944,159 Members | Top Members by Rank

Hardware and Software > Microsoft Windows > Viruses, Spyware and other Nasties > Serious problem, Mabye a virus
Ad:
You are currently viewing page 1 of this multi-page discussion thread
Permalink
Apr 22nd, 2006
0

Serious problem, Mabye a virus

Expand Post »
ok basacilly i downloaded a Emulator from a p2p file sharing program. it was in .RAR format and and what i thought was an emulator to make a pokemon game play on my PC. i downloaded and extracted it fine, when i went to instal it my computer crashed and became compleatly unresponsive. I restarted the computer (at the switch) once restarted the computer became incredably slow. taking up to 10 minutes from clicking on start menu for it to show up. and the same with everything else i tried to do. I have no anti virus software at the moment and even if i did i woudln't be able to get it to run cos of the time. I managed to get windows task manager to start and had about aprox 68 copies of task manager running closed all of them and it made no difference. the other thing is when i first load up the computer i get a message as soon as the desktop is loaded stating that windows was unable to open "windows/system32/fs.exe" or something very simular to that and it never used to do that. I'm scared out of my mind that i've compleatly ruined my com now lol.
I've run the Dell diagnostics and they only tested the hardware.
I've considered reinstalling windows but i CANNOT lose all my files etc. i have some extreamly important stuff on there and yes i know i should have backed it up but i ran out of Blank Cds awhile ago. I do have the XP disk and i think i can install the config files again etc but im so worried about lossing everything

Can someone please Help me

Its a Dell Dimension 8400
running windows XP Home SP2
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Highmount is offline Offline
12 posts
since Apr 2006
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

Yes, I would say you are infected.

Download hijackThis. Extract it to its own folder. Then run it and select. Do system scan and save log. Post the contents of the log that pops up.

Download the Free trial version of Spysweeper

http://www.webroot.com/consumer/pro...&rc=4129&ac=tsg

Update the defintions and run it, let it remove whatever it finds.

Then download ewido

www.ewido.net - Install. Update. Scan. Remove anything it finds.

Note: if you cna't download stuff let me know...
Team Colleague
Reputation Points: 84
Solved Threads: 99
<Insert title here>
tayspen is offline Offline
1,542 posts
since Jul 2005
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

Logfile of HijackThis v1.99.1
Scan saved at 20:01:22, on 22/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.exe
C:\WINDOWS\services.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\windllrun.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Windows AdStatus\WinStat.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows AdStatus\WinStatKeep.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\Martin Harding\Desktop\hjackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
F2 - REG:system.ini: Shell=Explorer.exe C:\WINDOWS\system32\fservice.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\McUpdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [rundllwindows] C:\WINDOWS\system32\dllrun32.exe
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [rundllwindows] C:\WINDOWS\system32\dllrun32.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120907691367
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128700638156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: windllrun - Unknown owner - C:\WINDOWS\system32\windllrun.exe

^^^from hijack this
* Note computer randomly works normally as well like it suddenly has sarted tho i forgot to mention this before, bout one in ten restarts it will work like normal*
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Highmount is offline Offline
12 posts
since Apr 2006
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

Pleas run ewido and Spysweeper and post the logs. That will take out most of the infections.
Team Colleague
Reputation Points: 84
Solved Threads: 99
<Insert title here>
tayspen is offline Offline
1,542 posts
since Jul 2005
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

Trojan Horse found: trojan-backdoor-prorat-d
Adware found: winad
Adware found: blazefind_adstat
Spy Cookie found: 2o7.net cookie
Spy Cookie found: 247realmedia cookie
Spy Cookie found: 888 cookie
Spy Cookie found: websponsors cookie
Spy Cookie found: go.com cookie
Spy Cookie found: about cookie
Spy Cookie found: yieldmanager cookie
Spy Cookie found: adecn cookie
Spy Cookie found: adknowledge cookie
Spy Cookie found: hbmediapro cookie
Spy Cookie found: adrevolver cookie
Spy Cookie found: pointroll cookie
Spy Cookie found: bpath cookie
Spy Cookie found: adreactor cookie
Spy Cookie found: adserver cookie
Spy Cookie found: adtech cookie
Spy Cookie found: adultfriendfinder cookie
Spy Cookie found: apmebf cookie
Spy Cookie found: falkag cookie
Spy Cookie found: ask cookie
Spy Cookie found: azjmp cookie
Spy Cookie found: a cookie
Spy Cookie found: banners cookie
Spy Cookie found: banner cookie
Spy Cookie found: belnk cookie
Spy Cookie found: bluestreak cookie
Spy Cookie found: bravenet cookie
Spy Cookie found: bs.serving-sys cookie
Spy Cookie found: touchclarity cookie
Spy Cookie found: burstnet cookie
Spy Cookie found: barelylegal cookie
Spy Cookie found: casalemedia cookie
Spy Cookie found: cassava cookie
Spy Cookie found: centrport net cookie
Spy Cookie found: uproar cookie
Spy Cookie found: clickzs cookie
Spy Cookie found: dl cookie
Spy Cookie found: ru4 cookie
Spy Cookie found: adbureau cookie
Spy Cookie found: gamespy cookie
Spy Cookie found: gostats cookie
Spy Cookie found: hotlog cookie
Spy Cookie found: howstuffworks cookie
Spy Cookie found: screensavers.com cookie
Spy Cookie found: domainsponsor cookie
Spy Cookie found: maxserving cookie
Spy Cookie found: outster cookie
Spy Cookie found: overture cookie
Spy Cookie found: paycounter cookie
Spy Cookie found: pricegrabber cookie
Spy Cookie found: qksrv cookie
Spy Cookie found: questionmarket cookie
Spy Cookie found: realmedia cookie
Spy Cookie found: valuead cookie
Spy Cookie found: revenue.net cookie
Spy Cookie found: rn11 cookie
Spy Cookie found: adjuggler cookie
Spy Cookie found: server.iad.liveperson cookie
Spy Cookie found: serving-sys cookie
Spy Cookie found: servlet cookie
Spy Cookie found: spylog cookie
Spy Cookie found: starware.com cookie
Spy Cookie found: onestat.com cookie
Spy Cookie found: statcounter cookie
Spy Cookie found: reliablestats cookie
Spy Cookie found: tacoda cookie
Spy Cookie found: toplist cookie
Spy Cookie found: tradedoubler cookie
Spy Cookie found: trafficmp cookie
Spy Cookie found: tribalfusion cookie
Spy Cookie found: tripod cookie
Spy Cookie found: weborama cookie
Spy Cookie found: burstbeacon cookie
Spy Cookie found: clickads cookie
Spy Cookie found: clickxchange adware cookie
Spy Cookie found: frenchcum cookie
Spy Cookie found: myaffiliateprogram.com cookie
Spy Cookie found: starpulse cookie
Spy Cookie found: xiti cookie
Spy Cookie found: xxxcounter cookie
Spy Cookie found: yadro cookie
Spy Cookie found: zedo cookie
Adware found: blazefind
Full Sweep has completed. Elapsed time 00:27:38
Traces Found: 144


^^^^^ Spysweeper log ^^^
(says i need to subscribe to remove them tho*
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Highmount is offline Offline
12 posts
since Apr 2006
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 21:39:48, 22/04/2006
+ Report-Checksum: A846DCA1
+ Scan result:
HKLM\SOFTWARE\Classes\WinStatX.Installer -> Adware.WinTaskAd : Cleaned with backup
HKLM\SOFTWARE\Classes\WinStatX.Installer\CLSID -> Adware.WinTaskAd : Cleaned with backup
[1736] C:\WINDOWS\system32\winkey.dll -> Backdoor.Prorat.19.ah : Cleaned with backup
[1780] C:\WINDOWS\services.exe -> Backdoor.Prorat.19.i : Cleaned with backup
[536] C:\WINDOWS\system32\windllrun.exe -> Backdoor.Delf.tz : Cleaned with backup
[996] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Cleaned with backup
[1212] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[1276] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[1292] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[1076] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[1180] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[1716] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[1748] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[2168] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[2192] C:\Program Files\Windows AdStatus\WinStat.exe -> Adware.WinAD : Cleaned with backup
[2328] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[2336] C:\Program Files\Windows AdStatus\WinStatKeep.exe -> Adware.WinAD : Cleaned with backup
[2452] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[2464] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[2492] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[1052] C:\WINDOWS\system32\reginv.dll -> Backdoor.Prorat.19.i : Error during cleaning
[2288] C:\WINDOWS\system32\winkey.dll -> Backdoor.Prorat.19.ah : Error during cleaning
C:\Documents and Settings\Martin Harding\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-40baf3a5-328ec98b.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Martin Harding\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\file\omfg.class-486c9904-621403a3.class -> Downloader.OpenStream.y : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@112.2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@247realmedia[1].txt -> TrackingCookie.247realmedia : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@adrevolver[1].txt -> TrackingCookie.Adrevolver : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@ads.realcastmedia[2].txt -> TrackingCookie.Realcastmedia : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@ads13.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@ads43.bpath[1].txt -> TrackingCookie.Bpath : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@adtech[2].txt -> TrackingCookie.Adtech : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@as-eu.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@as1.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@bluestreak[2].txt -> TrackingCookie.Bluestreak : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@bs.serving-sys[2].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@burstnet[1].txt -> TrackingCookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@casalemedia[2].txt -> TrackingCookie.Casalemedia : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@centrport[1].txt -> TrackingCookie.Centrport : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@citi.bridgetrack[1].txt -> TrackingCookie.Bridgetrack : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@com[2].txt -> TrackingCookie.Com : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@cs.sexcounter[2].txt -> TrackingCookie.Sexcounter : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@cz3.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@e-2dj6wfmykgdpaeo.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@e-2dj6wjnyclajsap.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@e-2dj6wjnyghdzcgp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@edge.ru4[2].txt -> TrackingCookie.Ru4 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@estat[1].txt -> TrackingCookie.Estat : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@harpo.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@hotlog[1].txt -> TrackingCookie.Hotlog : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@hswmedia.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@microsoftuk.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@msninvite.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@overture[2].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@paycounter[1].txt -> TrackingCookie.Paycounter : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@perf.overture[1].txt -> TrackingCookie.Overture : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@qksrv[1].txt -> TrackingCookie.Qksrv : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@questionmarket[1].txt -> TrackingCookie.Questionmarket : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@reduxads.valuead[2].txt -> TrackingCookie.Valuead : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@revenue[1].txt -> TrackingCookie.Revenue : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@s.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@sel.as-eu.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@server.iad.liveperson[2].txt -> TrackingCookie.Liveperson : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@serving-sys[1].txt -> TrackingCookie.Serving-sys : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@spylog[1].txt -> TrackingCookie.Spylog : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@starware[2].txt -> TrackingCookie.Starware : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@statcounter[2].txt -> TrackingCookie.Statcounter : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@stats1.reliablestats[1].txt -> TrackingCookie.Reliablestats : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@trafficmp[1].txt -> TrackingCookie.Trafficmp : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@trafic[1].txt -> TrackingCookie.Trafic : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@valueclick.ne[1].txt -> TrackingCookie.Ne : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@valueclick[3].txt -> TrackingCookie.Valueclick : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@vip2.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@weborama[1].txt -> TrackingCookie.Weborama : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@webstat[3].txt -> TrackingCookie.Web-stat : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@www.burstbeacon[1].txt -> TrackingCookie.Burstbeacon : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@xxxcounter[1].txt -> TrackingCookie.Xxxcounter : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@yadro[2].txt -> TrackingCookie.Yadro : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@z1.adserver[1].txt -> TrackingCookie.Adserver : Cleaned with backup
C:\Documents and Settings\Martin Harding\Cookies\martin harding@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup
C:\Program Files\Internet Explorer\BTOW Shared Files\btwebcontrol.dll -> Dialer.BT.c : Cleaned with backup
C:\Program Files\Windows AdStatus\WinStat.exe -> Adware.WinAD : Cleaned with backup
C:\Program Files\Windows AdStatus\WinStatComm.dll -> Adware.WinAD : Cleaned with backup
C:\Program Files\Windows AdStatus\WinStatKeep.exe -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\Downloaded Program Files\WinStatX.dll -> Adware.WinAD : Cleaned with backup
C:\WINDOWS\services.exe -> Backdoor.Prorat.19.i : Cleaned with backup
C:\WINDOWS\SYSTEM\sservice.exe -> Backdoor.Prorat.19.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\dllrun32.exe -> Backdoor.Bifrose.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\fservice.exe -> Backdoor.Prorat.19.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\reginv.dll -> Backdoor.Prorat.19.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\win25829321.exe -> Backdoor.Prorat.19.i : Cleaned with backup
C:\WINDOWS\SYSTEM32\win25896321.exe -> Backdoor.Bifrose.d : Cleaned with backup
C:\WINDOWS\SYSTEM32\win28963221.exe -> Backdoor.Delf.tz : Cleaned with backup
C:\WINDOWS\SYSTEM32\windllrun.exe -> Backdoor.Delf.tz : Cleaned with backup
C:\WINDOWS\SYSTEM32\winkey.dll -> Backdoor.Prorat.19.ah : Cleaned with backup

::Report End

^^^^^ Ewido log ^^^^^^
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Highmount is offline Offline
12 posts
since Apr 2006
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------
+ Created on: 21:43:18, 22/04/2006
+ Report-Checksum: DDAAC9E2
0: System Process
4: System Process
148: C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
160: C:\WINDOWS\explorer.exe
180: c:\program files\mcafee.com\agent\mcdetect.exe
208: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
272: C:\Program Files\ewido anti-malware\ewidoguard.exe
280: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
328: C:\WINDOWS\system32\svchost.exe
484: C:\WINDOWS\system32\wdfmgr.exe
616: C:\WINDOWS\system32\MsPMSPSv.exe
624: \SystemRoot\System32\smss.exe
672: \??\C:\WINDOWS\system32\csrss.exe
700: \??\C:\WINDOWS\system32\winlogon.exe
744: C:\WINDOWS\system32\services.exe
756: C:\WINDOWS\system32\lsass.exe
924: C:\WINDOWS\system32\Ati2evxx.exe
940: C:\WINDOWS\system32\svchost.exe
996: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
1012: C:\WINDOWS\system32\svchost.exe
1052: C:\Documents and Settings\Martin Harding\Desktop\hjackthis\HijackThis.exe
1076: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
1108: C:\Program Files\Windows Defender\MsMpEng.exe
1148: C:\WINDOWS\System32\svchost.exe
1180: C:\WINDOWS\system32\CTHELPER.EXE
1212: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
1248: C:\WINDOWS\system32\svchost.exe
1276: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
1292: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
1360: C:\WINDOWS\system32\svchost.exe
1580: C:\WINDOWS\system32\spoolsv.exe
1624: C:\Program Files\ewido anti-malware\SecuritySuite.exe
1676: C:\WINDOWS\system32\Ati2evxx.exe
1716: C:\WINDOWS\system32\dla\tfswctrl.exe
1748: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
1956: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
2012: C:\WINDOWS\system32\CTsvcCDA.EXE
2160: C:\WINDOWS\System32\svchost.exe
2168: C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
2288: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
2328: C:\Program Files\Windows Defender\MSASCui.exe
2452: C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
2464: C:\Program Files\Internet Explorer\iexplore.exe
2492: C:\WINDOWS\system32\ctfmon.exe
2548: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
2696: C:\Program Files\ewido anti-malware\ewidoctrl.exe
2748: C:\WINDOWS\system32\dwwin.exe
3624: C:\WINDOWS\system32\NOTEPAD.EXE


^^^Process report from Ewido ^^^
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Highmount is offline Offline
12 posts
since Apr 2006
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------
+ Created on: 21:44:01, 22/04/2006
+ Report-Checksum: D2757A66
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Reg\HKLM\Run IAAnotif C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Reg\HKLM\Run IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
Reg\HKLM\Run CTSysVol C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
Reg\HKLM\Run CTDVDDET "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
Reg\HKLM\Run CTHelper CTHELPER.EXE
Reg\HKLM\Run UpdReg C:\WINDOWS\UpdReg.EXE
Reg\HKLM\Run VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
Reg\HKLM\Run MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
Reg\HKLM\Run MCUpdateExe c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
Reg\HKLM\Run UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run DMXLauncher C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Reg\HKLM\Run VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
Reg\HKLM\Run MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Reg\HKLM\Run SpeedTouch USB Diagnostics "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
Reg\HKLM\Run Windows AdStatus C:\Program Files\Windows AdStatus\WinStat.exe
Reg\HKLM\Run ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
Reg\HKLM\Run Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Reg\HKLM\Run SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
Reg\HKCU\Run STManager "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
Reg\HKCU\Run Steam
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup ATI CATALYST System Tray.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk

^^^Start up log from Ewido ^^^


There you go thats all the info
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Highmount is offline Offline
12 posts
since Apr 2006
Permalink
Apr 22nd, 2006
0

Re: Serious problem, Mabye a virus

Well, I hate to say this, but you should have run those scans first. Now I am going to need a fresh log, so we don't try to remove somthing they already removed.


Thanks
Team Colleague
Reputation Points: 84
Solved Threads: 99
<Insert title here>
tayspen is offline Offline
1,542 posts
since Jul 2005
Permalink
Apr 23rd, 2006
0

Re: Serious problem, Mabye a virus

Ok I've run everything again with Ewido getting rid of everything then windows defender getting rid of everything then sypbot search and destroy followed by spysweeper and finally Hijackthis here are all the reports


---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------
+ Created on: 13:17:40, 23/04/2006
+ Report-Checksum: 53368BBA
+ Scan result:
No infected objects found.

::Report End

---------------------------------------------------------
ewido anti-malware - Startup report
---------------------------------------------------------
+ Created on: 14:53:40, 23/04/2006
+ Report-Checksum: EE806779
Reg\HKLM\Run SunJavaUpdateSched C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
Reg\HKLM\Run IAAnotif C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
Reg\HKLM\Run ATIPTA C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
Reg\HKLM\Run IntelMeM C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
Reg\HKLM\Run CTSysVol C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
Reg\HKLM\Run CTDVDDET "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
Reg\HKLM\Run CTHelper CTHELPER.EXE
Reg\HKLM\Run UpdReg C:\WINDOWS\UpdReg.EXE
Reg\HKLM\Run VSOCheckTask "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
Reg\HKLM\Run MCAgentExe c:\PROGRA~1\mcafee.com\agent\mcagent.exe
Reg\HKLM\Run MCUpdateExe C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
Reg\HKLM\Run QuickTime Task "C:\Program Files\QuickTime\qttask.exe" -atboottime
Reg\HKLM\Run AOL Spyware Protection "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
Reg\HKLM\Run dla C:\WINDOWS\system32\dla\tfswctrl.exe
Reg\HKLM\Run UpdateManager "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
Reg\HKLM\Run DMXLauncher C:\Program Files\Dell\Media Experience\DMXLauncher.exe
Reg\HKLM\Run VirusScan Online "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
Reg\HKLM\Run MPFExe C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
Reg\HKLM\Run SpeedTouch USB Diagnostics "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
Reg\HKLM\Run Windows AdStatus C:\Program Files\Windows AdStatus\WinStat.exe
Reg\HKLM\Run ATICCC "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
Reg\HKLM\Run Windows Defender "C:\Program Files\Windows Defender\MSASCui.exe" -hide
Reg\HKLM\Run SpySweeper "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
Reg\HKCU\Run STManager "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
Reg\HKCU\Run Steam
Reg\HKCU\Run ctfmon.exe C:\WINDOWS\system32\ctfmon.exe
Shell\CommonStartup ATI CATALYST System Tray.lnk C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ATI CATALYST System Tray.lnk


---------------------------------------------------------
ewido anti-malware - Connection report
---------------------------------------------------------
+ Created on: 14:54:04, 23/04/2006
+ Report-Checksum: D66E88A
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING
TCP 192.168.1.11:139 0.0.0.0:0 LISTENING
TCP 192.168.1.11:1107 85.10.237.9:80 LAST_ACK
TCP 192.168.1.11:1108 85.10.237.9:80 SYN_SENT
UDP 0.0.0.0:445
UDP 0.0.0.0:500
UDP 0.0.0.0:1043
UDP 0.0.0.0:1056
UDP 0.0.0.0:4500
UDP 127.0.0.1:123
UDP 127.0.0.1:1048
UDP 127.0.0.1:1900
UDP 192.168.1.11:123
UDP 192.168.1.11:137
UDP 192.168.1.11:138
UDP 192.168.1.11:1037
UDP 192.168.1.11:1900
UDP 192.168.1.11:3235

---------------------------------------------------------
ewido anti-malware - Process report
---------------------------------------------------------
+ Created on: 14:54:28, 23/04/2006
+ Report-Checksum: C9CD5DFA
0: System Process
4: System Process
144: C:\WINDOWS\system32\CTHELPER.EXE
156: C:\PROGRA~1\mcafee.com\agent\mcagent.exe
228: C:\WINDOWS\system32\dla\tfswctrl.exe
280: C:\Program Files\Dell\Media Experience\DMXLauncher.exe
312: C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
412: C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
448: C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
468: C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
480: C:\WINDOWS\system32\ctfmon.exe
628: \SystemRoot\System32\smss.exe
692: \??\C:\WINDOWS\system32\csrss.exe
720: \??\C:\WINDOWS\system32\winlogon.exe
764: C:\WINDOWS\system32\services.exe
776: C:\WINDOWS\system32\lsass.exe
948: C:\WINDOWS\system32\Ati2evxx.exe
964: C:\WINDOWS\system32\svchost.exe
1032: C:\WINDOWS\system32\svchost.exe
1104: C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
1132: C:\Program Files\Windows Defender\MsMpEng.exe
1172: C:\WINDOWS\System32\svchost.exe
1272: C:\WINDOWS\system32\svchost.exe
1376: C:\WINDOWS\system32\svchost.exe
1408: C:\WINDOWS\system32\CTsvcCDA.EXE
1652: C:\WINDOWS\system32\Ati2evxx.exe
1680: C:\WINDOWS\system32\spoolsv.exe
1692: C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
1772: C:\WINDOWS\Explorer.EXE
1908: C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
1916: C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
1940: C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
1956: C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
2004: C:\Program Files\ewido anti-malware\ewidoctrl.exe
2016: C:\Program Files\ewido anti-malware\ewidoguard.exe
2040: C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
2080: C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
2100: c:\program files\mcafee.com\agent\mcdetect.exe
2160: c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
2268: C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
2336: C:\WINDOWS\system32\svchost.exe
2408: C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
2664: C:\WINDOWS\system32\NOTEPAD.EXE
2668: C:\WINDOWS\system32\wdfmgr.exe
2724: C:\WINDOWS\system32\MsPMSPSv.exe
2792: C:\Program Files\ewido anti-malware\SecuritySuite.exe
3880: C:\WINDOWS\System32\svchost.exe


----------------------------------------------------------
Spy sweeper - report
----------------------------------------------------------


Trojan-backdoor-prorat-d [][][][][]
¬ HKLM\software\microsoft\active setup\installed components\{5y99ae78-58tt-11dw-y67078979y}\ (1 subtraces)
2 traces found
Blazefind [][][][]
¬ c:\program files\windows servead (1subtraces)
Traces found 2
Winad [][][][]
¬ HKLM\software\microsoft\windows\currentversion\run\ || windows adstatus
(traces found 5)
¬ HKLM\software\windows adstatus (3subtraces)
(traces found 5)


-----------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 14:51:54, on 23/04/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
-----------------------------------------------------------

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE
C:\WINDOWS\system32\CTHELPER.EXE
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\ewidoguard.exe
C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
C:\WINDOWS\system32\MsPMSPSv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Martin Harding\Desktop\hjackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.wanadoo.co.uk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.co.uk/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = wmplayer.exe //ICWLaunch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Wanadoo
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;localhost;<local>
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
O3 - Toolbar: Wanadoo - {8B68564D-53FD-4293-B80C-993A9F3988EE} - C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\iaanotif.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy2ZS\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\SBAudigy2ZS\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe"
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [Windows AdStatus] C:\Program Files\Windows AdStatus\WinStat.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SpySweeper] "C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" /startintray
O4 - HKCU\..\Run: [STManager] "C:\Program Files\SpeedTouch\Dr SpeedTouch\drst.exe" -b
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: ATI CATALYST System Tray.lnk = C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Search with Wanadoo - res://C:\PROGRA~1\Wanadoo\WSBar\WSBar.dll/VSearch.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: (no name) - {9239E4EC-C9A6-11D2-A844-00C04F68D538} - (no file)
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=48835
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/sh...4/mcinsctl.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120907691367
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1128700638156
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A54032D-31F7-400D-B184-83B33BDE65FA} (MSN File Upload Control) - http://sc.groups.msn.com/controls/FileUC/MsnUpld.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/Ms...Downloader.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} (DwnldGroupMgr Class) - http://download.mcafee.com/molbin/sh...21/mcgdmgr.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: application/x-internet-signup - {A173B69A-1F9B-4823-9FDA-412F641E65D6} - C:\Program Files\Tiscali\Tiscali Internet\dlls\tiscalifilter.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
O23 - Service: IAA Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Application Accelerator\iaantmon.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: Webroot Spy Sweeper Engine (svcWRSSSDK) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\WRSSSDK.exe
O23 - Service: windllrun - Unknown owner - C:\WINDOWS\system32\windllrun.exe (file missing)


please dont tell me to run it again lol XD
Reputation Points: 10
Solved Threads: 0
Newbie Poster
Highmount is offline Offline
12 posts
since Apr 2006

This thread is solved

Either the thread starter or a moderator has marked this thread as solved. You can most likely trust the responses and answers given. There is most likely no reason for any further responses to be posted here. If you have a related question, please start a new thread in this forum instead.

This thread is more than three months old

No one has posted to this discussion for at least three months. Please let old threads die and do not reply to them unless you feel you have something new and valuable to contribute that absolutely must be added to make the discussion complete. Otherwise, please start a new thread in this forum instead.
Message:
Previous Thread in Viruses, Spyware and other Nasties Forum Timeline: Removal of " Search Extender" and "Home Assistant"
Next Thread in Viruses, Spyware and other Nasties Forum Timeline: Continual Viruses in System Volume Folder





About Us | Contact Us | Advertise | Acceptable Use Policy
Forum Index | Build Custom RSS Feed


Follow us on Twitter


© 2011 DaniWeb® LLC