1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Help with Hijacked Homepage

Discussion in 'Malware and Virus Removal Archive' started by BillyBaroo, 2006/01/03.

  1. 2006/01/03
    BillyBaroo

    BillyBaroo Inactive Thread Starter

    Joined:
    2006/01/03
    Messages:
    4
    Likes Received:
    0
    Hello - I've been fighting with SpyAxe all day, and it looks like I've finally been able to remove it from, with the help of Ewido. One last lingering problem is with my homepage - when I start Internet Explorer - I am always directed to the updatesystempage.com/ site. below is my HJT log - any help would be greatly apprecaited. thanks
    Logfile of HijackThis v1.99.1
    Scan saved at 4:29:08 PM, on 1/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\PROGRA~1\CA\SHARED~1\SCANEN~1\InoDist.exe
    C:\WINDOWS\LogWatNT.exe
    C:\WINDOWS\System32\mnmsrvc.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\Program Files\IT Connection Manager\SRUserService.exe
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\WINDOWS\system32\msiexec.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\Explorer.EXE
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\WINDOWS\system32\userinit.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    C:\WINDOWS\FSScrCtl.exe
    C:\HijackThis\HijackThis.exe

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://itgproxy:80
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpEC0A.tmp
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://msw
    O15 - Trusted Zone: http://*.pvtus
    O15 - Trusted Zone: http://*.team
    O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} - http://fasthelp.dns.microsoft.com/sdccommon/download/tgctlsi.cab
    O16 - DPF: {080A1CC0-369E-40FD-BFCD-AF7937C98DA2} (QBFileDialog.ctlQBFileDialog) - http://pvtus/query/QBFileDialog.CAB
    O16 - DPF: {0B7C4DAD-4047-411B-BD3F-82BBE3539C89} (PVTHelper.Export) - http://pvtus/bin/PVTHelper.CAB
    O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://siebelpreprod.partners.extranet.microsoft.com/sales_enu/16180/applets/siebelhtml.cab
    O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/controls/mcsi/mcsimenu.cab
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://ca1mikpws001.ops.placeware.com/etc/place/MIKE/MIKpws-1b/5.1.4.243/lib/quicksilver.cab
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {6706C0DA-2FA7-4FF5-8975-3CD44CC65E7E} (Siebel Option Pack for IE 7.5.3) - https://siebelpreprod.partners.extranet.microsoft.com/sales_enu/16180/applets/SiebelOptionPack.cab
    O16 - DPF: {6A4033C0-9317-4380-B502-ABEFECE77372} (PMCTInfo.Info) - http://pvtus/bin/PMCTInfo.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123634454162
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2729.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://selling.partners.extranet.microsoft.com/Global/msrdp_3790.cab
    O16 - DPF: {85D7A0B1-8BB3-4AAC-8B39-6C366FD54E6C} (PMCTRelVie.RELViewer) - http://pvtus/bin/PMCTRelViewer.CAB
    O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://siebelpreprod.partners.extranet.microsoft.com/sales_enu/16180/applets/SiebExtMailClient.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/Visitorchat/TLIEFlash.CAB
    O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral.msn.com/cabs/pmupdate2.exe
    O16 - DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} (SendMail Class) - http://www113.placeware.com/etc/static/MIKrapidweb/2004-10-22-17-54-08/MailObjects.cab
    O16 - DPF: {A3655053-996D-11D0-906E-00C04FD70320} (ExpClient Class) - http://msexpense/msxpclnt.cab
    O16 - DPF: {B2AC7E66-DE58-4FB8-AD57-F19D94C4F840} (PVT.clsUtilities) - http://pvtus/query/PVT.CAB
    O16 - DPF: {B92AB0FF-9128-404F-9FFE-5549A2D85ED7} (EDManUI.EDMFramework) - https://accmanng/EDManUI.CAB
    O16 - DPF: {C453C3BF-8A50-477E-91F7-537427EBB7CB} (TMS15Cal.CalControl) - http://tms/calendar/TMS15Cal.CAB
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2729.cab
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://costco.internetimagingnetwork.com/activex/PCAXSetup.cab?
    O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://mssales/controls/ikcntrls.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
    O17 - HKLM\Software\..\Telephony: DomainName = redmond.corp.microsoft.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
    BillyBaroo,
    #1
  2. 2006/01/03
    Welshjim

    Welshjim Inactive

    Joined:
    2002/01/07
    Messages:
    5,643
    Likes Received:
    0
    BillyBaroo--Did you go through the procedure here before running HiJackThis
    http://www.windowsbbs.com/showthread.php?t=37074 ??
    Google suggests several way to remove SpyAxe
    http://www.google.com/search?sourceid=navclient&ie=UTF-8&rls=GGLD,GGLD:2004-31,GGLD:en&q=SpyAxe
    but the above procedure is a good way to approach the problem before running HJT.
    I am no expert on HJT logs. I am surprised you have no R0 entries since your issue is a hijacked home page. That suggests you have not removed all of the malware involved. Or have you not tried changing your homepage in IE Tools|Internet Options|General tab?
     
    Welshjim,
    #2


  3. to hide this advert.

  4. 2006/01/04
    BillyBaroo

    BillyBaroo Inactive Thread Starter

    Joined:
    2006/01/03
    Messages:
    4
    Likes Received:
    0
    Thanks Jim - I went through the steps at http://www.windowsbbs.com/showthread.php?t=37074 and found that I still did have a virus and a few spyware programs left. I've rerun Spybot and AdAware, but there's still a redirect on my browser that points me to http://www.updatesystempage.com/, even though my homepage (in Tools|Internet Options) points to a different page. below is a HJT log for today - I can also send the scan logs.

    Logfile of HijackThis v1.99.1
    Scan saved at 12:26:51 PM, on 1/4/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\ewidoguard.exe
    C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    C:\WINDOWS\LogWatNT.exe
    C:\WINDOWS\System32\mnmsrvc.exe
    C:\Program Files\Microsoft Analysis Services\Bin\msmdsrv.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\IT Connection Manager\SRUserService.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\CCM\CcmExec.exe
    C:\PROGRA~1\CA\ETRUST~1\realmon.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Microsoft AntiSpyware\gcasServ.exe
    C:\Program Files\DIGStream\digstream.exe
    C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe
    C:\Program Files\ESPNRunTime\DIGServices.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
    C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
    C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    C:\PROGRA~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
    C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    C:\Program Files\WinZip\WZQKPICK.EXE
    C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    C:\WINDOWS\FSScrCtl.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
    C:\Program Files\Microsoft Office\OFFICE11\POWERPNT.EXE
    C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HijackThis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msnbc.msn.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.com/0SEENUS/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://itgproxy:80
    F2 - REG:system.ini: UserInit=userinit.exe
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Antivirus\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: HomepageBHO - {e0103cd4-d1ce-411a-b75b-4fec072867f4} - C:\WINDOWS\system32\hpEC0A.tmp
    O3 - Toolbar: &ESPN - {AE6F2894-AF10-4C9C-B16E-1DFC6FF8C0C6} - C:\Program Files\ESPN\Toolbar\DIGToolBar.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O4 - HKLM\..\Run: [Realtime Monitor] C:\PROGRA~1\CA\ETRUST~1\realmon.exe -s
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe /Start
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe "
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe "
    O4 - HKLM\..\Run: [DIGStream] C:\Program Files\DIGStream\digstream.exe
    O4 - HKLM\..\Run: [DIGServices] C:\Program Files\ESPNRunTime\DIGServices.exe /brand=ESPN /priority=0 /poll=24
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Startup: QuickShelf 2000.lnk = C:\Program Files\Microsoft Reference\Bookshelf 2000\qshelf2k.exe
    O4 - Startup: Screen Saver Control.lnk = C:\WINDOWS\FSScrCtl.exe
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Firewall Client Connectivity Monitor.LNK = C:\Program Files\Microsoft Firewall Client\ISATRAY.EXE
    O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
    O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
    O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
    O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
    O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
    O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (file missing)
    O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\WINDOWS\System32\shdocvw.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
    O9 - Extra button: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @C:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O14 - IERESET.INF: START_PAGE_URL=http://msw
    O15 - Trusted Zone: http://*.pvtus
    O15 - Trusted Zone: http://*.team
    O16 - DPF: {01111E00-3E00-11D2-8470-0060089874ED} - http://fasthelp.dns.microsoft.com/sdccommon/download/tgctlsi.cab
    O16 - DPF: {080A1CC0-369E-40FD-BFCD-AF7937C98DA2} (QBFileDialog.ctlQBFileDialog) - http://pvtus/query/QBFileDialog.CAB
    O16 - DPF: {0B7C4DAD-4047-411B-BD3F-82BBE3539C89} (PVTHelper.Export) - http://pvtus/bin/PVTHelper.CAB
    O16 - DPF: {156BF4B7-AE3A-4365-BD88-95A75AF8F09D} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {253A9D23-F982-11D4-8BE4-00D0B7E61414} (SiebelHTMLApplication Class) - https://siebelpreprod.partners.extranet.microsoft.com/sales_enu/16180/applets/siebelhtml.cab
    O16 - DPF: {275E2FE0-7486-11D0-89D6-00A0C90C9B67} (MCSiMenuCtl Class) - http://activex.microsoft.com/controls/mcsi/mcsimenu.cab
    O16 - DPF: {3299935F-2C5A-499A-9908-95CFFF6EF8C1} (Quicksilver Class) - http://ca1mikpws001.ops.placeware.com/etc/place/MIKE/MIKpws-1b/5.1.4.243/lib/quicksilver.cab
    O16 - DPF: {3DC2E31C-371A-4BD3-9A27-CDF57CE604CF} (MSN Money Charting) - http://moneycentral.msn.com/cabs/pmupd806.exe
    O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-3-36.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {6706C0DA-2FA7-4FF5-8975-3CD44CC65E7E} (Siebel Option Pack for IE 7.5.3) - https://siebelpreprod.partners.extranet.microsoft.com/sales_enu/16180/applets/SiebelOptionPack.cab
    O16 - DPF: {6A4033C0-9317-4380-B502-ABEFECE77372} (PMCTInfo.Info) - http://pvtus/bin/PMCTInfo.CAB
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1123634454162
    O16 - DPF: {712362BF-E411-4F43-99D2-EB15F80AF1DB} (MsneDiag Class) - http://entimg.msn.com/client/msnediag2729.cab
    O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
    O16 - DPF: {7584C670-2274-4EFB-B00B-D6AABA6D3850} (Microsoft RDP Client Control (redist)) - https://selling.partners.extranet.microsoft.com/Global/msrdp_3790.cab
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/virusinfo/webscan.cab
    O16 - DPF: {85D7A0B1-8BB3-4AAC-8B39-6C366FD54E6C} (PMCTRelVie.RELViewer) - http://pvtus/bin/PMCTRelViewer.CAB
    O16 - DPF: {8F4F3368-54CA-4268-8225-0F4367472CF4} (MailClient Class) - https://siebelpreprod.partners.extranet.microsoft.com/sales_enu/16180/applets/SiebExtMailClient.cab
    O16 - DPF: {94B82441-A413-4E43-8422-D49930E69764} (TLIEFlashObj Class) - https://rtc1.webresponse.one.microsoft.com/media/Visitorchat/TLIEFlash.CAB
    O16 - DPF: {963BE66B-121D-4E6C-BF9F-1A774D9A2E41} - http://moneycentral.msn.com/cabs/pmupdate2.exe
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {9B57C630-AA6E-440D-8D44-D34542E5531A} (SendMail Class) - http://www113.placeware.com/etc/static/MIKrapidweb/2004-10-22-17-54-08/MailObjects.cab
    O16 - DPF: {A3655053-996D-11D0-906E-00C04FD70320} (ExpClient Class) - http://msexpense/msxpclnt.cab
    O16 - DPF: {B2AC7E66-DE58-4FB8-AD57-F19D94C4F840} (PVT.clsUtilities) - http://pvtus/query/PVT.CAB
    O16 - DPF: {B92AB0FF-9128-404F-9FFE-5549A2D85ED7} (EDManUI.EDMFramework) - https://accmanng/EDManUI.CAB
    O16 - DPF: {C453C3BF-8A50-477E-91F7-537427EBB7CB} (TMS15Cal.CalControl) - http://tms/calendar/TMS15Cal.CAB
    O16 - DPF: {ED28050F-D713-43BA-A376-DCC5C35407D5} (MsnMusicAx Class) - http://entimg.msn.com/client/msnmusax2729.cab
    O16 - DPF: {F127B9BA-89EA-4B04-9C67-2074A9DF61FC} (PCUploader Class) - http://costco.internetimagingnetwork.com/activex/PCAXSetup.cab?
    O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://mssales/controls/ikcntrls.cab
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
    O17 - HKLM\Software\..\Telephony: DomainName = redmond.corp.microsoft.com
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
    O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = redmond.corp.microsoft.com
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido anti-malware\ewidoguard.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: eTrust Antivirus RPC Server (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRpc.exe
    O23 - Service: eTrust Antivirus Realtime Server (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoRT.exe
    O23 - Service: eTrust Antivirus Job Server (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrust Antivirus\InoTask.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Event Log Watch (LogWatch) - Unknown owner - C:\WINDOWS\LogWatNT.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
     
    BillyBaroo,
    #3
  5. 2006/01/04
    BillyBaroo

    BillyBaroo Inactive Thread Starter

    Joined:
    2006/01/03
    Messages:
    4
    Likes Received:
    0
    Bit Defender and Panda Active Scan logs below - thanks in advance.....

    BitDefender Online Scanner



    Scan report generated at: Tue, Jan 03, 2006 - 21:43:00





    Scan path: C:\CA_LIC;C:\Documents and Settings;C:\Drivers;C:\gdr;C:\hidownload;C:\HijackThis;C:\Hymn;C:\i386;C:\IPSEC;C:\lj631en;C:\My Documents;C:\My Downloads;C:\Program Files;C:\SWSetup;C:\temp;C:\WINDOWS;C:\WUTemp;







    Statistics

    Time
    01:53:50

    Files
    1395717

    Folders
    4830

    Boot Sectors
    2

    Archives
    2944

    Packed Files
    52637




    Results

    Identified Viruses
    6

    Infected Files
    12

    Suspect Files
    0

    Warnings
    0

    Disinfected
    0

    Deleted Files
    12




    Engines Info

    Virus Definitions
    249137

    Engine build
    AVCORE v1.0 (build 2292) (i386) (Mar 3 2005 11:57:29)

    Scan plugins
    13

    Archive plugins
    39

    Unpack plugins
    4

    E-mail plugins
    6

    System plugins
    1




    Scan Settings

    First Action
    Disinfect

    Second Action
    Delete

    Heuristics
    Yes

    Enable Warnings
    Yes

    Scanned Extensions
    *;

    Exclude Extensions


    Scan Emails
    Yes

    Scan Archives
    Yes

    Scan Packed
    Yes

    Scan Files
    Yes

    Scan Boot
    Yes




    Scanned File
    Status

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>GetAccess.class
    Infected with: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>GetAccess.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>GetAccess.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip
    Updated

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>InsecureClassLoader.class
    Infected with: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>InsecureClassLoader.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>InsecureClassLoader.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip
    Updated

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>Dummy.class
    Infected with: Trojan.Java.Classloader.Dummy.A

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>Dummy.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>Dummy.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip
    Updated

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>Installer.class
    Infected with: Java.Trojan.OpenConnection.F

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>Installer.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip=>Installer.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\classload.jar-50757294-377a72cc.zip
    Updated

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>BlackBox.class
    Infected with: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>BlackBox.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>BlackBox.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip
    Updated

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>VerifierBug.class
    Infected with: Java.Trojan.Exploit.Bytverify.C

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>VerifierBug.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>VerifierBug.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip
    Updated

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>Dummy.class
    Infected with: Java.Trojan.Exploit.Bytverify

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>Dummy.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>Dummy.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip
    Updated

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>Beyond.class
    Infected with: Java.Trojan.Exploit.Bytverify.C

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>Beyond.class
    Disinfection failed

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip=>Beyond.class
    Deleted

    C:\Documents and Settings\billbos\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\count.jar-3ac0bfc6-34a25af9.zip
    Updated

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF304GLF304.EXE=>wise0008
    Infected with: Trojan.Downloader.TSUpdate.F

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF304GLF304.EXE=>wise0008
    Disinfection failed

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF304GLF304.EXE=>wise0008
    Deleted

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF304GLF304.EXE
    Update failed

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF324GLF324.EXE=>wise0008
    Infected with: Trojan.Downloader.TSUpdate.F

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF324GLF324.EXE=>wise0008
    Disinfection failed

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF324GLF324.EXE=>wise0008
    Deleted

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF324GLF324.EXE
    Update failed

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF32DGLF32D.EXE=>wise0008
    Infected with: Trojan.Downloader.TSUpdate.F

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF32DGLF32D.EXE=>wise0008
    Disinfection failed

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF32DGLF32D.EXE=>wise0008
    Deleted

    C:\Documents and Settings\billbos\Local Settings\Temp\GLF32DGLF32D.EXE
    Update failed

    C:\Documents and Settings\billbos\Local Settings\Temporary Internet Files\Content.IE5\61CREDY9\aconnect[1].htm
    Infected with: Exploit.Html.Codebase.Exec.Gen

    C:\Documents and Settings\billbos\Local Settings\Temporary Internet Files\Content.IE5\61CREDY9\aconnect[1].htm
    Disinfection failed

    C:\Documents and Settings\billbos\Local Settings\Temporary Internet Files\Content.IE5\61CREDY9\aconnect[1].htm
    Deleted


    Panda ActiveScan:

    Incident Status Location

    Virus:WM/Concept.A Not disinfected Personal Folders\Admin\Letter to Office Max\LettertoOfficeMAX.doc
    Adware:adware/securityerror Not disinfected C:\Documents and Settings\billbos\Favorites\Antivirus Test Online.url
    Adware:adware/sahagent Not disinfected C:\Documents and Settings\billbos\Local Settings\Temp\cdt1001.sah
    Adware:adware/spyaxe Not disinfected C:\WINDOWS\system32\hpEC0A.tmp
     
    BillyBaroo,
    #4
  6. 2006/01/04
    BillyBaroo

    BillyBaroo Inactive Thread Starter

    Joined:
    2006/01/03
    Messages:
    4
    Likes Received:
    0
    looking through the post made by addictive76, re: his problems with SpyAxe, I tried the link posted by Dennis (http://forums.mcafeehelp.com/viewtopic.php?t=65072) and looks like I'm clean of all viruses now, and have regained control of my startup page. The only remaining spyware is 2o7.net. I can't seem to get rid of this one - but from what i can read about it online, it does not sound like a serious threat. If anyone knows anything about 2o7.net, would appreciate any info or recommendations they could share. thanks
     
    BillyBaroo,
    #5
  7. 2006/01/05
    Welshjim

    Welshjim Inactive

    Joined:
    2002/01/07
    Messages:
    5,643
    Likes Received:
    0
    BillyBaroo--2o7.net is a tracking cookie from a company called Omniture. This link offers to remove it
    http://labs.paretologic.com/spyware.aspx?remove=2o7.net Cookie
    I have not used this fix, but the company looks reputable. Perhaps scan the download with your antivirus program first before using it.
    Also for the future install SpywareBlaster
    http://www.javacoolsoftware.com/spywareblaster.html
    It just runs in the background, so no scans needed, but you have to update it every week or so. It would have stopped 2o7.net from depositing on your PC.
    P.S. I am surprised AdAware did not find 2o7.net. AA is pretty good about finding tracking cookies.
     
    Welshjim,
    #6

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...