Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan Downloader Help


  • Please log in to reply

#1
minute92

minute92

    New Member

  • Member
  • Pip
  • 2 posts
Hey. Have got loads of viruses on my pc. Could you guys please help.

Here`s the ew'do scan results -
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:32:21, 21/10/2005
+ Report-Checksum: 44DF8728

+ Scan result:

C:\Documents and Settings\me\Cookies\me@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\me\Cookies\me@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\me\Cookies\me@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\me\Local Settings\Temp\oins.exe -> Spyware.MediaTickets : Cleaned with backup
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup
C:\WIN2\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\Cookies\kullanici9@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\system32\70tovmto.ini -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\tksrv99.exe -> TrojanDropper.Agent.hb : Cleaned with backup
C:\WINDOWS\system32\unregister.exe -> Spyware.VB : Cleaned with backup
C:\zips\CineForm_Aspect_HD_v2.5_for_Adobe_Premiere_Pro_INTERNAL-PARADOX.ZIP/cracker.exe -> TrojanDownloader.IstBar.lu : Error during cleaning
C:\zips\FilmFX_v2.35.zip/pcu.exe -> TrojanDownloader.INService.i : Error during cleaning
C:\zips\fixtool\fix.exe -> Worm.Hidrag : Cleaned with backup
C:\zips\fixtool.zip/fix.exe -> Worm.Hidrag : Error during cleaning
C:\zips\Sonic_Foundry_Soft_Encode_5.1_Serial.zip/crack.exe -> TrojanDownloader.IstBar.is : Error during cleaning
C:\zips\Sony_Sound_Forge_v8.0_by_SSG.zip/crack.exe/ist1.exe -> TrojanDownloader.IstBar.is : Error during cleaning


::Report End

And here`s my hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 13:19:49, on 21/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WIN2\System32\smss.exe
C:\WIN2\system32\winlogon.exe
C:\WIN2\system32\services.exe
C:\WIN2\system32\lsass.exe
C:\WIN2\System32\Wintab32.exe
C:\WIN2\System32\Ati2evxx.exe
C:\WIN2\system32\svchost.exe
C:\WIN2\System32\svchost.exe
C:\WIN2\system32\Ati2evxx.exe
C:\WIN2\Explorer.EXE
C:\WIN2\system32\ctfmon.exe
C:\WIN2\system32\spoolsv.exe
C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WIN2\System32\ZPOINT32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WIN2\System32\CTSvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WIN2\System32\svchost.exe
C:\WIN2\System32\MsPMSPSv.exe
C:\PROGRA~1\XLR8\xlr8d.exe
C:\Program Files\XLR8\jre\bin\javaw.exe
C:\Program Files\XLR8\xlr8stat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WIN2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WIN2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WIN2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WIN2\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WIN2\System32\ZPOINT32.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WIN2\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN2\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WIN2\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WIN2\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Ewipmiiro - ewido networks - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WIN2\System32\HPZipm12.exe
O23 - Service: Wintab32 - Unknown owner - C:\WIN2\System32\Wintab32.exe
O23 - Service: GridIron XLR8 (XLR8) - GridIron Software - C:\PROGRA~1\XLR8\xlr8d.exe


Thanx for taking the time to read this.
  • 0

Advertisements


#2
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi minute92. Welcome to GTG. :)

Could you run hijack this again and post a new log in this thread? :tazz:
  • 0

#3
coachwife6

coachwife6

    SuperStar

  • Retired Staff
  • 11,413 posts
Hi minute92. Did you get this resolved? :tazz:
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP