Lost cause! Spyware/malware/any kinda virus/trojan/tracking cookie seems to like me.

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Colly

Thread Starter
Joined
Jan 2, 2006
Messages
1
Hi there TCG,

I'm a newbie here & before I ask for your help- i'd firstly want to say thanku for having such an open, seemingly honest website that really helps out. I've had a prob with spyware.axe on my pc for a few days now & me, being a novice in the spyware dept. have searched the web non stop for days to find out whether that, that what downloaded itself- helps to stop the malware was the real deal. Of course it wasnt & your website proved most helpful in trying to fix my problems. I've read many threads here and seeing as though i'm running XP- I've picked from certain threads posted here to do the following;

recent smitRem scan-


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Mon 02/01/2006
The current time is: 21:49:45.23

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



Starting registry repairs

Deleting files


Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~



~~~ Miscellaneous Files/folders ~~~




~~~ Wininet.dll ~~~

CLEAN! :)


MY ewido scan found-

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 9:43:23 PM, 2/01/2006
+ Report-Checksum: 36AB129

+ Scan result:

HKU\S-1-5-21-1645522239-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} -> Spyware.PopularScreensavers : Cleaned with backup
HKU\S-1-5-21-1645522239-1220945662-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC90CDA0-74A0-45B4-80EF-D89CA8C249B8} -> Spyware.Dashbar : Cleaned with backup
HKU\S-1-5-21-1645522239-1220945662-725345543-1003\Software\Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
HKU\S-1-5-21-1645522239-1220945662-725345543-1003_Classes\CLSID\{A2C8F6B1-7C2A-3D1C-A3C6-A1FDA113B43F} -> Downloader.SpyAxe : Cleaned with backup
C:\Documents and Settings\Colleen\Cookies\colleen@burstnet[2].txt -> Spyware.Cookie.Burstnet : Cleaned with backup
C:\Documents and Settings\Colleen\Cookies\colleen@doubleclick[1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
C:\Documents and Settings\Colleen\Cookies\colleen@statcounter[2].txt -> Spyware.Cookie.Statcounter : Cleaned with backup
C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP150\A0013621.exe -> Trojan.Small.cr : Cleaned with backup


::Report End

NEXT WAS_

KASPERSKY ON-LINE SCANNER REPORT
Tuesday, January 03, 2006 00:34:34
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 2/01/2006
Kaspersky Anti-Virus database records: 158360
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 56800
Number of viruses found: 4
Number of infected objects: 12
Number of suspicious objects: 0
Duration of the scan process: 2664 sec

Infected Object Name - Virus Name
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\E5V0P4RU\dia148[1]/[From <x>]/html Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\E5V0P4RU\dia148[1] Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\E5V0P4RU\wbk4.tmp Infected: Exploit.VBS.Phel.i
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\KLIR4DAN\reality[1].htm Infected: Trojan-Clicker.JS.Linker.h
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\WTEJCDAN\reality[1].htm Infected: Trojan-Clicker.JS.Linker.h
C:\Documents and Settings\Jay\Local Settings\Temporary Internet Files\Content.IE5\WTEJCDAN\wbk2.tmp Infected: Exploit.VBS.Phel.i
C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP147\A0013301.tlb Infected: Trojan-Downloader.Win32.Zlob.do
C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP147\A0013310.tlb Infected: Trojan-Downloader.Win32.Zlob.do
C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP147\A0013318.tlb Infected: Trojan-Downloader.Win32.Zlob.do
C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP148\A0013341.tlb Infected: Trojan-Downloader.Win32.Zlob.do
C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP150\A0013615.tlb Infected: Trojan-Downloader.Win32.Zlob.do
C:\System Volume Information\_restore{2042D52A-4A43-4D9A-8BE8-587EA5540437}\RP150\A0013619.exe Infected: Trojan-Downloader.Win32.Zlob.dn

Scan process completed.

& finally this is my HighJackThis scan done after the rest.


Logfile of HijackThis v1.99.1
Scan saved at 1:08:34 AM, on 3/01/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\Documents and Settings\Colleen\Desktop\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\WF2K.EXE
C:\WINDOWS\system32\devldr32.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ebay.com.au/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = \blank.htm
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (file missing)
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll (file missing)
O4 - HKLM\..\Run: [WinFast_2K] C:\WINDOWS\system32\WF2K.EXE
O4 - HKLM\..\Run: [WinFast2KLoadDefault] rundll32.exe wf2kcpl.dll,DllLoadDefaultSettings
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [EPSON Stylus C45 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I3T1.EXE /P23 "EPSON Stylus C45 Series" /O6 "USB001" /M "Stylus C45"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [BO1HelperStartUp] C:\PROGRA~1\BUTTER~1\BO1HEL~1.EXE /partner BO1
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: Yahoo! Chat - http://us.chat1.yimg.com/us.yimg.com/i/chat/applet/c381/chat.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/kws/kavwebscan_unicode.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C21D88AE-728F-48FB-A2A1-98D43A172D6F}: NameServer = 203.12.160.35 203.12.160.36
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Documents and Settings\Colleen\Desktop\ewido anti-malware\ewidoctrl.exe

As I said earlier, i've ben trying to get rid of this crap on my pc for days, n honestly- u guys have proved most helpful through other threads with helping. I'm not in a position to donate atm....... but when that day comes, u guys are definantley on the to do list. I hope you can help from here cause everytime I scan the pc with any program, something is picked up.

Pls help, Col
 
Joined
Sep 7, 2004
Messages
49,014
It llooks like you've done a good job -

Turn off restore points, boot, turn them back on – here’s how

XP
http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

That should clear up the reports of things found
================
DownLoad EasyCleaner http://www.majorgeeks.com/download414.html

Use the clear files and Unnecessary files buttons – I do not recommend
using the Duplicates files button
as many dupes are there on purpose.

Not all files will delete – that is normal.

In the unnecessary button I check the top 4 entries

Empty the recycle bin
========
Get all of these and/or verify you have the current versions

SpywareBlaster 3.5 http://majorgeeks.com/download2859.html
SpyBot V1.4 http://www.majorgeeks.com/download2471.html
AdAware SE 1.06 http://www.majorgeeks.com/download506.html
MS AntiSpy - http://www.microsoft.com/downloads/...a2-6a57-4c57-a8bd-dbf62eda9671&displaylang=en (XP and W2K only)

DownLoad them (they are free), install them, check each for their
definition updates
and then run AdAware, MS AntiSpy (W2k/XP) and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
In SpyBot - After an update run immunize
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top