1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: TROJ ANTITES.B Virus

Discussion in 'Virus & Other Malware Removal' started by birdog2, Jan 25, 2006.

Thread Status:
Not open for further replies.
Advertisement
  1. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    I just ran a scan with my Trend Micro AV and it claimed to have found the
    above Virus but was unable to remove or Quarantine it. When I clicked on
    the Virus name to get more info, Trend then said they had no knowledge of it and that it was not in their database. I then ran scans with my NoAdware,
    AdAware SE Personal, Spyware Blaster, Spybot Search&Destroy and
    Microsoft Anti-Spyware and all came up blank.
    Could someone please give me some help with this ....
    birdog2:confused:
     
  2. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
    · Install ewido.
    · During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
    · Launch ewido
    · It will prompt you to update click the OK button and it will go to the main screen
    · On the left side of the main screen click update
    · Click on Start and let it update.
    · DO NOT run a scan yet. You will do that later in safe mode.

    Restart your computer into safe mode now. Perform the following steps in safe mode:
    (Start tapping F8 at the first black screen after power up)

    Run Ewido:
    · Click on scanner
    · Click Complete System Scan and the scan will begin.
    · During the scan it will prompt you to clean files, click OK
    · When the scan is finished, look at the bottom of the screen and click the Save report button.
    · Save the report to your C: Drive
    This will take some time to run!
    Boot to normal mode
    Post that log and a new HiJack log
     
  3. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    Hi Again, here are the scan results you requested. Hope I didn`t screw
    up somewhere.
    Birdog2

    + Scan result:

    HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
    :mozilla.19:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.20:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.21:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.22:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.23:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.24:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.25:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.26:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.27:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.28:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.29:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.30:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.31:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.32:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.33:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.34:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.35:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.36:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.37:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.38:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.39:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.40:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.41:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.42:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.43:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.44:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.45:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.67:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.72:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.155:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.157:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.158:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.163:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Esomniture : Cleaned with backup
    :mozilla.165:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.166:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.167:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.168:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
    :mozilla.174:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.175:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Burstbeacon : Cleaned with backup
    :mozilla.179:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.180:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Burstnet : Cleaned with backup
    :mozilla.205:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.296:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.390:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Adbrite : Cleaned with backup
    :mozilla.423:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.424:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.425:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.426:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.427:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Falkag : Cleaned with backup
    :mozilla.460:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.461:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.462:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.463:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
    :mozilla.476:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.477:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.495:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.496:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.497:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.498:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Clickzs : Cleaned with backup
    :mozilla.688:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Revenue : Cleaned with backup
    :mozilla.779:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.789:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.790:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.791:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.792:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.802:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.803:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.804:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.805:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.806:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.807:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.808:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
    :mozilla.857:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.881:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.882:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.883:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.884:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.885:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.886:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.887:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.888:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.914:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Adjuggler : Cleaned with backup
    :mozilla.967:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.968:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.969:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.970:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.971:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.972:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.973:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.974:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.975:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.976:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.977:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.978:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.979:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.980:C:\Documents and Settings\Frank\Application Data\Mozilla\Firefox\Profiles\xmi84wa2.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    C:\Documents and Settings\Frank\My Documents\PestPatrol\Quarantine\20050608145909.zip/Documents and Settings/Frank/Cookies/[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Frank\My Documents\PestPatrol\Quarantine\20050608145909.zip/Documents and Settings/Frank/Cookies/[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    E:\Program Files\PestPatrol\Quarantine\20050608145909.zip/Documents and Settings/Frank/Cookies/[email protected][2].txt -> Spyware.Cookie.Hitbox : Cleaned with backup
    E:\Program Files\PestPatrol\Quarantine\20050608145909.zip/Documents and Settings/Frank/Cookies/[email protected][1].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup
    E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\eCommerce.zip/dialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
    :mozilla.11:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
    :mozilla.12:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
    :mozilla.19:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
    :mozilla.20:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
    :mozilla.21:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
    :mozilla.24:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
    :mozilla.27:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Admonitor : Error during cleaning
    :mozilla.59:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Bfast : Error during cleaning
    :mozilla.60:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Qksrv : Error during cleaning
    :mozilla.64:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
    :mozilla.65:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
    :mozilla.79:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
    :mozilla.91:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Link4ads : Error during cleaning
    :mozilla.92:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla1.zip/cookies.txt -> Spyware.Cookie.Link4ads : Error during cleaning
    :mozilla.11:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
    :mozilla.12:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
    :mozilla.19:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
    :mozilla.20:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
    :mozilla.21:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
    :mozilla.24:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
    :mozilla.27:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Admonitor : Error during cleaning
    :mozilla.59:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Bfast : Error during cleaning
    :mozilla.60:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Qksrv : Error during cleaning
    :mozilla.64:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
    :mozilla.65:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
    :mozilla.79:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
    :mozilla.91:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Link4ads : Error during cleaning
    :mozilla.92:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla2.zip/cookies.txt -> Spyware.Cookie.Link4ads : Error during cleaning
    :mozilla.11:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Coremetrics : Error during cleaning
    :mozilla.12:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Atdmt : Error during cleaning
    :mozilla.19:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Doubleclick : Error during cleaning
    :mozilla.20:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Targetnet : Error during cleaning
    :mozilla.21:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
    :mozilla.24:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Mediaplex : Error during cleaning
    :mozilla.27:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Admonitor : Error during cleaning
    :mozilla.59:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Bfast : Error during cleaning
    :mozilla.60:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Qksrv : Error during cleaning
    :mozilla.64:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
    :mozilla.65:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Hitbox : Error during cleaning
    :mozilla.79:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Centrport : Error during cleaning
    :mozilla.91:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Link4ads : Error during cleaning
    :mozilla.92:E:\Program Files\Spybot - Search & Destroy 1.1\Recovery\Mozilla3.zip/cookies.txt -> Spyware.Cookie.Link4ads : Error during cleaning
    :mozilla.13:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Myaffiliateprogram : Cleaned with backup
    :mozilla.23:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Liveperson : Cleaned with backup
    :mozilla.26:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    :mozilla.27:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.28:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Statcounter : Cleaned with backup
    :mozilla.33:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.34:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Com : Cleaned with backup
    :mozilla.64:E:\Documents and Settings\Frank Isacson\Application Data\Mozilla\Firefox\Profiles\default.ybj\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
    E:\System Volume Information\_restore{0AC655F5-EB3A-4FFA-B524-74BC291DF4C5}\RP2\A0000825.exe/dialer.exe -> Heuristic.Win32.Dialer : Cleaned with backup
     
  4. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    Logfile of HijackThis v1.99.1
    Scan saved at 5:01:52 AM, on 1/26/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\GhostSurf 2005\Proxy.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\PhishGuard\PhishGuard.exe
    C:\WINDOWS\system32\LVComS.exe
    C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
    C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.EXE
    C:\Program Files\Trend Micro\Internet Security\PCCGUIDE.EXE
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
    C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\ppmemcheck.exe
    C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\ppcontrol.exe
    C:\DOCUME~1\Frank\LOCALS~1\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\Allume\INTERN~1\IC3hlpr.dll
    O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\Allume\INTERN~1\PopFiltr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: PhishGuard.Helper - {8B50176C-DD6E-4C14-A603-727A859337CD} - C:\Program Files\PhishGuard\PhishGuardHelper.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Anonymizer 2005 Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - C:\Program Files\Anonymizer\Anon2005\AnonIEBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Allume\Internet Cleanup\MSFG.exe"
    O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
    O4 - HKLM\..\Run: [PPMemCheck] C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S32.tmp"
    O4 - HKCU\..\Run: [LDM] \Program\BackWeb-8876480.exe
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
    O4 - Global Startup: PhishGuard.lnk = C:\Program Files\PhishGuard\PhishGuard.exe
    O4 - Global Startup: PrintKey-Pro.lnk = C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135968567484
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
     
  5. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
  6. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    -Here are the scan results ...
    ----------------------------------------------------------------------------
    KASPERSKY ON-LINE SCANNER REPORT
    Thursday, January 26, 2006 21:24:36
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version: 5.0.67.0
    Kaspersky Anti-Virus database last update: 26/01/2006
    Kaspersky Anti-Virus database records: 162758
    -------------------------------------------------------------------------------

    Scan Settings:
    Scan using the following antivirus database: standard
    Scan Archives: true
    Scan Mail Bases: true

    Scan Target - My Computer:
    A:\
    C:\
    D:\
    E:\
    F:\

    Scan Statistics:
    Total number of scanned objects: 119394
    Number of viruses found: 1
    Number of infected objects: 3
    Number of suspicious objects: 0
    Duration of the scan process: 27646 sec

    Infected Object Name - Virus Name
    E:\Documents and Settings\Frank Isacson\Application Data\Identities\{4806A2A0-9642-11D5-96D2-FB91141EA10D}\Microsoft\Outlook Expr\Deleted Items.dbx/[From Inc <[email protected]>][Date Tue, 09 Nov 2004 08:06:35 -0200]/UNNAMED/html Infected: Trojan-Spy.HTML.Bankfraud.w
    E:\Documents and Settings\Frank Isacson\Application Data\Identities\{4806A2A0-9642-11D5-96D2-FB91141EA10D}\Microsoft\Outlook Expr\Deleted Items.dbx/[From Inc <[email protected]>][Date Tue, 09 Nov 2004 08:06:35 -0200]/UNNAMED Infected: Trojan-Spy.HTML.Bankfraud.w
    E:\Documents and Settings\Frank Isacson\Application Data\Identities\{4806A2A0-9642-11D5-96D2-FB91141EA10D}\Microsoft\Outlook Expr\Deleted Items.dbx Infected: Trojan-Spy.HTML.Bankfraud.w

    Scan process completed.
     
  7. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    Here is another Logfile of HijackThis v1.99.1
    Scan saved at 5:14:06 AM, on 1/27/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ATKKBService.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\PROGRA~1\Iomega\System32\AppServices.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe
    C:\Program Files\Trend Micro\Internet Security\pccguide.exe
    C:\Program Files\Trend Micro\Internet Security\PCClient.exe
    C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe
    C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    C:\Program Files\Iomega\AutoDisk\ADService.exe
    C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\PPMemCheck.exe
    C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\PPControl.exe
    C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
    C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe
    C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe
    C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\GhostSurf 2005\Proxy.exe
    C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE
    C:\Program Files\PhishGuard\PhishGuard.exe
    C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
    C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\DOCUME~1\Frank\LOCALS~1\Temp\Temporary Directory 2 for hijackthis.zip\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:7212
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: ICHlprObj Class - {1f0c8547-2639-4c91-b8aa-c7eca24c3163} - C:\PROGRA~1\Allume\INTERN~1\IC3hlpr.dll
    O2 - BHO: PopupFilter Class - {1F2E844B-8211-46ff-8262-772F03295CF4} - C:\PROGRA~1\Allume\INTERN~1\PopFiltr.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O2 - BHO: PhishGuard.Helper - {8B50176C-DD6E-4C14-A603-727A859337CD} - C:\Program Files\PhishGuard\PhishGuardHelper.dll
    O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
    O3 - Toolbar: Anonymizer 2005 Toolbar - {DB264E15-F83B-4603-BFC1-4EA7E3204686} - C:\Program Files\Anonymizer\Anon2005\AnonIEBar.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SB Live! 24-bit\Surround Mixer\CTSysVol.exe /r
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security\pccguide.exe"
    O4 - HKLM\..\Run: [PCClient.exe] "C:\Program Files\Trend Micro\Internet Security\PCClient.exe"
    O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
    O4 - HKLM\..\Run: [WinFSG] "C:\Program Files\Allume\Internet Cleanup\MSFG.exe"
    O4 - HKLM\..\Run: [MaxtorCombo] "C:\PROGRA~1\Dantz\RETROS~1\ComboButton.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
    O4 - HKLM\..\Run: [GhostSurfDelSatellite] "C:\Program Files\GhostSurf 2005\DeleteSatellite.exe"
    O4 - HKLM\..\Run: [PPMemCheck] C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\PPMemCheck.exe
    O4 - HKLM\..\Run: [PestPatrol Control Center] C:\DOCUME~1\Frank\MYDOCU~1\PESTPA~1\PPControl.exe
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe"
    O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
    O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [LogitechImageStudioTray] C:\Program Files\Logitech\ImageStudio\LogiTray.exe
    O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\ImageStudio\ISStart.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [Iomega Drive Icons] C:\Program Files\Iomega\DriveIcons\ImgIcon.exe
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
    O4 - HKLM\..\Run: [Deskup] C:\Program Files\Iomega\DriveIcons\deskup.exe /IMGSTART
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [ADUserMon] C:\Program Files\Iomega\AutoDisk\ADUserMon.exe
    O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\ASUSTek\ASUSDVD\PDVDServ.exe"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TM Outbreak Agent] "C:\Program Files\Trend Micro\Internet Security\TMOAgent.exe" /run
    O4 - HKLM\..\Run: [LVCOMS] C:\Program Files\Common Files\Logitech\QCDriver3\LVCOMS.EXE
    O4 - HKCU\..\Run: [EPSON Stylus Photo 820 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC2.EXE /A "C:\WINDOWS\system32\E_S32.tmp"
    O4 - HKCU\..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
    O4 - Startup: Scheduler.lnk = C:\Program Files\GhostSurf 2005\Scheduler daemon.exe
    O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
    O4 - Global Startup: EPSON Status Monitor 3 Environment Check 2.lnk = C:\WINDOWS\system32\spool\drivers\w32x86\3\E_SRCV02.EXE
    O4 - Global Startup: GhostSurf proxy.lnk = C:\Program Files\GhostSurf 2005\Proxy.exe
    O4 - Global Startup: PhishGuard.lnk = C:\Program Files\PhishGuard\PhishGuard.exe
    O4 - Global Startup: PrintKey-Pro.lnk = C:\Program Files\Warecentral\PrintKey-Pro\PKey_Pro.exe
    O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
    O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
    O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
    O9 - Extra button: TaskBar - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra 'Tools' menuitem: RoboForm TaskBar Icon - {320AF880-6646-11D3-ABEE-C5DBF3571F51} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComTaskBarIcon.html
    O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1135968567484
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: Iomega App Services - Iomega Corporation - C:\PROGRA~1\Iomega\System32\AppServices.exe
    O23 - Service: IomegaAccess - Unknown owner - C:\Program Files\Iomega\Tools_NT\iomegaaccess.exe (file missing)
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Trend Micro Personal Firewall (PccPfw) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\PccPfw.exe
    O23 - Service: Trend NT Realtime Service (Tmntsrv) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\Tmntsrv.exe
    O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Incorporated. - C:\Program Files\Trend Micro\Internet Security\tmproxy.exe
    O23 - Service: ZipToA - Unknown owner - C:\WINDOWS\system32\ZipToA.exe
    O23 - Service: Iomega Active Disk (_IOMEGA_ACTIVE_DISK_SERVICE_) - Iomega Corporation - C:\Program Files\Iomega\AutoDisk\ADService.exe
     
  8. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    Also, how do I go about replacing the missing files listed below, that were
    noted on my last scan ?
    Frank.


    C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
     
  9. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Those infected files are in th edeleted items in your email

    HJT does not always report those file missing entries correctly - don't worry about it

    Log is clean - how are things
     
  10. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    Did you check out the Kaspersky scan above? It noted files Infected:Trojan-Spy.HTML.Bankfraud.w

    Frank
     
  11. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Yes and I said

    Those infected files are in the deleted items in your email

    Outlook Expr\Deleted Items

    In Outllok Express - Edit - Empty Deleted Items Folder
     
  12. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    Thanks for the quick reply, I wasn`t sure which files you were pertaining to.
    As for the missing Java files, I am having trouble downloading some
    programs on certain sites requiring Java but when I tried to redownload
    my Java program it fails to load....the install window just flashes on momentarily and then closes.

    Frank.
     
  13. MFDnNC

    MFDnNC

    Joined:
    Sep 7, 2004
    Messages:
    49,014
    Go to add remove programs and remove all occurences of Java and J2SE then try the DL
     
  14. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    Everything seems fine now, thanks for all the help, much appreciated.
    Frank (birdog2)
     
  15. birdog2

    birdog2 Thread Starter

    Joined:
    Nov 26, 2001
    Messages:
    234
    just made a token donation to help the group out, only wish I could make
    it more....
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/437211

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice