| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 64674 | 2005-12-23 01:05:00 | W32.Sinnaka.A@mm or Spy Trooper | cookiemonster (9463) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 415046 | 2005-12-26 02:34:00 | From my laptop,managed to workout how to get online via the router(eazy peasy :lol: ) Find below the log files from Ewido and HijackThis --------------------------------------------------------- ewido anti-malware - Scan report --------------------------------------------------------- + Created on: 1:13:42 PM, 26/12/2005 + Report-Checksum: 6D0DC60 + Scan result: C:\Documents and Settings\Phil\Cookies\phil@ads.addynamix[1].txt -> Spyware.Cookie.Addynamix : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@ads.pointroll[2].txt -> Spyware.Cookie.Pointroll : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@as-us.falkag[1].txt -> Spyware.Cookie.Falkag : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@atdmt[2].txt -> Spyware.Cookie.Atdmt : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@fastclick[2].txt -> Spyware.Cookie.Fastclick : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@mediaplex[1].txt -> Spyware.Cookie.Mediaplex : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@microsoftwga.112.2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@questionmarket[1].txt -> Spyware.Cookie.Questionmarket : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@serving-sys[2].txt -> Spyware.Cookie.Serving-sys : Cleaned without backup C:\Documents and Settings\Phil\Cookies\phil@tradedoubler[1].txt -> Spyware.Cookie.Tradedoubler : Cleaned without backup C:\RECYCLER\NPROTECT\00037292.DLL -> Dialer.Generic : Cleaned without backup C:\WinAntiVirus Pro 2006\Quarantine\00037430.EXEfsavtqve -> Downloader.Zlob.cc : Cleaned without backup C:\WinAntiVirus Pro 2006\Quarantine\00037440.DLLkxdnhnsv -> Adware.SpySheriff : Cleaned without backup C:\WinAntiVirus Pro 2006\Quarantine\00037444.DLLwcxbggro -> Adware.SpySheriff : Cleaned without backup C:\WinAntiVirus Pro 2006\Quarantine\00037446.EXEexxknzgx -> Adware.SpySheriff : Cleaned without backup C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N56M1011NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.c : Cleaned without backup ::Report End *************************** HijackThis log file: Logfile of HijackThis v1.99.1 Scan saved at 1:17:32 PM, on 26/12/2005 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis 1.99.1\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = xtramsn.co.nz O3 - Toolbar: & Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\ Yahoo! \COMPAN~1\Installs\cpn\ycomp5_5_ 7_0.dll (file missing) O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe O4 - HKLM\..\Run: [EN WLAN Utility] C:\Program Files\WLAN Utility\WlanMon.exe O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe O4 - HKLM\..\Run: [CMTNotif.exe] C:\MAXON\CMTNotif.exe O4 - HKLM\..\Run: [Mirabilis ICQ] C:\PROGRA~1\ICQ\ICQNet.exe O4 - HKLM\..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe O4 - HKLM\..\Run: [FNI.WA6P_0001_FNICP53] "C:\Documents and Settings\Phil\Local Settings\Temporary Internet Files\Content.IE5\KXMF8H2F\WA6PInstall[1].exe" O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background O4 - HKCU\..\Run: [Start WingMan Profiler] "C:\Program Files\Logitech\Profiler\lwemon.exe" /noui O4 - HKCU\..\Run: [ Yahoo! Pager] C:\Program Files\ Yahoo! \Messenger\ypager.exe -quiet O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe O4 - Global Startup: GetRight - Tray Icon.lnk = C:\Program Files\GetRight\getright.exe O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html O8 - Extra context menu item: & Yahoo! Search - file:///C:\Program Files\ Yahoo! \Common/ycsrch.htm O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html O8 - Extra context menu item: Download with GetRight - C:\Program Files\GetRight\GRdownload.htm O8 - Extra context menu item: Open with GetRight Browser - C:\Program Files\GetRight\GRbrowse.htm O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\ Yahoo! \Common/ycdict.htm O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\ Yahoo! \Common/ycmap.htm O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\ Yahoo! \Messenger\yhexbmes0521.dll O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O15 - Trusted Zone: http://*.billingnow.com O15 - Trusted Zone: http://*.reliablestats.com O15 - Trusted Zone: http://*.winantispyware.com O15 - Trusted Zone: http://*.winantivirus.com O15 - Trusted Zone: http://*.winantiviruspro.com O15 - Trusted Zone: http://*.winfixer.com O15 - Trusted Zone: http://*.winnanny.com O15 - Trusted Zone: http://*.winsoftware.com O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - messenger.zone.msn.com O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - zone.msn.com O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - go.microsoft.com O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - messenger.zone.msn.com O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\ Yahoo! \Common\yinsthelper.dll O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - zone.msn.com O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - zone.msn.com O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - security.symantec.com O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - update.microsoft.com O16 - DPF: {8C279F4E-917E-4CD2-8DF0-D9C73C0CE763} (ZPA_WheelOfFortune Object) - zone.msn.com O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - messenger.zone.msn.com O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - zone.msn.com O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - zone.msn.com O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - fdl.msn.com O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - messenger.zone.msn.com O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe c:waughh::waughh:kiem:help:nster |
cookiemonster (9463) | ||
| 415047 | 2005-12-26 11:41:00 | To help clean out Trusted Zones,download and run DELDOMAINS (www.norbiesworld.co.uk) then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu. Run HJT and then fix these items.... O15 - Trusted Zone: http://*.billingnow.com O15 - Trusted Zone: http://*.reliablestats.com O15 - Trusted Zone: http://*.winantispyware.com O15 - Trusted Zone: http://*.winantivirus.com O15 - Trusted Zone: http://*.winantiviruspro.com O15 - Trusted Zone: http://*.winfixer.com O15 - Trusted Zone: http://*.winnanny.com O15 - Trusted Zone: http://*.winsoftware.com |
Pancake (6359) | ||
| 415048 | 2005-12-26 20:27:00 | To help clean out Trusted Zones,download and run DELDOMAINS ( . norbiesworld . co . uk/Downloads/c=9 . html" target="_blank">www . norbiesworld . co . uk) then double click to open the DelDomains . inf . To execute the file: right-click and Select 'Install' from the Menu . Run HJT and then fix these items . . . . O15 - Trusted Zone: http://* . billingnow . com O15 - Trusted Zone: http://* . reliablestats . com O15 - Trusted Zone: http://* . winantispyware . com O15 - Trusted Zone: http://* . winantivirus . com O15 - Trusted Zone: http://* . winantiviruspro . com O15 - Trusted Zone: http://* . winfixer . com O15 - Trusted Zone: http://* . winnanny . com O15 - Trusted Zone: http://* . winsoftware . com All of the above,done in safe mode or normal? c:waughh::help:kiem;)nster |
cookiemonster (9463) | ||
| 415049 | 2005-12-26 23:58:00 | Hi Normal is fine... |
Pancake (6359) | ||
| 415050 | 2005-12-27 02:37:00 | Cheers,once activation code arrives,will be able to complete my laptop virus,hopefully . c:):nerd:kiem:illogicalnster P . S . I'm :thumbs::thumbs:f on a xmass/New years pub crawl . . . . Will post in the New Year . |
cookiemonster (9463) | ||
| 415051 | 2005-12-27 02:39:00 | Cheers,once activation code arrives,will be able to complete my laptop virus,hopefully. what on earth does that mean? |
bartsdadhomer (80) | ||
| 415052 | 2005-12-27 07:53:00 | You've got to be a member(to download the required files . ) joinin the forum,activation code required(sent within 24hrs)<<<In a nut shell Or did you mean the xmas/new years pub crawl??(I've got the dice . . . . . :lol: ) c:2cents::2cents:kiem;)nster |
cookiemonster (9463) | ||
| 415053 | 2005-12-27 08:06:00 | To help clean out Trusted Zones,download and run DELDOMAINS (www.norbiesworld.co.uk) then double click to open the DelDomains.inf .To execute the file: right-click and Select 'Install' from the Menu.Is there no other way to fix those files without having to register as a member of that website before being allowed to download the fix? Seems like that suggestion only slows down the fixing of the issue if you have to wait some time for the activation email. I see it only has been downloaded 14 times as well in total. :confused: |
Jen (38) | ||
| 415054 | 2005-12-27 08:19:00 | cookiemonster,try this site instead....its a straight download.Sorry.I did not know the site has been changed. mvps.org |
Pancake (6359) | ||
| 415055 | 2005-12-27 16:06:00 | Sorry will change that now! *Changed* |
norbie (9464) | ||
| 1 2 3 4 5 6 7 8 | |||||