[minute92]

Hey. Have got loads of viruses on my pc. Could you guys please help.

Here`s the ew'do scan results -
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 12:32:21, 21/10/2005
+ Report-Checksum: 44DF8728

+ Scan result:

C:\Documents and Settings\me\Cookies\me@casalemedia[1].txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\me\Cookies\me@statcounter[1].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\Documents and Settings\me\Cookies\me@tribalfusion[1].txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\me\Local Settings\Temp\oins.exe -> Spyware.MediaTickets : Cleaned with backup
C:\Program Files\Media Access -> Adware.MediaAccess : Cleaned with backup
C:\Program Files\Media Access\Info.txt -> Adware.MediaAccess : Cleaned with backup
C:\WIN2\Downloaded Program Files\MediaTicketsInstaller.ocx -> Spyware.MediaTickets : Cleaned with backup
C:\WINDOWS\Cookies\kullanici9@com[2].txt -> Spyware.Cookie.Com : Cleaned with backup
C:\WINDOWS\system32\70tovmto.ini -> Adware.SAHA : Cleaned with backup
C:\WINDOWS\system32\javex80.vxd/C:/WINDOWS/System32/nvms.dll -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\javex80.vxd/C:/Program Files/NaviSearch/bin/nls.exe -> Spyware.BargainBuddy : Error during cleaning
C:\WINDOWS\system32\tksrv99.exe -> TrojanDropper.Agent.hb : Cleaned with backup
C:\WINDOWS\system32\unregister.exe -> Spyware.VB : Cleaned with backup
C:\zips\CineForm_Aspect_HD_v2.5_for_Adobe_Premiere_Pro_INTERNAL-PARADOX.ZIP/cracker.exe -> TrojanDownloader.IstBar.lu : Error during cleaning
C:\zips\FilmFX_v2.35.zip/pcu.exe -> TrojanDownloader.INService.i : Error during cleaning
C:\zips\fixtool\fix.exe -> Worm.Hidrag : Cleaned with backup
C:\zips\fixtool.zip/fix.exe -> Worm.Hidrag : Error during cleaning
C:\zips\Sonic_Foundry_Soft_Encode_5.1_Serial.zip/crack.exe -> TrojanDownloader.IstBar.is : Error during cleaning
C:\zips\Sony_Sound_Forge_v8.0_by_SSG.zip/crack.exe/ist1.exe -> TrojanDownloader.IstBar.is : Error during cleaning


::Report End

And here`s my hjt log.

Logfile of HijackThis v1.99.1
Scan saved at 13:19:49, on 21/10/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WIN2\System32\smss.exe
C:\WIN2\system32\winlogon.exe
C:\WIN2\system32\services.exe
C:\WIN2\system32\lsass.exe
C:\WIN2\System32\Wintab32.exe
C:\WIN2\System32\Ati2evxx.exe
C:\WIN2\system32\svchost.exe
C:\WIN2\System32\svchost.exe
C:\WIN2\system32\Ati2evxx.exe
C:\WIN2\Explorer.EXE
C:\WIN2\system32\ctfmon.exe
C:\WIN2\system32\spoolsv.exe
C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\WIN2\System32\ZPOINT32.exe
C:\Program Files\Eset\nod32kui.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
C:\Program Files\Hewlett-Packard\Toolbox2.0\Javasoft\JRE\1.3.1\bin\javaw.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WIN2\System32\CTSvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WIN2\System32\svchost.exe
C:\WIN2\System32\MsPMSPSv.exe
C:\PROGRA~1\XLR8\xlr8d.exe
C:\Program Files\XLR8\jre\bin\javaw.exe
C:\Program Files\XLR8\xlr8stat.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WIN2\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WIN2\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WIN2\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [CreativeMixer] C:\Program Files\Creative\Audio\PROGRAM\CTMIX32.EXE /t
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [StatusClient] C:\Program Files\Hewlett-Packard\Toolbox2.0\Apache Tomcat 4.0\webapps\Toolbox\StatusClient\StatusClient.exe /auto
O4 - HKLM\..\Run: [TomcatStartup] C:\Program Files\Hewlett-Packard\Toolbox2.0\hpbpsttp.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [Acecad.Wtxpload] C:\WIN2\Acecad\Wtxpload.exe Acecad
O4 - HKLM\..\Run: [ZPOINT32] C:\WIN2\System32\ZPOINT32.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [MSPY2002] C:\WIN2\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WIN2\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RCMan.EXE
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WIN2\System32\Ati2evxx.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WIN2\System32\CTSvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Ewipmiiro - ewido networks - (no file)
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WIN2\System32\HPZipm12.exe
O23 - Service: Wintab32 - Unknown owner - C:\WIN2\System32\Wintab32.exe
O23 - Service: GridIron XLR8 (XLR8) - GridIron Software - C:\PROGRA~1\XLR8\xlr8d.exe


Thanx for taking the time to read this.

[Advertisements]

Hi minute92. Welcome to GTG.

Could you run hijack this again and post a new log in this thread?

[coachwife6]

Hi minute92. Welcome to GTG.

Could you run hijack this again and post a new log in this thread?

[coachwife6]

Hi minute92. Did you get this resolved?