1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Lost cause! Spyware/malware/any kinda virus/trojan/tracking cookie seems to like me.

Discussion in 'Virus & Other Malware Removal' started by Colly, Jan 2, 2006.

Thread Status:
Not open for further replies.
  1. Colly

    Colly Thread Starter

    Joined:
    Jan 2, 2006
    Messages:
    1
    Hi there TCG,

    I'm a newbie here & before I ask for your help- i'd firstly want to say thanku for having such an open, seemingly honest website that really helps out. I've had a prob with spyware.axe on my pc for a few days now & me, being a novice in the spyware dept. have searched the web non stop for days to find out whether that, that what downloaded itself- helps to stop the malware was the real deal. Of course it wasnt & your website proved most helpful in trying to fix my problems. I've read many threads here and seeing as though i'm running XP- I've picked from certain threads posted here to do the following;

    recent smitRem scan-


    smitRem © log file
    version 2.8

    by noahdfear


    Microsoft Windows XP [Version 5.1.2600]
    The current date is: Mon 02/01/2006
    The current time is: 21:49:45.23

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    checking for ShudderLTD key

    ShudderLTD key not present!

    checking for PSGuard.com key


    PSGuard.com key not present!


    checking for WinHound.com key


    WinHound.com key not present!

    spyaxe uninstaller NOT present
    Winhound uninstaller NOT present
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Existing Pre-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~


    ~~~ Miscellaneous Files/folders ~~~




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Starting registry repairs

    Deleting files


    Remaining Post-run Files


    ~~~ Program Files ~~~



    ~~~ Shortcuts ~~~



    ~~~ Favorites ~~~



    ~~~ system32 folder ~~~



    ~~~ Icons in System32 ~~~



    ~~~ Windows directory ~~~



    ~~~ Drive root ~~~



    ~~~ Miscellaneous Files/folders ~~~




    ~~~ Wininet.dll ~~~

    CLEAN! :)


    MY ewido scan found-

    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 9:43:23 PM, 2/01/2006
    + Report-Checksum: 36AB129

    + Scan result:

    HKU\S-1-5-21-1645522239-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
    HKU\S-1-5-21-1645522239-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8} -> Spyware.Dashbar : Cleaned with backup
    HKU\S-1-5-21-1645522239-1220945662-725345543-1003\Software\Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    HKU\S-1-5-21-1645522239-1220945662-725345543-1003_Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
    C:\Documents and Settings\Colleen\Cookies\[email protected][2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    C:\Documents and Settings\Colleen\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
    C:\Documents and Settings\Colleen\Cookies\[email protected][2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP150\A0013621.exe -> Trojan.Small.cr : Cleaned with backup


    ::Report End

    NEXT WAS_

    KASPERSKY ON-LINE SCANNER REPORT
    Tuesday, January 03, 2006 00:34:34
    Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 2/01/2006
    Kaspersky Anti-Virus database records: 158360
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\

    Scan Statistics:
    Total number of scanned objects: 56800
    Number of viruses found: 4
    Number of infected objects: 12
    Number of suspicious objects: 0
    Duration of the scan process: 2664 sec

    Infected Object Name - Virus Name
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\E5V0P4RU\dia148[1]/[From <x>]/html Infected: Exploit.VBS.Phel.i
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\E5V0P4RU\dia148[1] Infected: Exploit.VBS.Phel.i
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\E5V0P4RU\wbk4.tmp Infected: Exploit.VBS.Phel.i
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\KLIR4DAN\reality[1].htm Infected: Trojan-Clicker.JS.Linker.h
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\WTEJCDAN\reality[1].htm Infected: Trojan-Clicker.JS.Linker.h
    C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\WTEJCDAN\wbk2.tmp Infected: Exploit.VBS.Phel.i
    C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP147\A0013301.tlb Infected: Trojan-Downloader.Win32.Zlob.do
    C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP147\A0013310.tlb Infected: Trojan-Downloader.Win32.Zlob.do
    C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP147\A0013318.tlb Infected: Trojan-Downloader.Win32.Zlob.do
    C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP148\A0013341.tlb Infected: Trojan-Downloader.Win32.Zlob.do
    C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP150\A0013615.tlb Infected: Trojan-Downloader.Win32.Zlob.do
    C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP150\A0013619.exe Infected: Trojan-Downloader.Win32.Zlob.dn

    Scan process completed.

    & finally this is my HighJackThis scan done after the rest.


    Logfile of HijackThis v1.99.1
    Scan saved at 1:08:34 AM, on 3/01/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Documents and Settings\Colleen\Desktop\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\WF2K.EXE
    C:\WINDOWS\system32\devldr32.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Windows Media Player\wmplayer.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
    O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
    O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
    O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\system32\WF2K.EXE
    O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O17 - HKLM\System\CCS\Services\Tcpip\..\{C21D88AE-728F-48FB-A2A1-98D43A172D6F}: NameServer = 203.12.160.35 203.12.160.36
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Colleen\Desktop\ewido anti-malware\ewidoctrl.exe

    As I said earlier, i've ben trying to get rid of this crap on my pc for days, n honestly- u guys have proved most helpful through other threads with helping. I'm not in a position to donate atm....... but when that day comes, u guys are definantley on the to do list. I hope you can help from here cause everytime I scan the pc with any program, something is picked up.

    Pls help, Col
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    It llooks like you've done a good job -

    Turn off restore points, boot, turn them back on – here’s how

    XP
    http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

    That should clear up the reports of things found
    ================
    DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

    Use the clear files and Unnecessary files buttons – I do not recommend
    using the Duplicates files button
    as many dupes are there on purpose.

    Not all files will delete – that is normal.

    In the unnecessary button I check the top 4 entries

    Empty the recycle bin
    ========
    Get all of these and/or verify you have the current versions

    SpywareBlaster 3.5 http://majorgeeks.com/download2859.html
    SpyBot V1.4 http://www.majorgeeks.com/download2471.html
    AdAware SE 1.06 http://www.majorgeeks.com/download506.html
    MS AntiSpy - http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en (XP and W2K only)

    DownLoad them (they are free), install them, check each for their
    definition updates
    and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
    they say.

    In SpywareBlaster - Always enable all protection after updates
    In SpyBot - After an update run immunize
     
As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/430290

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice