Recommended Driver Scanner

Member Panel

Remember me ?

Forgot password?   

Join the PC Help Forum Team

Join PC Help Forum on Facebook

Join the PCHF Distributed Computing Teams

Try the NEW PC Help Forum Dark style

Link to PCHF from other parts of the Internet
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Resolved] MSN Virus - HJ Log

[Fixed] Hijackthis! Logs - [Resolved] MSN Virus - HJ Log posted in the Security & Safety forums; Warning to all, theres a virus going around: Is this you? modelpicture.info DON'T OPEN IT, LIKE I DID. Ok enough about that heres my log, I think I'm clean but ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 1 of 2 1 2 >
  #1  
Old 11-25-2006
Bronze Member
My PC
 
Join Date: Sep 2006
Posts: 99
PC Experience: Elite PC Guru
otester - See this Members User comments on their Profile page
Default [Resolved] MSN Virus - HJ Log
Warning to all, theres a virus going around:

Is this you? modelpicture.info

DON'T OPEN IT, LIKE I DID.

Ok enough about that heres my log, I think I'm clean but want to be sure since running loads of scans.

-----------

Logfile of HijackThis v1.99.1
Scan saved at 23:43:51, on 24/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\acs.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.EXE
C:\WINDOWS\system32\E_S00RP1.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Google\Gmail Notifier\gnotify.exe
C:\Program Files\AGEIA Technologies\TrayIcon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\CTXFIHLP.EXE
C:\WINDOWS\SYSTEM32\CTXFISPI.EXE
C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Program Files\Common Files\{702D4184-08C7-2057-0223-06020805002c}\Update.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\AIRPLUS.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Program Files\TortoiseSVN\bin\TSVNCache.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\DOCUME~1\OLIVER~1\LOCALS~1\Temp\Rar$EX00.875\Hi jackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = Google
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Windows Live
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Windows Live
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = MSN.com
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] "C:\Program Files\Google\Gmail Notifier\gnotify.exe"
O4 - HKLM\..\Run: [\\LAP1\EPSON Stylus Photo RX620 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI 9HE.EXE" /P38 "\\LAP1\EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Thomson\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [AGEIA PhysX SysTray] "C:\Program Files\AGEIA Technologies\TrayIcon.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Auto EPSON Stylus Photo RX620 Series on PC2] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI 9HE.EXE" /P43 "Auto EPSON Stylus Photo RX620 Series on PC2" /O14 "\\PC2\EPSONSty" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [\\Pc2\EPSON Stylus Photo RX620 Series] "C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI 9HE.EXE" /P37 "\\Pc2\EPSON Stylus Photo RX620 Series" /O6 "USB001" /M "Stylus Photo RX620"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster X-Fi\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [RCSystem] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" RCSystem * -Startup
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [VolPanel] "C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanel.exe" /r
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [igndlm.exe] "C:\Program Files\IGN\Download Manager\DLM.exe" /windowsstart /startifwork
O4 - HKCU\..\Run: [WMPNSCFG] "C:\Program Files\Windows Media Player\WMPNSCFG.exe"
O4 - Global Startup: D-Link REG Utility.lnk = C:\Program Files\DWL-G650M Super G MIMO Wireless Notebook Adapter\Reg.exe
O4 - Global Startup: DWL-G650M Super G MIMO Wireless Notebook Adapter Utility.lnk = ?
O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Oliver Tester\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary...r.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {27527D31-447B-11D5-A46E-0001023B4289} (CoGSManager Class) - http://gamingzone.ubisoft.com/dev/pa.../GSManager.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/ca...C_2.2.1.87.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by107w.bay107.mail.live.com/m...s/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1114975600531
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary...o.cab47946.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{E47F6539-5176-4B68-A708-DF5688C36DAF}: NameServer = 212.135.1.36,195.40.1.36
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Atheros Configuration Service (ACS) - Unknown owner - C:\WINDOWS\system32\acs.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.EXE
O23 - Service: EPSON V3 Service2(03) (EPSON_PM_RPCV2_01) - SEIKO EPSON CORPORATION - C:\WINDOWS\system32\E_S00RP1.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: License Management Service ESD - Unknown owner - C:\Program Files\Common Files\element5 Shared\Service\Licence Manager ESD.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - C:\Program Files\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
Regards,

Oli


Last edited by chiaz; 11-25-2006 at 06:11 AM.
  #2  
Old 11-25-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,866
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
Hi Oli. I've disabled the infection link you posted for the sake of our other PCHF members, who may unwittingly click on it.

Your log appears clean though. Let's have a final check with Panda ActiveScan.

Click Panda ActiveScan.
  • Once you are on the Panda site click the Scan your PC button
  • A new window will open...click the Check Now button
  • Enter your Country
  • Enter your State/Province
  • Enter your e-mail address and click send
  • Select either Home User or Company
  • Click the big Scan Now button
  • If it wants to install an ActiveX component allow it
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • When download is complete, click on My Computer to start the scan
  • When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location. Post the contents of the ActiveScan report.
  #3  
Old 11-25-2006
Bronze Member
My PC
 
Join Date: Sep 2006
Posts: 99
PC Experience: Elite PC Guru
otester - See this Members User comments on their Profile page
Default
Sorry for long wait, had work and scan took a while, well anyways here it is:

Incident Status Location

Adware:Adware/ActiveSearch Not disinfected C:\Program Files\Common Files\{702D4184-08C7-2057-0223-06020805002c}\System.dll
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{702D4184-08C7-2057-0223-06020805002c}\Update.exe
Adware:adware/azesearch Not disinfected Windows Registry
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.fastclick.net/]
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.tribalfusion.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.mediaplex.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.doubleclick.net/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.tradedoubler.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[ad.yieldmanager.com/]
Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.tradedoubler.com/]
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[ad.yieldmanager.com/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.burstnet.com/]
Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.questionmarket.com/]
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.com.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.zedo.com/]
Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[c5.zedo.com/]
Spyware:Cookie/Adtech Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.adtech.de/]
Spyware:Cookie/GoStats Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.gostats.com/]
Spyware:Cookie/Toplist Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.toplist.cz/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.atdmt.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.as-us.falkag.net/]
Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[adserver.filefront.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.2o7.net/]
Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[statse.webtrendslive.com/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.advertising.com/]
Spyware:Cookie/QkSrv Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.qksrv.net/]
Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.serving-sys.com/]
Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.as-eu.falkag.net/]
Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.spylog.com/]
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.overture.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.hitbox.com/]
Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.apmebf.com/]
Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.atwola.com/]
Spyware:Cookie/Adviva Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.adviva.net/]
Spyware:Cookie/Hbmediapro Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.adopt.hbmediapro.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.casalemedia.com/]
Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.statcounter.com/]
Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.adrevolver.com/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.247realmedia.com/]
Spyware:Cookie/Clickbank Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.clickbank.net/]
Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.maxserving.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.yadro.ru/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.ehg-ubisoft.hitbox.com/]
Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.revenue.net/]
Spyware:Cookie/NewMedia Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.anm.co.uk/]
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.bluestreak.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.ehg.hitbox.com/]
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.ads.pointroll.com/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Oliver Tester\Application Data\Mozilla\Firefox\Profiles\sohm9u2p.default\coo kies.txt[.ehg-ati.hitbox.com/]
Virus:Trj/Netbus.PRO Disinfected C:\Documents and Settings\Oliver Tester\My Documents\hacker tools\nbpro201.exe
Adware:Adware/Mytoolbar Not disinfected C:\Program Files\Common Files\{302D4184-08C7-2057-0223-06020805002c}\Uninstall.exe
Possible Virus. Not disinfected C:\RoboBlitz\Binaries\RoboGame.exe
**** it got me netbus


  #4  
Old 11-26-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,866
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
Please go to Jotti's Online malware scan , click on Browse, and upload the following files one by one for analysis:

C:\RoboBlitz\Binaries\RoboGame.exe
C:\Documents and Settings\Oliver Tester\My Documents\hacker tools\nbpro201.exe


Then click Submit. Allow the files to be scanned, and then please copy and paste the results here for me to see. Make sure to separate them so the results of each file is easily distinguishable.
  #5  
Old 11-27-2006
Bronze Member
My PC
 
Join Date: Sep 2006
Posts: 99
PC Experience: Elite PC Guru
otester - See this Members User comments on their Profile page
Default
NetBus is gone now, got deleted by the AV scanner and was a legit "hacking" tool.

RoboGame is probably a crack lol, is that why it showed up?
  #6  
Old 11-27-2006
Ryanm's Avatar
Silver Member
  
Join Date: Aug 2005
Posts: 138
Ryanm - See this Members User comments on their Profile page Ryanm - See this Members User comments on their Profile page Ryanm - See this Members User comments on their Profile page Ryanm - See this Members User comments on their Profile page Ryanm - See this Members User comments on their Profile page Ryanm - See this Members User comments on their Profile page Ryanm - See this Members User comments on their Profile page
Default
Apologies for butting in but have a look at the following entry in the HJT scan

O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe


I'd remove it, adware


__________________
Ryan M
  #7  
Old 11-28-2006
chiaz's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Singapore
Posts: 2,866
PC Experience: PC Guru
chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page chiaz - See this Members User comments on their Profile page
Default
Thanks Ryanm. I guessed I missed that one out.

otester, please go to Control Panel > Add/Remove Programs and remove IPWIns if found. Restart the computer.

Run HijackThis and place a checkmark by the following entry if still present:
O4 - HKLM\..\Run: [IpWins] C:\Program Files\ipwins\ipwins.exe
Close all other windows except HijackThis and press "Fix Checked". Then close HijackThis. Reboot.

Navigate to and delete the following folder if it has not been removed yet:
C:\Program Files\ipwins\


Scans will always detect hacking/cracking tools, as they can be installed by rogue programs/individuals with a malicious purpose.