ComputerForum.com ComputerForum.com  
TigerDirect
  
Go Back   Computer Forum > Computer Software > Computer Security
Probs with adware despite rung several anti spyware Probs with adware despite rung several anti spyware
Register FAQ Members List Calendar Mark Forums Read

Reply
Page 1 of 3 1 23 >
 
LinkBack Thread Tools Display Modes
Old 01-10-2008, 09:18 AM   #1 (permalink)
Bronze Member
 
Join Date: Jul 2005
Location: Holywell North Wales
Posts: 73
Default Probs with adware despite rung several anti spyware
Hello
despite running several antispyware programs I cannot rid my machine of admonde file. Any help appreciated.


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 09:13:10, on 10/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\WINDOWS\system32\BRSPL01A.EXE
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Spyware Doctor\svcntaux.exe
C:\Program Files\Spyware Doctor\swdsvc.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\system32\atwtusb.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\SDTrayApp.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Documents and Settings\Cesare\Desktop\HiJackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Int ernet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ContributeBHO Class - {074C1DC5-9320-4A9A-947D-C042949C6216} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: {43e23882-3e40-9f88-6c34-4d9eb4eeab83} - {38baee4b-e9d4-43c6-88f9-04e328832e34} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Watson BHO - {B85B5D0E-E7C3-11D2-9ECF-00104BFF1A51} - C:\Program Files\Intellext\PaperPort Watson\WatsonIEAdapter.dll
O3 - Toolbar: PaperPort Watson Toolbar - {1EE1AB45-223D-4677-B7CE-47C04F934347} - C:\Program Files\Intellext\PaperPort Watson\WatsonIEAdapter.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Contribute Toolbar - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files\Adobe\/Adobe Contribute CS3/contributeieplugin.dll
O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\NPJPI142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\NPJPI142.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/micr...?1182186240625
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Skype\toolbars\Shared\Skype4ComAPI.dll
O23 - Service: Adobe Version Cue CS3 - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\Adobe Version Cue CS3\Server\bin\VersionCueCS3.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762# # (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: BrSplService (Brother XP spl Service) - brother Industries Ltd - C:\WINDOWS\system32\brsvc01a.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: OracleClientCache80 - Unknown owner - C:\ORACLE\ora90\BIN\ONRSD80.EXE
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
O23 - Service: WTService - Unknown owner - C:\WINDOWS\system32\atwtusb.exe

--
End of file - 9594 bytes
altvic is offline   Reply With Quote


Old 01-10-2008, 05:47 PM   #2 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,930
Default
Hello! I haven't found anything malicious in your log.
To be sure I want you to run a Kaspersky online scan.
Order to use it you have to use Internet Explorer.
Go to Kaspersky and click the Accept button at the end of the page.

Note for Internet Explorer 7 users: If at any time you have trouble with the accept button of the licence, click on the Zoom tool located at the right bottom of the IE window and set the zoom to 75 %. Once the license accepted, reset to 100%.
  • Read the Requirements and limitations before you click Accept.
  • Allow the ActiveX download if necessary.
  • Once the database has downloaded, click Next.
  • Click Scan Settings and change the "Scan using the following antivirus database" from standard to extended and then click OK.
  • Click on "My Computer"
  • When the scan has completed, click Save Report As...
  • Enter a name for the file in the Filename: text box and then click the down arrow to the right of Save as type: and select text file (*.txt)
  • Click Save - by default the file will be saved to your Desktop, but you can change this if you wish.
Copy and paste the report into your next reply
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Old 01-11-2008, 12:51 PM   #3 (permalink)
Bronze Member
 
Join Date: Jul 2005
Location: Holywell North Wales
Posts: 73
Default
Kapersky taking an age - seems to be hung up on a file. I'll post log asap. Mnay thanks for your time GameMaster
altvic is offline   Reply With Quote
Old 01-11-2008, 04:19 PM   #4 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,930
Default
Sure, just post it when finished.
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Old 01-11-2008, 04:44 PM   #5 (permalink)
Bronze Member
 
Join Date: Jul 2005
Location: Holywell North Wales
Posts: 73
Default
get following message, so cannot post scan results:
The text that you have entered is too long (100229 characters). Please shorten it to 30000 characters long.
altvic is offline   Reply With Quote


Old 01-11-2008, 04:46 PM   #6 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,930
Default
Yes, there is a limit. Please post it as attachment.
So click Post Reply and below Attachments and browse that report.
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Old 01-11-2008, 05:28 PM   #7 (permalink)
Bronze Member
 
Join Date: Jul 2005
Location: Holywell North Wales
Posts: 73
Default
uploaded the scan and attached.

Thanks
altvic is offline   Reply With Quote
Old 01-11-2008, 06:02 PM   #8 (permalink)
Diamond Member
 
GameMaster's Avatar
 
Join Date: Dec 2007
Location: Croatia
Age: 16
Posts: 3,930
Default
I'm sorry but where is it attached?
I can't find it here...
__________________
dznutz:
Quote:
a firewall is like a gate. it keeps the bad people out and the dog in but it's not fool proof. but lets say you download and run an infected program. that will be like letting in a "friend." if it's infected you run that program you can get malware. that's like a friend raping your family and stealing your money.
GameMaster is offline   Reply With Quote
Old 01-11-2008, 07:04 PM   #9 (permalink)
Bronze Member
 
Join Date: Jul 2005
Location: Holywell North Wales
Posts: 73
Default
file seemed to upload in the box that appears but now I can't see it where I am writing this message. I pressed the paper clip above, found the file on the desktop, uploaded, closed window, and here I am now. I'll press submit reply.
altvic is offline   Reply With Quote
Old 01-11-2008, 07:07 PM   #10 (permalink)
Bronze Member
 
Join Date: Jul 2005
Location: Holywell North Wales
Posts: 73
Default
I have put part of the log in as below - seems relevant (?).

C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270912.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270913.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270914.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270915.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270916.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270917.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270918.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270919.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270920.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP575\A0270921.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP585\A0277594.exe Infected: Backdoor.Win32.Rbot.fgy skipped
C:\System Volume Information\_restore{1432169D-4C5F-4AA6-81BF-05055328D492}\RP590\change.log Object is locked skipped
C:\VundoFix Backups\khffdbc.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.bmd skipped
C:\VundoFix Backups\qaptsoax.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.dim skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{3218CE AC-8343-4849-AAD9-E2AC31F980FF}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.lo g Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
altvic is offline   Reply With Quote
Reply
Page 1 of 3 1 23 >

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Similar Threads
Thread Thread Starter Forum Replies Last Post
Why do I keep constantly getting viruses / adware / spyware? audiobahn1000 Desktop Computers 5 12-04-2006 06:18 PM
Lightest Active ADWARE/SPYWARE scanner bigcomp Computer Security 12 08-11-2006 06:07 AM
HJT log 34erd Computer Security 5 08-10-2006 01:04 PM
If anyone of you wonders what spyware is Fure6 Internet Discussion 0 02-07-2005 02:12 AM
Spyware / adware Jimbob1989 Internet Discussion 0 06-21-2004 03:56 PM



All times are GMT +1. The time now is 11:01 AM.

Contact Us - Computer Forum - Sitemap - Top

Powered by: vBulletin Version 3.7.3
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.
Copyright © 2002-2007 Computer Forum and Web Design Forum