Owned by Spyware!! Please Help?

**spyware_victim** · 09-08-2006, 04:53 PM

Ok, symantec as I said wouldn't run, neither would Microsoft win defender - Apparantly it requires GDI+ to enable it to be run? Which My system doesn't have..

Followed all your other instructions.

Logfile of HijackThis v1.99.1
Scan saved at 22:42:05, on 09/08/2006
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
C:\WINNT\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\SOUNDMAN.EXE
C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\WINNT\system32\msiexec.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [SiS KHooker] C:\WINNT\system32\khooker.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [SpeedTouch USB Diagnostics] "C:\Program Files\Alcatel\SpeedTouch USB\Dragdiag.exe" /icon
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [SNM] C:\Program Files\SpyNoMore\SNM.exe /startup
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {21F49842-BFA9-11D2-A89C-00104B62BDDA} (ChartFX Internet Control) - http://www.phenology.org.uk/download/CfxIEAx.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1153904857656
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2...ll/xscan53.cab
O16 - DPF: {7F8C8173-AD80-4807-AA75-5672F22B4582} (ICSScanner Class) - http://download.zonelabs.com/bin/pro...anner37350.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/ms...downloader.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yaho...tocomplete.cab
O23 - Service: AntiVir Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Service (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RA Server (Slave) - Unknown owner - C:\WINNT\Slave.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINNT\system32\ZoneLabs\vsmon.exe

---------------

BitDefender Online Scanner

Scan report generated at: Fri, Sep 08, 2006 - 20:33:09

Scan path: A:\;C:\;D:\;

Statistics

Time
00:30:02

Files
161204

Folders
2404

Boot Sectors
2

Archives
17629

Packed Files
14062

Results

Identified Viruses
0

Infected Files
0

Suspect Files
2

Warnings
0

Disinfected
0

Deleted Files
2

Engines Info

Virus Definitions
453250

Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins
13

Archive plugins
38

Unpack plugins
6

E-mail plugins
6

System plugins
1

Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions

Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes

Scanned File
Status

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Deleted

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)=>(MIME part)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)=>(MIME part)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 27 Jun 2006 10:21:55 +0100]=>(MIME part)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 179)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx
Update failed

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Suspected of: Exploit.Iframe.Vulnerability

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Disinfection failed

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)=>(message body)
Deleted

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)=>(MIME part)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)=>(MIME part)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)=>[Subject: Mail Delivery (failure toni.ketterer@b][Date: Tue, 20 Jun 2006 18:31:28 +0100]=>(MIME part)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx=>(message 204)
Updated

C:\Documents and Settings\Toni\Local Settings\Application Data\Identities\{5CE69B3E-E7BC-4341-9428-40F1BB99606A}\Microsoft\Outlook Express\Inbox.dbx
Update failed

--------------

I can't locate the Ewido log, but it was clear anyway.

I hope this all makes sense?
Thanks for waiting!

Thread: Owned by Spyware!! Please Help?

Thread Tools

Display

Threaded View

Thread Information

Users Browsing this Thread

Posting Permissions