.pif
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\RunServices: [Win Security] msw32.pif
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Win Security] msw32.pif
O4 - HKCU\..\RunServices: [Win Security] msw32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Leica Server Initialise.lnk = C:\Leica-ia\LIS-In32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: Tornado 21 -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://shot.ongamene...GameForShot.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://localhost/icons/smsx.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://www.e-leica.com/mcsimenu.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® NetStructure™ VPN Client (ICService) - Unknown owner - C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: PSEXESVC - Unknown owner - C:\WINNT\System32\PSEXESVC.EXE (file missing)
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe


regards,

andrew
  • 0

Advertisements


#2
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I apologize for the delay getting to your log, the helpers here are very busy.
If you still need help, please post a fresh Hijack log, in this thread, so I can help you with your Malware Problems.

If you have resolved this issue please let us know.
  • 0

#3
foontas

foontas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
g'day sam,

i can understand your situation, and im in no rush

heres a fresh log

Logfile of HijackThis v1.99.1
Scan saved at 6:52:20 PM, on 21/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\WINNT\system32\wisptis.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\hjt\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Win Security] msw32.pif
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKLM\..\RunServices: [Win Security] msw32.pif
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [Win Security] msw32.pif
O4 - HKCU\..\RunServices: [Win Security] msw32.pif
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Leica Server Initialise.lnk = C:\Leica-ia\LIS-In32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O16 - DPF: Tornado 21 -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://shot.ongamene...GameForShot.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://localhost/icons/smsx.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://www.e-leica.com/mcsimenu.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® NetStructure™ VPN Client (ICService) - Unknown owner - C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

regards

andrew

Edited by foontas, 21 October 2005 - 02:55 AM.

  • 0

#4
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I see you are running both AVG and TrendMicro at the same time. This is not recommended and may cause extreme instability and conflicts. Please remove one of them.

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer,SearchURL = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.search345quest.com/sp2.php
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O4 - HKLM\..\Run: [Win Security] msw32.pif
O4 - HKLM\..\RunServices: [Win Security] msw32.pif
O4 - HKCU\..\Run: [Win Security] msw32.pif
O4 - HKCU\..\RunServices: [Win Security] msw32.pif
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.r...ip/RdxIE601.cab



Delete this file, if present:

C:\WINNT\system32\msw32.pif



Please run at least two of these online scans.
Make sure they are set to clean automatically

Panda Virus Scan

Bit Defender

TrendMicro Housecall

There may be files that these scans will not remove. Please include that information in your next post.


Reboot and post a new hijackthis log and the info from your virus scans.
  • 0

#5
foontas

foontas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
i did all that you said, now here are my logs

Logfile of HijackThis v1.99.1
Scan saved at 10:10:38 PM, on 22/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\Explorer.EXE
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Leica Server Initialise.lnk = C:\Leica-ia\LIS-In32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: Tornado 21 -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://shot.ongamene...GameForShot.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://localhost/icons/smsx.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://www.e-leica.com/mcsimenu.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Intel® NetStructure™ VPN Client (ICService) - Unknown owner - C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

panda virus scan
active scan

Incident Status Location

Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll
Adware:Adware/EliteBar No disinfected C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll[onekill.exe]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\John Foong\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-420a6d-697afbfc.zip[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\John Foong\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-420a6d-697afbfc.zip[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\John Foong\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-420a6d-697afbfc.zip[Dummy.class]
Adware:Adware/Gator No disinfected C:\WINNT\Downloaded Program Files\HDPlugin1019.inf
Dialer:Dialer.OK No disinfected C:\WINNT\Downloaded Program Files\internazionale_ver3.INF
Adware:adware/gator No disinfected C:\WINNT\FT1_02_0_402_GEPFAH.EXE
Hacktool:HackTool/DiskInfo.A No disinfected C:\WINNT\system32\drivers\etc\config\cdcreator.exe[DISKINFO.EXE]

i also used spyxposer. when i scanned again, i didnt choose it though


Incident Status Location

Adware:adware/gator Reported C:\WINNT\FT1_02_0_402_GEPFAH.EXE
Adware:adware/elitebar Reported C:\Documents and Settings\John Foong\Favorites\Casino & Carrers
Spyware:Cookie/64.62.232 Reported C:\Documents and Settings\John Foong\Cookies\john foong@64.62.232[2].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Cookies\john foong@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\John Foong\Cookies\john foong@adopt.hbmediapro[1].txt
Spyware:Cookie/Banner Reported C:\Documents and Settings\John Foong\Cookies\john foong@banner[1].txt
Spyware:Cookie/Enhance Reported C:\Documents and Settings\John Foong\Cookies\john foong@c.enhance[1].txt
Spyware:Cookie/Barelylegal Reported C:\Documents and Settings\John Foong\Cookies\john foong@c.fsx[1].txt
Spyware:Cookie/Ccbill Reported C:\Documents and Settings\John Foong\Cookies\john foong@ccbill[1].txt
Spyware:Cookie/Cd Freaks Reported C:\Documents and Settings\John Foong\Cookies\john foong@cdfreaks[1].txt
Spyware:Cookie/Imrworldwide Reported C:\Documents and Settings\John Foong\Cookies\john foong@cgi-bin[2].txt
Spyware:Cookie/Cd Freaks Reported C:\Documents and Settings\John Foong\Cookies\john foong@club.cdfreaks[1].txt
Spyware:Cookie/360i Reported C:\Documents and Settings\John Foong\Cookies\john foong@ct.360i[1].txt
Spyware:Cookie/did-it Reported C:\Documents and Settings\John Foong\Cookies\john foong@did-it[2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\John Foong\Cookies\john foong@dist.belnk[2].txt
Spyware:Cookie/empnads Reported C:\Documents and Settings\John Foong\Cookies\john foong@empnads[2].txt
Spyware:Cookie/fe.lea.lycos Reported C:\Documents and Settings\John Foong\Cookies\john foong@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Reported C:\Documents and Settings\John Foong\Cookies\john foong@fe.lea.lycos[2].txt
Spyware:Cookie/go Reported C:\Documents and Settings\John Foong\Cookies\john foong@go[1].txt
Spyware:Cookie/Mircx Reported C:\Documents and Settings\John Foong\Cookies\john foong@pop.mircx[1].txt
Spyware:Cookie/RC Reported C:\Documents and Settings\John Foong\Cookies\john foong@rc[1].txt
Spyware:Cookie/Rightmedia Reported C:\Documents and Settings\John Foong\Cookies\john foong@rightmedia[1].txt
Spyware:Cookie/Toplist Reported C:\Documents and Settings\John Foong\Cookies\john foong@toplist[1].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Cookies\john foong@uol.com[2].txt
Spyware:Cookie/WebPower Reported C:\Documents and Settings\John Foong\Cookies\john foong@webpower[1].txt
Spyware:Cookie/web-stat Reported C:\Documents and Settings\John Foong\Cookies\john foong@www.web-stat[2].txt
Spyware:Cookie/Xiti Reported C:\Documents and Settings\John Foong\Cookies\john foong@xiti[2].txt
Spyware:Cookie/Xmts Reported C:\Documents and Settings\John Foong\Cookies\john foong@xmts[2].txt
Spyware:Cookie/Yadro Reported C:\Documents and Settings\John Foong\Cookies\john foong@yadro[2].txt
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/onestat.com Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Tucows Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Humanclick Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[hc2.humanclick.com/hc/32728812]
Spyware:Cookie/Humanclick Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Zedo Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Research-int Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.research-int.se/]
Spyware:Cookie/Searchportal Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/OfferOptimizer Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/888 Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.888.com/]
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.ad.sensismediasmart.com.au/]
Spyware:Cookie/64.62.232 Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Toplist Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Humanclick Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[hc2.humanclick.com/hc/56081914]
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/FortuneCity Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/bravenetA Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clicktracks Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.stats1.clicktracks.com/]
Spyware:Cookie/Xiti Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Yadro Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/go Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.go.com/]
Spyware:Cookie/Enhance Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Casalemedia Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/YieldManager Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[ad.yieldmanager.com/]
Spyware:Cookie/adultfriendfinderReported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.adultfriendfinder.com/]
Spyware:Cookie/onestat.com Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[stat.onestat.com/]
Spyware:Cookie/RealMedia Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.realmedia.com/]
Spyware:Cookie/DomainSponsor Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[landing.domainsponsor.com/]
Spyware:Cookie/Tucows Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.tucows.com/]
Spyware:Cookie/Humanclick Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[hc2.humanclick.com/hc/32728812]
Spyware:Cookie/Humanclick Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[hc2.humanclick.com/]
Spyware:Cookie/Zedo Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.zedo.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.belnk.com/]
Spyware:Cookie/Apmebf Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.apmebf.com/]
Spyware:Cookie/Research-int Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.research-int.se/]
Spyware:Cookie/Searchportal Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[searchportal.information.com/]
Spyware:Cookie/OfferOptimizer Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.offeroptimizer.com/]
Spyware:Cookie/888 Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.888.com/]
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.ad.sensismediasmart.com.au/]
Spyware:Cookie/64.62.232 Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[64.62.232.6/]
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Toplist Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.toplist.cz/]
Spyware:Cookie/Humanclick Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[hc2.humanclick.com/hc/56081914]
Spyware:Cookie/Maxserving Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.maxserving.com/]
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.ig.com.br/]
Spyware:Cookie/FortuneCity Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.fortunecity.com/]
Spyware:Cookie/bravenetA Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.bravenet.com/]
Spyware:Cookie/Clicktracks Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.stats1.clicktracks.com/]
Spyware:Cookie/Xiti Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.xiti.com/]
Spyware:Cookie/Belnk Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.ath.belnk.com/]
Spyware:Cookie/Yadro Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/go Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.go.com/]
Spyware:Cookie/Enhance Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[c.enhance.com/]
Spyware:Cookie/Adrevolver Reported C:\Documents and Settings\John Foong\Application Data\Mozilla\Firefox\Profiles\jqz3e412.default\cookies.txt[.adrevolver.com/]
Spyware:Cookie/64.62.232 Reported C:\Documents and Settings\John Foong\Cookies\john foong@64.62.232[2].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Cookies\john foong@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Hbmediapro Reported C:\Documents and Settings\John Foong\Cookies\john foong@adopt.hbmediapro[1].txt
Spyware:Cookie/Banner Reported C:\Documents and Settings\John Foong\Cookies\john foong@banner[1].txt
Spyware:Cookie/Enhance Reported C:\Documents and Settings\John Foong\Cookies\john foong@c.enhance[1].txt
Spyware:Cookie/Barelylegal Reported C:\Documents and Settings\John Foong\Cookies\john foong@c.fsx[1].txt
Spyware:Cookie/Ccbill Reported C:\Documents and Settings\John Foong\Cookies\john foong@ccbill[1].txt
Spyware:Cookie/Cd Freaks Reported C:\Documents and Settings\John Foong\Cookies\john foong@cdfreaks[1].txt
Spyware:Cookie/Imrworldwide Reported C:\Documents and Settings\John Foong\Cookies\john foong@cgi-bin[2].txt
Spyware:Cookie/Cd Freaks Reported C:\Documents and Settings\John Foong\Cookies\john foong@club.cdfreaks[1].txt
Spyware:Cookie/360i Reported C:\Documents and Settings\John Foong\Cookies\john foong@ct.360i[1].txt
Spyware:Cookie/did-it Reported C:\Documents and Settings\John Foong\Cookies\john foong@did-it[2].txt
Spyware:Cookie/Belnk Reported C:\Documents and Settings\John Foong\Cookies\john foong@dist.belnk[2].txt
Spyware:Cookie/empnads Reported C:\Documents and Settings\John Foong\Cookies\john foong@empnads[2].txt
Spyware:Cookie/fe.lea.lycos Reported C:\Documents and Settings\John Foong\Cookies\john foong@fe.lea.lycos[1].txt
Spyware:Cookie/fe.lea.lycos Reported C:\Documents and Settings\John Foong\Cookies\john foong@fe.lea.lycos[2].txt
Spyware:Cookie/go Reported C:\Documents and Settings\John Foong\Cookies\john foong@go[1].txt
Spyware:Cookie/Mircx Reported C:\Documents and Settings\John Foong\Cookies\john foong@pop.mircx[1].txt
Spyware:Cookie/RC Reported C:\Documents and Settings\John Foong\Cookies\john foong@rc[1].txt
Spyware:Cookie/Rightmedia Reported C:\Documents and Settings\John Foong\Cookies\john foong@rightmedia[1].txt
Spyware:Cookie/Toplist Reported C:\Documents and Settings\John Foong\Cookies\john foong@toplist[1].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Cookies\john foong@uol.com[2].txt
Spyware:Cookie/WebPower Reported C:\Documents and Settings\John Foong\Cookies\john foong@webpower[1].txt
Spyware:Cookie/web-stat Reported C:\Documents and Settings\John Foong\Cookies\john foong@www.web-stat[2].txt
Spyware:Cookie/Xiti Reported C:\Documents and Settings\John Foong\Cookies\john foong@xiti[2].txt
Spyware:Cookie/Xmts Reported C:\Documents and Settings\John Foong\Cookies\john foong@xmts[2].txt
Spyware:Cookie/Yadro Reported C:\Documents and Settings\John Foong\Cookies\john foong@yadro[2].txt
Spyware:Cookie/Com.com Reported C:\Documents and Settings\John Foong\Local Settings\Temp\Cookies\john foong@ad.sensismediasmart.com[1].txt
Spyware:Cookie/Yadro Reported C:\Documents and Settings\John Foong\Local Settings\Temp\Cookies\john foong@yadro[1].txt
Adware:Adware/Gator Reported C:\WINNT\Downloaded Program Files\HDPlugin1019.inf
Dialer:Dialer.OK Reported C:\WINNT\Downloaded Program Files\internazionale_ver3.INF
Hacktool:HackTool/DiskInfo.A Reported C:\WINNT\system32\drivers\etc\config\cdcreator.exe[DISKINFO.EXE]
Hacktool:HackTool/DiskInfo.A Reported C:\WINNT\system32\Microsoft\user\uploads\DISKINFO.EXE
Virus:Trj/Multidropper.AOE Reported C:\WINNT\system32\os2\bsid3.exe
Virus:Trj/Downloader.EC Reported [rld-d3kg.zip][start.exe]



bitdefender
these are only the scanned file sections

Scanned File


Status

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll


Infected with: Trojan.Dropper.Agent.KD

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll


Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll


Deleted

C:\Documents and Settings\John Foong\Local Settings\Temp\ShotOnline.exe


Infected with: Trojan.Downloader.Istbar.NT

C:\Documents and Settings\John Foong\Local Settings\Temp\ShotOnline.exe


Disinfection failed

C:\Documents and Settings\John Foong\Local Settings\Temp\ShotOnline.exe


Deleted

C:\Documents and Settings\J
  • 0

#6
foontas

foontas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
the remaining bit defender and housecall logs are here


bitdefender
these are only the scanned file sections

Scanned File


Status

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll


Infected with: Trojan.Dropper.Agent.KD

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll


Disinfection failed

C:\Documents and Settings\Default User\Local Settings\Temporary Internet Files\Content.IE5\U789GH6J\win32[1].dll


Deleted

C:\Documents and Settings\John Foong\Local Settings\Temp\ShotOnline.exe


Infected with: Trojan.Downloader.Istbar.NT

C:\Documents and Settings\John Foong\Local Settings\Temp\ShotOnline.exe


Disinfection failed

C:\Documents and Settings\John Foong\Local Settings\Temp\ShotOnline.exe


Deleted

C:\Documents and Settings\John Foong\My Documents\andrew\ShotOnlineClientEng.exe


Infected with: Trojan.Downloader.Istbar.NT

C:\Documents and Settings\John Foong\My Documents\andrew\ShotOnlineClientEng.exe


Disinfection failed

C:\Documents and Settings\John Foong\My Documents\andrew\ShotOnlineClientEng.exe


Deleted

C:\Documents and Settings\John Foong\Start Menu\Programs\Accessories\Games\ShotOnline International\ShotOnline Uninstall.lnk=>C:\Program Files\ShotOnline International\uninst.exe


Infected with: Trojan.Downloader.Istbar.NT

C:\Documents and Settings\John Foong\Start Menu\Programs\Accessories\Games\ShotOnline International\ShotOnline Uninstall.lnk=>C:\Program Files\ShotOnline International\uninst.exe


Disinfection failed

C:\Documents and Settings\John Foong\Start Menu\Programs\Accessories\Games\ShotOnline International\ShotOnline Uninstall.lnk=>C:\Program Files\ShotOnline International\uninst.exe


Deleted

C:\Documents and Settings\John Foong\Start Menu\Programs\Accessories\Games\ShotOnline International\ShotOnline Uninstall.lnk


Update failed

C:\Documents and Settings\John Foong\Start Menu\Programs\stuff\ongamenet\ShotOnline\ShotOnline Uninstall.lnk=>C:\Program Files\OnGameNet\ShotOnline\uninst.exe


Infected with: Trojan.Downloader.Istbar.NT

C:\Documents and Settings\John Foong\Start Menu\Programs\stuff\ongamenet\ShotOnline\ShotOnline Uninstall.lnk=>C:\Program Files\OnGameNet\ShotOnline\uninst.exe


Disinfection failed

C:\Documents and Settings\John Foong\Start Menu\Programs\stuff\ongamenet\ShotOnline\ShotOnline Uninstall.lnk=>C:\Program Files\OnGameNet\ShotOnline\uninst.exe


Deleted

C:\Documents and Settings\John Foong\Start Menu\Programs\stuff\ongamenet\ShotOnline\ShotOnline Uninstall.lnk


Update failed

C:\msdo0.pif


Infected with: Backdoor.Sdbot.AEY

C:\msdo0.pif


Disinfection failed

C:\msdo0.pif


Deleted

C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)=>HIDDEN32.EXE


Infected with: Virtool.HiddenRun.B

C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)=>HIDDEN32.EXE


Disinfection failed

C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)=>HIDDEN32.EXE


Deleted

C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)


Update failed

C:\WINNT\system32\Microsoft\user\HIDDEN32.EXE


Infected with: Virtool.HiddenRun.B

C:\WINNT\system32\Microsoft\user\HIDDEN32.EXE


Disinfection failed

C:\WINNT\system32\Microsoft\user\HIDDEN32.EXE


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\hidden32.exe


Infected with: Virtool.HiddenRun.B

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\hidden32.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\hidden32.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\smss.exe


Infected with: Backdoor.Iroffer.14b2.A

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\smss.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\smss.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\FireDaemon.exe


Infected with: Worm.Worm.Bat.Boohoo.A

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\FireDaemon.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\FireDaemon.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\SecureNetbios.exe


Infected with: Backdoor.Iroffer.C

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\SecureNetbios.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\SecureNetbios.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed

C:\WINNT\system32\sys32.exe


Infected with: Trojan.Dropper.Agent.KD

C:\WINNT\system32\sys32.exe


Disinfection failed

C:\WINNT\system32\sys32.exe


Deleted

house call

Virus Scan No virus detected


Results:
We have detected 0 infected file(s) with 0 virus(es) on your computer. Only 0 out of 0 infected files are displayed.
Detected File Associated Virus Name




Trojan/Worm Check No worm/Trojan horse detected

What we checked:
Malicious activity by a Trojan horse program. Although a Trojan seems like a harmless program, it contains malicious code and once installed can cause damage to your computer.
Results:
We have detected 0 Trojan horse program(s) and worm(s) on your computer. Only 0 out of 0 Trojan horse programs and worms are displayed.
Trojan/Worm Name Trojan/Worm Type




Spyware Check 39 spyware programs detected

What we checked:
Whether personal information was tracked and reported by spyware. Spyware is often installed secretly with legitimate programs downloaded from the Internet.
Results:
We have detected 39 spyware(s) on your computer. Only 0 out of 0 spywares are displayed.
Spyware Name Spyware Type
COOKIE_45 Cookie
COOKIE_225 Cookie
COOKIE_442 Cookie
COOKIE_488 Cookie
COOKIE_620 Cookie
COOKIE_650 Cookie
COOKIE_730 Cookie
COOKIE_809 Cookie
COOKIE_936 Cookie
COOKIE_968 Cookie
COOKIE_1002 Cookie
COOKIE_1248 Cookie
COOKIE_1300 Cookie
COOKIE_1504 Cookie
COOKIE_1523 Cookie
COOKIE_1543 Cookie
COOKIE_1570 Cookie
COOKIE_1619 Cookie
COOKIE_1738 Cookie
COOKIE_1805 Cookie
COOKIE_1843 Cookie
COOKIE_1887 Cookie
COOKIE_1955 Cookie
COOKIE_2077 Cookie
COOKIE_2126 Cookie
COOKIE_2602 Cookie
COOKIE_2631 Cookie
COOKIE_2875 Cookie
COOKIE_2996 Cookie
COOKIE_3009 Cookie
COOKIE_3010 Cookie
COOKIE_3081 Cookie
COOKIE_3082 Cookie
COOKIE_3117 Cookie
COOKIE_3130 Cookie
COOKIE_3188 Cookie
COOKIE_3196 Cookie
COOKIE_3201 Cookie
COOKIE_3232 Cookie




Microsoft Vulnerability Check No vulnerability detected

What we checked:
Microsoft known security vulnerabilities. These are issues Microsoft has identified and released Critical Updates to fix.
Results:
We have detected 0 vulnerability/vulnerabilities on your computer. Only 0 out of 0 vulnerabilities are displayed.
Risk Level Issue How to Fix


thanks
  • 0

#7
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
I would like to have you run one more scan. It's a small download and a relatively quick scan.

Download and run Stinger. Let me know what it finds.
http://download.nai....ert/stinger.exe


How are things working for you now?
  • 0

#8
foontas

foontas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
stinger didnt detect anything, i will run it again, just to be sure

but i keep getting

znksvc32.exe

being detected by trend micro, it pops up in different drives and folders
  • 0

#9
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
That's a worm and something we need to get rid of for you. Please run a new scan with Bit Defender and post the log. Also post a new hijackthis log.
  • 0

#10
foontas

foontas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)=>HIDDEN32.EXE


Infected with: Virtool.HiddenRun.B

C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)=>HIDDEN32.EXE


Disinfection failed

C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)=>HIDDEN32.EXE


Deleted

C:\WINNT\system32\drivers\etc\config\cdcreator.exe=>(RAR Sfx o)


Update failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\hidden32.exe


Infected with: Virtool.HiddenRun.B

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\hidden32.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\hidden32.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\smss.exe


Infected with: Backdoor.Iroffer.14b2.A

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\smss.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\smss.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\FireDaemon.exe


Infected with: Worm.Worm.Bat.Boohoo.A

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\FireDaemon.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\FireDaemon.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\SecureNetbios.exe


Infected with: Backdoor.Iroffer.C

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\SecureNetbios.exe


Disinfection failed

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)=>%appfolder%\SecureNetbios.exe


Deleted

C:\WINNT\system32\os2\bsid3.exe=>(Instyler o)


Update failed


Logfile of HijackThis v1.99.1
Scan saved at 6:21:55 PM, on 29/10/2005
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\crypserv.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
C:\WINNT\system32\nvsvc32.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
C:\WINNT\Explorer.EXE
C:\PROGRA~1\TRENDM~1\INTERN~2\PccGuide.exe
C:\Program Files\Microsoft Hardware\Keyboard\type32.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINNT\system32\RUNDLL32.EXE
C:\Program Files\Common Files\ACD Systems\EN\DevDetect.exe
C:\Program Files\Telstra\Toolbar\bpumTray.exe
C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE
C:\Program Files\Telstra\Cable Login\bpcable.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\hjt\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ninemsn.com.au/
O2 - BHO: ActivateBand Class - {4C7B6DE1-99A4-4CF1-8B44-68889900E1D0} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BigPond Toolbar - {7A431EC4-CC21-4DF7-9DB1-A2CF74C4CC98} - C:\Program Files\Telstra\Toolbar\bpumToolBand.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IntelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 2005\pccguide.exe"
O4 - HKLM\..\Run: [Device Detector] DevDetect.exe -autorun
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKLM\..\Run: [BigPond Toolbar] "C:\Program Files\Telstra\Toolbar\bpumTray.exe"
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Leica Server Initialise.lnk = C:\Leica-ia\LIS-In32.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINNT\System32\msjava.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INETREPL.DLL
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: Tornado 21 -
O16 - DPF: Yahoo! Pool 2 -
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab27571.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {0A79AAEF-0913-4E57-9429-59EA4377D8E9} (LaunchGame.launchGameCtrl) - http://shot.ongamene...GameForShot.CAB
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab30149.cab
O16 - DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} (MeadCo ScriptX Advanced) - http://localhost/icons/smsx.cab
O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://www.e-leica.com/mcsimenu.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...MineSweeper.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefend...can8/oscan8.cab
O16 - DPF: {665585FD-2068-4C5E-A6D3-53AC3270ECD4} (FileSharingCtrl Class) - http://appdirectory....sharingctrl.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab30149.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zon...ot.cab30149.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 209.28.72.116 209.28.72.151 209.28.72.115
O23 - Service: BigPond Broadband Cable Login (bpcService) - Unknown owner - C:\Program Files\Telstra\Cable Login\bpcService.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINNT\SYSTEM32\crypserv.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Intel® NetStructure™ VPN Client (ICService) - Unknown owner - C:\Program Files\Intel\Intel NetStructure VPN Client\icsrv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: WIN32 (image) - Unknown owner - C:\WINNT\image.exe (file missing)
O23 - Service: FireDaemon Service: MSVC9 (MSVC9) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINNT\system32\nvsvc32.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\PcCtlCom.exe
O23 - Service: FireDaemon Service: QOS (QOS) - Unknown owner - c:\winnt\system32\microsoft\user\FireDaemon.EXE (file missing)
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Incorporated. - C:\PROGRA~1\TRENDM~1\INTERN~2\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~2\tmproxy.exe

thanks
  • 0

Advertisements


#11
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Your log looks good. Is TrendMicro still warning you about that file?
  • 0

#12
foontas

foontas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
not anymore, but it happens in bursts, that would have to be the second time

now adaware wont work.

when i do a scan it gets stuck on deep scanning the local registry at Typelib\something or other.
  • 0

#13
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Let's do this.

Please download WebRoot SpySweeper (It's a 2 week trial):
  • Click the Free Trial link on the right - next to "SpySweeper for Home Computers" to download the program.
  • Double-click the file to install it as follows:
    • Click "Next", read the agreement, Click "Next"
    • Choose "Custom" click "Next".
    • Leave the default installation directoy as it is, then click "Next".
    • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
    • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
    • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
    Disable SpySweeper Shields
    • Click Shields on the left.
    • Click Internet Explorer and uncheck all items.
    • Click Windows System and uncheck all items.
    • Click Startup Programs and uncheck all items.
  • Once the definitions are installed and shields disabled, click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.

  • 0

#14
foontas

foontas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 19 posts
********
7:36 PM: | Start of Session, 6 November 2005 |
7:36 PM: Spy Sweeper started
7:36 PM: Sweep initiated using definitions version 567
7:36 PM: Starting Memory Sweep
7:38 PM: Memory Sweep Complete, Elapsed Time: 00:02:09
7:38 PM: Starting Registry Sweep
7:38 PM: Found Adware: gain-supported software
7:38 PM: HKLM\software\microsoft\windows\currentversion\shareddlls\ || c:\winnt\downloaded program files\hdplugin1019.dll (ID = 126794)
7:38 PM: Registry Sweep Complete, Elapsed Time:00:00:13
7:38 PM: Starting Cookie Sweep
7:38 PM: Found Spy Cookie: 3 cookie
7:38 PM: john foong@3[1].txt (ID = 1959)
7:38 PM: john foong@3[3].txt (ID = 1959)
7:38 PM: Found Spy Cookie: 64.62.232 cookie
7:38 PM: john foong@64.62.232[1].txt (ID = 1987)
7:38 PM: john foong@64.62.232[2].txt (ID = 1987)
7:38 PM: john foong@64.62.232[4].txt (ID = 1987)
7:38 PM: john foong@64.62.232[5].txt (ID = 1987)
7:38 PM: john foong@64.62.232[6].txt (ID = 1987)
7:38 PM: Found Spy Cookie: about cookie
7:38 PM: john foong@about[2].txt (ID = 2037)
7:38 PM: Found Spy Cookie: hbmediapro cookie
7:38 PM: john foong@adopt.hbmediapro[1].txt (ID = 2768)
7:38 PM: Found Spy Cookie: ads.stileproject cookie
7:38 PM: john foong@ads.stileproject[1].txt (ID = 2127)
7:38 PM: Found Spy Cookie: alt cookie
7:38 PM: john foong@alt[2].txt (ID = 2217)
7:38 PM: john foong@animatedtv.about[2].txt (ID = 2038)
7:38 PM: john foong@architecture.about[1].txt (ID = 2038)
7:38 PM: Found Spy Cookie: askmen cookie
7:38 PM: john foong@askmen[1].txt (ID = 2247)
7:38 PM: Found Spy Cookie: atwola cookie
7:38 PM: john foong@atwola[2].txt (ID = 2255)
7:38 PM: Found Spy Cookie: banner cookie
7:38 PM: john foong@banner[1].txt (ID = 2276)
7:38 PM: Found Spy Cookie: enhance cookie
7:38 PM: john foong@c.enhance[1].txt (ID = 2614)
7:38 PM: Found Spy Cookie: barelylegal cookie
7:38 PM: john foong@c.fsx[1].txt (ID = 2286)
7:38 PM: Found Spy Cookie: ccbill cookie
7:38 PM: john foong@ccbill[1].txt (ID = 2369)
7:38 PM: Found Spy Cookie: cd freaks cookie
7:38 PM: john foong@cdfreaks[1].txt (ID = 2370)
7:38 PM: Found Spy Cookie: cgi-win cookie
7:38 PM: john foong@cgi-win[2].txt (ID = 2376)
7:38 PM: john foong@chineseculture.about[1].txt (ID = 2038)
7:38 PM: john foong@club.cdfreaks[1].txt (ID = 2371)
7:38 PM: Found Spy Cookie: tickle cookie
7:38 PM: john foong@cookie.tickle[1].txt (ID = 3530)
7:38 PM: Found Spy Cookie: 360i cookie
7:38 PM: john foong@ct.360i[1].txt (ID = 1962)
7:38 PM: Found Spy Cookie: dealtime cookie
7:38 PM: john foong@dealtime[2].txt (ID = 2505)
7:38 PM: Found Spy Cookie: did-it cookie
7:38 PM: john foong@did-it[2].txt (ID = 2523)
7:38 PM: Found Spy Cookie: belnk cookie
7:38 PM: john foong@dist.belnk[2].txt (ID = 2293)
7:38 PM: Found Spy Cookie: empnads cookie
7:38 PM: john foong@empnads[2].txt (ID = 5012)
7:38 PM: Found Spy Cookie: fe.lea.lycos.com cookie
7:38 PM: john foong@fe.lea.lycos[1].txt (ID = 2660)
7:38 PM: john foong@fe.lea.lycos[2].txt (ID = 2660)
7:38 PM: john foong@forum.cdfreaks[1].txt (ID = 2371)
7:38 PM: Found Spy Cookie: gamespy cookie
7:38 PM: john foong@gamespy[1].txt (ID = 2719)
7:38 PM: Found Spy Cookie: go.com cookie
7:38 PM: john foong@go[1].txt (ID = 2728)
7:38 PM: john foong@hitchhikers.movies.go[1].txt (ID = 2729)
7:38 PM: Found Spy Cookie: mygeek cookie
7:38 PM: john foong@mygeek[1].txt (ID = 3041)
7:38 PM: Found Spy Cookie: mircx cookie
7:38 PM: john foong@pop.mircx[1].txt (ID = 2998)
7:38 PM: Found Spy Cookie: pub cookie
7:38 PM: john foong@pub[1].txt (ID = 3205)
7:38 PM: Found Spy Cookie: rc cookie
7:38 PM: john foong@rc[1].txt (ID = 3231)
7:38 PM: Found Spy Cookie: rightmedia cookie
7:38 PM: john foong@rightmedia[1].txt (ID = 3259)
7:38 PM: Found Spy Cookie: co cookie
7:38 PM: john foong@rs0.co[1].txt (ID = 2430)
7:38 PM: Found Spy Cookie: tvguide cookie
7:38 PM: john foong@rsi.tvguide[1].txt (ID = 3600)
7:38 PM: john foong@sdc.tvguide[1].txt (ID = 3600)
7:38 PM: Found Spy Cookie: web-stat cookie
7:38 PM: john foong@server3.web-stat[2].txt (ID = 3649)
7:38 PM: john foong@stat.dealtime[2].txt (ID = 2506)
7:38 PM: john foong@tabletennis.about[1].txt (ID = 2038)
7:38 PM: Found Spy Cookie: toplist cookie
7:38 PM: john foong@toplist[1].txt (ID = 3557)
7:38 PM: john foong@tvguide[1].txt (ID = 3599)
7:38 PM: Found Spy Cookie: webpower cookie
7:38 PM: john foong@webpower[1].txt (ID = 3660)
7:38 PM: john foong@www.tvguide[1].txt (ID = 3600)
7:38 PM: john foong@www.web-stat[2].txt (ID = 3649)
7:38 PM: Found Spy Cookie: xiti cookie
7:38 PM: john foong@xiti[2].txt (ID = 3717)
7:38 PM: Found Spy Cookie: yadro cookie
7:38 PM: john foong@yadro[2].txt (ID = 3743)
7:38 PM: Cookie Sweep Complete, Elapsed Time: 00:00:04
7:38 PM: Starting File Sweep
7:39 PM: Found Adware: 7adpower
7:39 PM: internazionale_ver3.inf (ID = 48449)
7:40 PM: hdplugin1019.inf (ID = 61473)
7:45 PM: File Sweep Complete, Elapsed Time: 00:07:08
7:45 PM: Full Sweep has completed. Elapsed time 00:09:40
7:45 PM: Traces Found: 56
7:46 PM: Removal process initiated
7:46 PM: Quarantining All Traces: gain-supported software
7:46 PM: Quarantining All Traces: 7adpower
7:46 PM: Quarantining All Traces: 3 cookie
7:46 PM: Quarantining All Traces: 360i cookie
7:46 PM: Quarantining All Traces: 64.62.232 cookie
7:46 PM: Quarantining All Traces: about cookie
7:46 PM: Quarantining All Traces: ads.stileproject cookie
7:46 PM: Quarantining All Traces: alt cookie
7:46 PM: Quarantining All Traces: askmen cookie
7:46 PM: Quarantining All Traces: atwola cookie
7:46 PM: Quarantining All Traces: banner cookie
7:46 PM: Quarantining All Traces: barelylegal cookie
7:46 PM: Quarantining All Traces: belnk cookie
7:46 PM: Quarantining All Traces: ccbill cookie
7:46 PM: Quarantining All Traces: cd freaks cookie
7:46 PM: Quarantining All Traces: cgi-win cookie
7:46 PM: Quarantining All Traces: co cookie
7:46 PM: Quarantining All Traces: dealtime cookie
7:46 PM: Quarantining All Traces: did-it cookie
7:46 PM: Quarantining All Traces: empnads cookie
7:46 PM: Quarantining All Traces: enhance cookie
7:46 PM: Quarantining All Traces: fe.lea.lycos.com cookie
7:46 PM: Quarantining All Traces: gamespy cookie
7:46 PM: Quarantining All Traces: go.com cookie
7:46 PM: Quarantining All Traces: hbmediapro cookie
7:46 PM: Quarantining All Traces: mircx cookie
7:46 PM: Quarantining All Traces: mygeek cookie
7:46 PM: Quarantining All Traces: pub cookie
7:46 PM: Quarantining All Traces: rc cookie
7:46 PM: Quarantining All Traces: rightmedia cookie
7:46 PM: Quarantining All Traces: tickle cookie
7:46 PM: Quarantining All Traces: toplist cookie
7:46 PM: Quarantining All Traces: tvguide cookie
7:46 PM: Quarantining All Traces: webpower cookie
7:46 PM: Quarantining All Traces: web-stat cookie
7:46 PM: Quarantining All Traces: xiti cookie
7:46 PM: Quarantining All Traces: yadro cookie
7:46 PM: Removal process completed. Elapsed time 00:00:23
********
7:34 PM: | Start of Session, 6 November 2005 |
7:34 PM: Spy Sweeper started
7:34 PM: Messenger service has been disabled.
7:34 PM: Your spyware definitions have been updated.
7:36 PM: | End of Session, 6 November 2005 |


oh, also, something i keep forgetting to mention, spybot always finds a virus thing, LSA but can never remove it, even if it does it at start-up.

thanks
  • 0

#15
Buckeye_Sam

Buckeye_Sam

    Malware Expert

  • Member
  • PipPipPipPipPipPipPipPip
  • 10,019 posts
Can you post the log from Spybot so I can see exactly what it's finding.
Also post a new hijackthis log.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP