1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Outbound Email [trojan taskdir]

Discussion in 'Malware and Virus Removal Archive' started by Cupra666, 2006/03/25.

  1. 2006/03/25
    Cupra666

    Cupra666 Inactive Thread Starter

    Joined:
    2006/03/24
    Messages:
    10
    Likes Received:
    0
    Im currently using ZoneAlarm virus protection.With this, a small box pops up when certain things are trying to access certain files and folders on my system,or ZoneAlarm asks me if i want accept or deny various things,etc....

    Anywho,im frequently getting asked if i would like to "accept or deny" permission to send (from outbound email) mail to address that i do not recognise.It also says that "taskdir.exe has violated outbound email rules due to sending more than 5 emails in 2 secs "

    Im currently denying everytime i see this box.
    Ive never seen this before,and considering ive only recently starting using this certain virus protection,does this mean this has been going on for a while?

    Why the hell am i sending email to unknown address'??
    I have no knowledge about outbound email...
    Cant seem to get rid of this "problem" by doing a virus scan either!

    Can anyone help?
     
    Last edited: 2006/03/25
    Cupra666,
    #1
  2. 2006/03/25
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    It looks like you have a trojan aboard ....

    Download, install, and update the free version of Ewido trojan scanner:
    When installing, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu ".
    Run Ewido and post the log here.

    Download HijackThis through Quicklinks in my signature, save it to a folder on your hard drive, say C:\HJT - not to the Desktop or a temporary location, run it and post the log here too.

    Moved your thread to the Removing Spyware & Viruses forum.
     
    PeteC,
    #2


  3. to hide this advert.

  4. 2006/03/25
    Cupra666

    Cupra666 Inactive Thread Starter

    Joined:
    2006/03/24
    Messages:
    10
    Likes Received:
    0
    Thanks for the quick reply.

    Ive downloaded and installed both ewido and HijackThis.

    When running a scan on ewido,it gets up to 43.9%,scanned objects 106.850,infected objects 50 :)eek: ),currently scanning...files-C:\Documents and Settings\me\Desktop\Unused Desktop Shortcuts\Windows Medi....(cant see the rest)

    Then i receive a pop up "SecuritySuite.exe needs to close,send or do not send an error report to Microsoft "

    Ive tried a few times an this keeps happening...Im extremly worried about the security of my system,so many "strange" and new things keep occuring.

    Anyway here is the report from HijackThis.Hope this helps...

    Logfile of HijackThis v1.99.1
    Scan saved at 20:27:12, on 25/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
    C:\WINDOWS\system32\TPSBattM.exe
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\Program Files\ewido anti-malware\SecuritySuite.exe
    C:\WINDOWS\system32\dwwin.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKCU\..\Run: [ZDelete] C:\PROGRA~1\LSOFTT~1\ACTIVE~1.NET\ZDelete.exe
    O4 - HKCU\..\Run: [ZDelete] C:\PROGRA~1\LSOFTT~1\ACTIVE~1.NET\ZDelete.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137765687015
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
     
    Cupra666,
    #3
  5. 2006/03/25
    Cupra666

    Cupra666 Inactive Thread Starter

    Joined:
    2006/03/24
    Messages:
    10
    Likes Received:
    0
    Just managed to create a report from ewido,at first i was using full system scan and i was getting the problem described in my last post.

    Tried a fast scan and this is the report...


    ---------------------------------------------------------
    ewido anti-malware - Scan report
    ---------------------------------------------------------

    + Created on: 21:06:59, 25/03/2006
    + Report-Checksum: 5B600193

    + Scan result:

    [2820] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Cleaned with backup
    [2924] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
    [3332] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
    [3380] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
    [2440] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
    [10596] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
    [11528] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
    [13424] C:\WINDOWS\system32\taskdir.dll -> Proxy.Lager.aq : Error during cleaning
    C:\WINDOWS\system32\parad.raw.exe -> Trojan.Small : Cleaned with backup
    C:\WINDOWS\system32\voblaizdupla.exe -> Downloader.Small.ciw : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@ad.yieldmanager[1].txt -> TrackingCookie.Yieldmanager : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@adbrite[1].txt -> TrackingCookie.Adbrite : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@as-us.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@as1.falkag[2].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@cnetasiapacific.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@cnn.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@cz6.clickzs[1].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@cz8.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfk4sodzako.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfk4uhcpmlo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfkocidzikq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfkoogdpobo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfkywocpihp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wflielc5wko.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfloghczieq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfmignd5mho.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfmiuic5shp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfmyepazkao.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wfmyepc5mdo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgkiakc5kbp.stats.esomniture[1].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgkokpdjmkq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgkowkazcep.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgkyakc5sdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wgl4elajmhp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjl4cpcpceo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjlocmczalo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjmigjajklq.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjmyuidjmfo.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@e-2dj6wjnywkd5gdp.stats.esomniture[2].txt -> TrackingCookie.Esomniture : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@ehg-sigames.hitbox[1].txt -> TrackingCookie.Hitbox : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@free.wegcash[2].txt -> TrackingCookie.Wegcash : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@image.masterstats[1].txt -> TrackingCookie.Masterstats : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@ivwbox[1].txt -> TrackingCookie.Ivwbox : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@login.tracking101[2].txt -> TrackingCookie.Tracking101 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@microsofteup.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@microsoftwga.112.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@partygaming.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@premiumtv.122.2o7[1].txt -> TrackingCookie.2o7 : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@rotator.adjuggler[1].txt -> TrackingCookie.Adjuggler : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@sel.as-us.falkag[1].txt -> TrackingCookie.Falkag : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@stat.onestat[2].txt -> TrackingCookie.Onestat : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@stats1.reliablestats[2].txt -> TrackingCookie.Reliablestats : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@tacoda[2].txt -> TrackingCookie.Tacoda : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@vip.clickzs[2].txt -> TrackingCookie.Clickzs : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@webstat[1].txt -> TrackingCookie.Web-stat : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@www.myaffiliateprogram[1].txt -> TrackingCookie.Myaffiliateprogram : Cleaned with backup
    C:\Documents and Settings\Scott\Cookies\scott@yadro[1].txt -> TrackingCookie.Yadro : Cleaned with backup


    ::Report End
     
    Cupra666,
    #4
  6. 2006/03/25
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Your HJT log appears to be clean - I do wonder about the 02 entry in the list below though, but there are a few 'file missing' entries that you can fix by running another HJT scan and selecting to fix these items ....

    O2 - BHO: (no name) - {77701e16-9bfe-4b63-a5b4-7bd156758a37} - (no file)
    O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing
    O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe (file missing)
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    A number of these files reference your Avast antivirus software - would be wise to re-install it.

    Some trojans and other uninvited guests do manage to hide from HJT so the log is not infallible.

    Please post another HJT log after fixing.

    The Ewido scan has picked up a couple of trojans and a downloader plus a bunch of tracking cookies.

    Navigate to C:\WINDOWS\system32\ and see if taskdir.dll is still present - if so delete it.
    You probably need to beef up your security....

    Make sure that Zone Alarm is updated to the latest version and that Avast is also updated regularly, either automatically or manually.

    Tracking cookies are not generally a real threat, but are an invasion of your privacy as they 'phone home' with your browsing habits.

    I suggest you .....

    Download Microsoft Windows Defender - this provides real time protection against spyware and autoscans and autoupdates.

    Download SpywareBlaster, update and 'Enable all protection' - this provides permanent protection against a host of nasties.

    In Internet Explorer go Tools > Internet Options > Privacy and set the cookie slider to Medium or Medium High (preferred)

    Also read How to surf more safely with Internet Explorer (Windows XP SP2 version)

    And finally - is the problem resolved?
     
    PeteC,
    #5
  7. 2006/03/26
    Cupra666

    Cupra666 Inactive Thread Starter

    Joined:
    2006/03/24
    Messages:
    10
    Likes Received:
    0
    Ive taken the advice you have given,here is my HijackThis report after i fixed the selected entries.

    Logfile of HijackThis v1.99.1
    Scan saved at 16:10:51, on 26/03/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Windows Defender\MsMpEng.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    C:\Program Files\ewido anti-malware\ewidoctrl.exe
    C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\igfxtray.exe
    C:\WINDOWS\system32\ZoomingHook.exe
    C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    C:\WINDOWS\system32\TPSMain.exe
    C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    C:\WINDOWS\system32\TCtrlIOHook.exe
    C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    C:\Program Files\TOSHIBA\ConfigFree\NDSTray.exe
    C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\dla\tfswctrl.exe
    C:\Program Files\TOSHIBA\ConfigFree\CFSServ.exe
    C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    C:\Program Files\Apoint2K\Apoint.exe
    C:\WINDOWS\AGRSMMSG.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
    C:\Program Files\Apoint2K\Apntex.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
    C:\WINDOWS\system32\TPSBattM.exe
    C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
    C:\Program Files\Toshiba\TOSHIBA Controls\TFncKy.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Program Files\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - Default URLSearchHook is missing
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [Zooming] ZoomingHook.exe
    O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
    O4 - HKLM\..\Run: [UnlockerAssistant] C:\Program Files\Unlocker\UnlockerAssistant.exe
    O4 - HKLM\..\Run: [Tvs] C:\Program Files\TOSHIBA\Tvs\TvsTray.exe
    O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
    O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
    O4 - HKLM\..\Run: [TOSHIBA Accessibility] C:\Program Files\TOSHIBA\Accessibility\FnKeyHook.exe
    O4 - HKLM\..\Run: [TCtryIOHook] TCtrlIOHook.exe
    O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files\Toshiba\Windows Utilities\SVPWUTIL.exe SVPwUTIL
    O4 - HKLM\..\Run: [SsAAD.exe] C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
    O4 - HKLM\..\Run: [SmoothView] C:\Program Files\TOSHIBA\TOSHIBA Zooming Utility\SmoothView.exe
    O4 - HKLM\..\Run: [PadTouch] C:\Program Files\TOSHIBA\Touch and Launch\PadExe.exe
    O4 - HKLM\..\Run: [NDSTray.exe] NDSTray.exe
    O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\iWare\iWare Mouse\3.2\MOUSE32A.EXE
    O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\TOSHIBA Applet\HWSetup.exe hwSetUP
    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
    O4 - HKLM\..\Run: [CFSServ.exe] CFSServ.exe -NoClient
    O4 - HKLM\..\Run: [CeEKEY] C:\Program Files\TOSHIBA\E-KEY\CeEKey.exe
    O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
    O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
    O4 - HKCU\..\Run: [ZDelete] C:\PROGRA~1\LSOFTT~1\ACTIVE~1.NET\ZDelete.exe
    O4 - HKCU\..\Run: [ZDelete] C:\PROGRA~1\LSOFTT~1\ACTIVE~1.NET\ZDelete.exe
    O4 - HKCU\..\Run: [Windows Registry Repair Pro] C:\Program Files\3B Software\Windows Registry Repair Pro\RegistryRepairPro.exe 4
    O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Bluetooth Manager.lnk = ?
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1137765687015
    O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
    O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
    O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Program Files\TOSHIBA\ConfigFree\CFSvcs.exe
    O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
    O23 - Service: SonicStage SCSI Service (SSScsiSV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SSScsiSV.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    Things definitly seem to be getting better,however,i still belive i have a corrupt profile.
    I cannot open my favourites folder,when i try to create a new user profile,i get stuck on the welcome screen and it wont allow me to continue.
    Any idea what the problem could be?
    Thanks
     
    Cupra666,
    #6
  8. 2006/03/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Your log appears to be clean, but some of the missing files entries have returned ....

    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)

    Did you reinstall Avast? Do you use a program called WinPCap - not one I have heard of before.

    When you try to open your Favourites folder do you get an error message or does nothing happen at all?
     
    PeteC,
    #7
  9. 2006/03/26
    Cupra666

    Cupra666 Inactive Thread Starter

    Joined:
    2006/03/24
    Messages:
    10
    Likes Received:
    0
    Yes i reinstalled avast,i also ran the scan upon boot up as advised by avast.

    Ive never heard of WinPCap,seems strange that there is exsistance of it on my system.Im on a wireless network though,would that have anything to do with it seeing as its a packet capture tool.

    When trying to open favorites on Internet Explorer or even from start menu,as soon as i double click on the folder,a microsoft error report pops up asking me if i would like to send or not.This also happens when i browse through various folders on my system.I belive it is corrupted.

    Ive tried creating a different user but i can not get passed the welcome screen,it seems to stay on a blank blue screen and wont budge!!

    Im seriously thinking of reinstalling windows,would you advise?

    Thanks
     
    Cupra666,
    #8
  10. 2006/03/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    Look in Event Viewer for an error message timed at the same time that you tried to open a favourite. Right click on My Computer > Manage > Event Viewer - look in both System and Application. Errors are flagged with a white cross on a red ground, Warnings by a yellow exclamation mark. All the rest are just informative. To open an error message double click on it and click on the icon below the up/down arrows to copy to clipboard and paste here if appropriate.
    Reading your other thread it would be a reasonable option. Personally i would not go for a repair install under these circumstances, but would opt for a fresh install with format. There is no guarantee that a repair would rid you of a trojan if one still lurks on your computer.

    Bear in mind that a format wipes the hard drive completely and everything on the disk is lost. You would need to backup all your personal data to CD/DVD before a clean install.

    If you choose to go down this route I have a set of guidance notes which I will post if and when you make the decision to clean install XP.

    BTW do you have a full retail XP CD or a Recovery CD?
     
    PeteC,
    #9
  11. 2006/03/26
    Cupra666

    Cupra666 Inactive Thread Starter

    Joined:
    2006/03/24
    Messages:
    10
    Likes Received:
    0
    This is the report from the exact time i tried to open Favorites on IE.

    Event Type: Error
    Event Source: Application Error
    Event Category: None
    Event ID: 1000
    Date: 26/03/2006
    Time: 20:52:17
    User: N/A
    Computer: SCOTTSLAPTOP
    Description:
    Faulting application iexplore.exe, version 6.0.2900.2180, faulting module kernel32.dll, version 5.1.2600.2180, fault address 0x0000f26f.

    For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
    Data:
    0000: 41 70 70 6c 69 63 61 74 Applicat
    0008: 69 6f 6e 20 46 61 69 6c ion Fail
    0010: 75 72 65 20 20 69 65 78 ure iex
    0018: 70 6c 6f 72 65 2e 65 78 plore.ex
    0020: 65 20 36 2e 30 2e 32 39 e 6.0.29
    0028: 30 30 2e 32 31 38 30 20 00.2180
    0030: 69 6e 20 6b 65 72 6e 65 in kerne
    0038: 6c 33 32 2e 64 6c 6c 20 l32.dll
    0040: 35 2e 31 2e 32 36 30 30 5.1.2600
    0048: 2e 32 31 38 30 20 61 74 .2180 at
    0050: 20 6f 66 66 73 65 74 20 offset
    0058: 30 30 30 30 66 32 36 66 0000f26f
    0060: 0d 0a ..


    I think i'll seek a professional to do a reinstall of windows,your guidance notes would still be interesting to me though if you wouldnt mind emailing them to me or posting.

    The only CD-ROM i can find that came with my laptop is, "Product Recovery DVD-ROM "

    I take that this is the right CD?
     
    Cupra666,
    #10
  12. 2006/03/26
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    The error report indicates a problem with Internet Explorer - so no real surprise there :)

    For your interest How to reinstall or repair Internet Explorer and Outlook Express in Windows XP As you have SP2 the solution is to basically to reinstall SP2 which you would need to download (266 Mb, so DSL essential) or get the CD from Microsoft. As SP2 is already installed on your computer Windows update will obviously not offer it to you.

    Your Product Recovery DVD-ROM is what is known as a Recovery CD which when run will (generally) format the drive and restore your computer to the state it was in when delivered to you. In other words it contains a mirror copy of your hard drive as delivered. Please note the need to back up your personal data before running the Recovery CD as I posted earlier. My notes are for reinstalling XP from a retail XP CD, i.e. the full XP installation CD as bought over the counter and are not relevant in your case, but I will still post them if you are interested.
     
    PeteC,
    #11
  13. 2006/03/27
    Cupra666

    Cupra666 Inactive Thread Starter

    Joined:
    2006/03/24
    Messages:
    10
    Likes Received:
    0
    Thanks for your help PeteC,i've tried the Microsoft Support and im still having problems with my system..im getting frequent error reports and i think its about time to ease my mind and re-install my system.
    As long as i back up my personal data all should return to as good as new.
    Will post back if i need any help and again,Thankyou.
     
    Cupra666,
    #12
  14. 2006/03/27
    PeteC

    PeteC SuperGeek Staff

    Joined:
    2002/05/10
    Messages:
    28,896
    Likes Received:
    389
    You're welcome - and good luck :)
     
    PeteC,
    #13

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...