|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
02-08-2008, 03:05 PM
|
#1 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 10
OS: xp
|
win32.trojan.agent - please help me remove
Hi - I have been getting random site redirects in IE7, but things in FF are ok. I will also sometimes get an Exclamation point alert in the taskbar saying "Adult videos found on your harddrive click here for a free scan" type of thing.
I ran Ad-aware and Spybot and Adaware found the win32.trojan.agent and there were 3 registry items associated with this that I could not delete. Here is the DSS file: Deckard's System Scanner v20071014.68 Run by llaliberte on 2008-02-08 16:52:53 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- System Restore -------------------------------------------------------------- Successfully created a Deckard's System Scanner Restore Point. -- Last 5 Restore Point(s) -- 7: 2008-02-08 21:53:01 UTC - RP788 - Deckard's System Scanner Restore Point 6: 2008-02-07 21:34:03 UTC - RP787 - System Checkpoint 5: 2008-02-06 21:07:58 UTC - RP786 - System Checkpoint 4: 2008-02-05 20:34:01 UTC - RP785 - System Checkpoint 3: 2008-02-04 19:56:24 UTC - RP784 - System Checkpoint -- First Restore Point -- 1: 2008-02-03 12:54:29 UTC - RP782 - System Checkpoint Backed up registry hives. Performed disk cleanup. -- HijackThis Clone ------------------------------------------------------------ Emulating logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2008-02-08 16:54:56 Platform: Windows XP Service Pack 2 (5.01.2600) MSIE: Internet Explorer (7.00.6000.16574) Boot mode: Normal Running processes: C:\WINDOWS\SYSTEM32\SMSS.EXE C:\WINDOWS\SYSTEM32\WINLOGON.EXE C:\WINDOWS\SYSTEM32\SERVICES.EXE C:\WINDOWS\SYSTEM32\LSASS.EXE C:\WINDOWS\SYSTEM32\ati2evxx.exe C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\SYSTEM32\spoolsv.exe C:\WINDOWS\SYSTEM32\BAsfIpM.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\SYSTEM32\SVCHOST.EXE C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Technesis\Enterprise\Service\tnSvcNT.exe C:\Program Files\UltraVNC\winvnc.exe C:\WINDOWS\SYSTEM32\ati2evxx.exe C:\WINDOWS\explorer.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Symantec AntiVirus\VPTray.exe C:\Program Files\Broadcom\BACS\BacsTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Technesis\PopUp\BillBrz.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\SYSTEM32\CTFMON.EXE C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\wcescomm.exe C:\Program Files\Microsoft ActiveSync\rapimgr.exe C:\WINDOWS\SYSTEM32\wuauclt.exe C:\Documents and Settings\llaliberte\Desktop\dss.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKCU\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie R1 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie O1 - Hosts: 10.1.1.223 sbserver O2 - BHO: (no name) - {207840BC-497C-4328-A768-46C26A4308AC} - C:\WINDOWS\SYSTEM32\catsrvu.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\GoogleToolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\GoogleToolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TnPopUp] "C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe" O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (file missing) O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/downlo...eckControl.cab O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} (Office Update Installation Engine) - http://office.microsoft.com/officeup...tent/opuc2.cab O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120074182376 O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} () - http://www.autodesk.com/global/dwfvi...iewerSetup.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload.macromedia.com/get...nt/swflash.cab O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O17 - HKLM\Software\..\Telephony: DomainName = elementstampa.local O17 - HKLM\SYSTEM\CCS\Services\Tcpip\..\{D85264AE-445F-4713-94E1-FAA911CFEADC}: NameServer = 10.1.1.223,4.2.2.2 O17 - HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: Domain = elementstampa.local O17 - HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: Domain = elementstampa.local O17 - HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: Domain = elementstampa.local O18 - Protocol: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL O18 - Protocol: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL O18 - Protocol: mso-offdap - {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL O18 - Protocol: mso-offdap11 - {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL O18 - Filter: text/xml - {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\SYSTEM32\ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\SYSTEM32\BAsfIpM.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZIPM12.EXE O23 - Service: SavRoam - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Technesis Services - Technesis - C:\WINDOWS\Technesis\Enterprise\Service\tnSvcNT.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\winvnc.exe -- End of file - 12443 bytes -- File Associations ----------------------------------------------------------- .scr - AutoCADScriptFile - shell\open\command - "C:\WINDOWS\system32\NOTEPAD.EXE" "%1" -- Drivers: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled --------------------- R0 qybscgdk - c:\windows\system32\drivers\nkktdswv.dat R1 omci (OMCI WDM Device Driver) - c:\windows\system32\drivers\omci.sys <Not Verified; Dell Inc; OMCI Driver> R2 MCSTRM - c:\windows\system32\drivers\mcstrm.sys <Not Verified; RealNetworks, Inc.; RealNetworks Virtual Path ManagerŪ (32-bit)> -- Services: 0-Boot, 1-System, 2-Auto, 3-Demand, 4-Disabled -------------------- R2 BAsfIpM (Broadcom ASF IP monitoring service v6.0.4) - c:\windows\system32\basfipm.exe <Not Verified; Broadcom Corp.; Broadcom ASF IP monitoring service> R2 Iap - "c:\program files\dell\openmanage\client\iap.exe" <Not Verified; Dell Inc; OpenManage Client Instrumentation> R2 Technesis Services - c:\windows\technesis\enterprise\service\tnsvcnt.exe <Not Verified; Technesis; Technesis Enterpise Suite Service> R2 winvnc (VNC Server) - "c:\program files\ultravnc\winvnc.exe" -service <Not Verified; UltraVNC; UltraVNC> -- Device Manager: Disabled ---------------------------------------------------- No disabled devices found. -- Files created between 2008-01-08 and 2008-02-08 ----------------------------- 2008-02-04 18:12:52 0 dr-h---c- C:\Documents and Settings\llaliberte\Recent 2008-02-04 16:05:59 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-04 10:55:10 0 d------c- C:\Program Files\7-Zip 2008-02-03 08:57:55 0 d------c- C:\Program Files\MagicISO 2008-02-03 08:02:25 0 d------c- C:\Program Files\Lavasoft 2008-02-03 08:02:25 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-03 08:01:48 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 07:53:53 19584 --a----c- C:\WINDOWS\system32\drivers\nkktdswv.dat 2008-02-03 07:49:28 84480 --a----c- C:\WINDOWS\system32\catsrvu.dll 2008-02-03 07:49:07 0 d------c- C:\Program Files\Dcads Games Collection 2008-01-21 11:56:19 0 d------c- C:\Documents and Settings\llaliberte\Application Data\Macromedia 2008-01-21 09:58:13 0 d------c- C:\Program Files\CCleaner 2008-01-21 09:32:25 0 d------c- C:\FLEXLM 2008-01-15 01:12:47 0 d------c- C:\Program Files\Common Files\Alias Shared 2008-01-15 01:12:47 0 d------c- C:\Program Files\Alias 2008-01-11 12:44:42 0 d------c- C:\Documents and Settings\llaliberte\Application Data\RemoteCalendars 2008-01-11 12:21:51 0 d------c- C:\Program Files\RemoteCalendars 2008-01-09 18:17:00 0 d------c- C:\NCARBPP 2008-01-09 18:16:54 248064 --a----c- C:\WINDOWS\UNINST16.EXE <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller> 2008-01-09 18:16:54 26768 --a----c- C:\WINDOWS\system\CTL3D.DLL <Not Verified; Microsoft Corporation; 3D Windows Control> 2008-01-09 18:16:52 0 d------c- C:\Documents and Settings\llaliberte\WINDOWS -- Find3M Report --------------------------------------------------------------- 2008-02-08 15:01:37 0 d------c- C:\Documents and Settings\llaliberte\Application Data\U3 2008-02-08 14:26:52 0 d------c- C:\Program Files\Microsoft AntiSpyware 2008-02-08 14:24:33 0 d------c- C:\Program Files\Symantec AntiVirus 2008-02-04 15:02:24 4 --a----c- C:\WINDOWS\system32\745422 2008-02-03 08:01:48 0 d------c- C:\Program Files\Common Files 2008-02-03 07:53:48 209 --a----c- C:\Documents and Settings\llaliberte\Application Data\urlredir.cfg 2008-02-03 07:46:57 0 d------c- C:\Documents and Settings\llaliberte\Application Data\LimeWire 2008-02-03 07:46:30 0 d------c- C:\Program Files\LimeWire 2008-01-21 12:04:55 0 d--h---c- C:\Program Files\InstallShield Installation Information 2008-01-21 11:27:38 0 d------c- C:\Program Files\Common Files\Adobe 2008-01-07 13:34:53 0 d------c- C:\Program Files\Rhapsody 2008-01-07 13:33:31 0 d------c- C:\Program Files\Common Files\Real 2008-01-07 13:33:20 0 d------c- C:\Documents and Settings\llaliberte\Application Data\Real 2007-12-13 17:12:06 0 d------c- C:\Documents and Settings\llaliberte\Application Data\AdobeAUM 2007-11-26 10:32:30 37027 --a----c- C:\WINDOWS\atmoUn.exe 2007-11-15 02:20:49 0 --a----c- C:\WINDOWS\mozver.dat 2007-11-14 23:05:45 0 --a----c- C:\WINDOWS\nsreg.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{207840BC-497C-4328-A768-46C26A4308AC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [09/25/2007 01:11 AM] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [03/22/2005 08:05 PM] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [02/10/2005 09:32 PM] "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [03/29/2005 09:33 PM] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [12/10/2004 05:02 PM] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [12/30/2004 01:19 PM] "bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [04/20/2004 01:05 PM] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [03/09/2006 11:26 AM] "TnPopUp"="C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe" [05/17/2006 10:09 AM] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [08/04/2004 06:00 AM] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [06/06/2005 11:46 PM] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [10/23/2006 01:48 AM] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [08/04/2004 06:00 AM] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [07/30/2007 09:49 AM] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [11/13/2006 12:39 PM] C:\Documents and Settings\llaliberte\Start Menu\Programs\Startup\ DESKTOP.INI [8/11/2004 6:15:06 PM] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [11/5/2007 9:46:28 AM] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [5/10/2007 11:29:22 PM] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [3/5/2006 7:43:54 AM] DESKTOP.INI [8/11/2004 6:15:06 PM] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2/13/2001 12:01:04 AM] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2f66e9b-5641-11dc-915c-00123f373843}] AutoRun\command- E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ccda09-5304-11db-90cd-00123f373843}] AutoRun\command- E:\LaunchU3.exe -a -- Hosts ----------------------------------------------------------------------- 10.1.1.223 sbserver -- End of Deckard's System Scanner: finished at 2008-02-08 16:55:30 ------------ Thanks in advance! Laura Last edited by archychick; 02-08-2008 at 03:29 PM. Reason: adding extra.txt file |
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
02-13-2008, 08:25 PM
|
#4 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: win32.trojan.agent - please help me remove
Hi Laura,
Please subscribe to this thread so that you are notified when you receive a reply. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant Notification, then click Add Subscription. -------------------------------------------------------------- Before beginning the proposed fix, read this post completely. Any questions should be kindly asked before proceeding. Ensure that there are no open browsers when carrying out the procedures below. Save the following instructions in Notepad as this webpage would not be available when you're carrying out the fix. It is IMPORTANT that you don't miss a step & perform everything in the correct order/sequence. -------------------------------------------------------------- Please visit this webpage for instructions for downloading and running ComboFix: http://www.bleepingcomputer.com/comb...o-use-combofix Reply back with the following:
__________________
 Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
02-15-2008, 11:10 AM
|
#5 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 10
OS: xp
|
Re: win32.trojan.agent - please help me remove
Hi - Sorry for the delayed response. here is the Combofix log:
ComboFix 08-02-15.2 - llaliberte 2008-02-15 12:52:29.1 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.542 [GMT -5:00] Running from: C:\Documents and Settings\llaliberte\Desktop\ComboFix.exe . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat C:\WINDOWS\system32\catsrvu.dll C:\WINDOWS\system32\drivers\fad.sys C:\WINDOWS\system32\drivers\nkktdswv.dat C:\WINDOWS\system32\pskill.exe ----- BITS: Possible infected sites ----- hxxp://au.download.windowsupõj . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\LEGACY_QYBSCGDK -------\qybscgdk ((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 ))))))))))))))))))))))))))))))) . 2008-02-13 17:48 . 2008-02-15 11:46 <DIR> d----c--- C:\WINDOWS\SxsCaPendDel 2008-02-13 14:06 . 2008-02-13 14:06 54,156 --ah-c--- C:\WINDOWS\QTFont.qfn 2008-02-13 14:06 . 2008-02-13 14:06 1,409 --a--c--- C:\WINDOWS\QTFont.for 2008-02-13 03:02 . 2008-02-13 03:03 1,374 --a--c--- C:\WINDOWS\imsins.BAK 2008-02-08 16:52 . 2008-02-08 16:52 <DIR> d----c--- C:\Deckard 2008-02-04 16:05 . 2008-02-04 16:06 <DIR> d----c--- C:\Program Files\Spybot - Search & Destroy 2008-02-04 16:05 . 2008-02-04 17:52 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-04 10:55 . 2008-02-04 10:55 <DIR> d----c--- C:\Program Files\7-Zip 2008-02-03 08:57 . 2008-02-03 08:57 <DIR> d----c--- C:\Program Files\MagicISO 2008-02-03 08:02 . 2008-02-03 08:02 <DIR> d----c--- C:\Program Files\Lavasoft 2008-02-03 08:02 . 2008-02-03 08:03 <DIR> d----c--- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-03 08:01 . 2008-02-03 08:01 <DIR> d----c--- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 07:49 . 2008-02-03 07:49 <DIR> d----c--- C:\Program Files\Dcads Games Collection 2008-01-21 09:58 . 2008-01-21 09:58 <DIR> d----c--- C:\Program Files\CCleaner 2008-01-21 09:32 . 2008-01-21 09:47 <DIR> d----c--- C:\FLEXLM 2008-01-15 02:17 . 2008-01-15 02:17 1,060 --a--c--- C:\WINDOWS\_ISENV31.INI 2008-01-15 01:12 . 2008-01-15 01:27 <DIR> d----c--- C:\Program Files\Common Files\Alias Shared 2008-01-15 01:12 . 2008-01-15 01:12 <DIR> d----c--- C:\Program Files\Alias . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-02-15 18:03 --------- dc----w C:\Program Files\Microsoft AntiSpyware 2008-02-15 18:00 --------- dc----w C:\Program Files\Symantec AntiVirus 2008-02-13 23:59 --------- dc----w C:\Documents and Settings\llaliberte\Application Data\RemoteCalendars 2008-02-13 22:49 --------- dc----w C:\Program Files\Common Files\Adobe 2008-02-08 20:01 --------- dc----w C:\Documents and Settings\llaliberte\Application Data\U3 2008-02-03 12:46 --------- dc----w C:\Program Files\LimeWire 2008-02-03 12:46 --------- dc----w C:\Documents and Settings\llaliberte\Application Data\LimeWire 2008-01-21 17:04 --------- dc-h--w C:\Program Files\InstallShield Installation Information 2008-01-21 16:37 --------- dc----w C:\Documents and Settings\All Users\Application Data\Napster 2008-01-11 17:21 --------- dc----w C:\Program Files\RemoteCalendars 2008-01-07 18:34 --------- dc----w C:\Program Files\Rhapsody 2008-01-07 18:33 8,413 -c--a-w C:\WINDOWS\system32\drivers\mcstrm.sys 2008-01-07 18:33 --------- dc----w C:\Program Files\Common Files\Real 2007-12-18 09:51 179,584 -c--a-w C:\WINDOWS\system32\drivers\mrxdav.sys 2007-11-26 15:32 37,027 -c--a-w C:\WINDOWS\atmoUn.exe 2006-05-08 20:19 1,540,231 -c--a-w C:\Documents and Settings\pstepanis\CELESTE.zip . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00 15360] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 09:49 68856] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39 1289000] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05 339968] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 21:32 473920] "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2005-03-29 21:33 851968] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02 67184] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19 120640] "bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2004-04-20 13:05 118784] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-09 11:26 155648] "TnPopUp"="C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe" [2006-05-17 10:09 618496] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 06:00 143360] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46 57344] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 22:16:38 39792] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22 738968] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 07:43:54 11000] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"= 1 (0x1) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2f66e9b-5641-11dc-915c-00123f373843}] \Shell\AutoRun\command - E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ccda09-5304-11db-90cd-00123f373843}] \Shell\AutoRun\command - E:\LaunchU3.exe -a . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-02-15 13:02:41 Windows 5.1.2600 Service Pack 2 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . ------------------------ Other Running Processes ------------------------ . C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Technesis\Enterprise\Service\tnSvcNT.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Broadcom\BACS\BacsTray.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe . ************************************************************************** . Completion time: 2008-02-15 13  33 - machine was rebootedComboFix-quarantined-files.txt 2008-02-15 18 29. 2008-02-13 08 44 --- E O F --- and a new Hijack this: Deckard's System Scanner v20071014.68 Run by llaliberte on 2008-02-15 13:09:15 Computer is in Normal Mode. -------------------------------------------------------------------------------- -- HijackThis (run as llaliberte.exe) ------------------------------------------ Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 13:09, on 2008-02-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.6000.16608) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Technesis\Enterprise\Service\tnSvcNT.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Broadcom\BACS\BacsTray.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\WINDOWS\explorer.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\NOTEPAD.EXE C:\Program Files\Mozilla Firefox\firefox.exe C:\Documents and Settings\llaliberte\Desktop\dss.exe C:\PROGRA~1\TRENDM~1\HIJACK~1\llaliberte.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TnPopUp] "C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe" O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120074182376 O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfvi...iewerSetup.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = elementstampa.local O17 - HKLM\Software\..\Telephony: DomainName = elementstampa.local O17 - HKLM\System\CCS\Services\Tcpip\..\{D85264AE-445F-4713-94E1-FAA911CFEADC}: NameServer = 10.1.1.223,4.2.2.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = elementstampa.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = elementstampa.local O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Technesis Services - Technesis - C:\WINDOWS\Technesis\Enterprise\Service\tnSvcNT.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 10333 bytes -- Files created between 2008-01-15 and 2008-02-15 ----------------------------- 2008-02-15 13:09:22 0 d------c- C:\Program Files\Trend Micro 2008-02-15 11:13:43 68096 --a----c- C:\WINDOWS\system32\zip.exe 2008-02-15 11:13:43 80412 --a----c- C:\WINDOWS\system32\grep.exe 2008-02-15 11:13:42 98816 --a----c- C:\WINDOWS\system32\sed.exe 2008-02-15 11:13:42 73728 --a----c- C:\WINDOWS\system32\fdsv.exe <Not Verified; Smallfrogs Studio; > 2008-02-13 17:48:32 0 d------c- C:\WINDOWS\SxsCaPendDel 2008-02-04 18:12:52 0 dr-h---c- C:\Documents and Settings\llaliberte\Recent 2008-02-04 16:05:59 0 d------c- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-02-04 10:55:10 0 d------c- C:\Program Files\7-Zip 2008-02-03 08:57:55 0 d------c- C:\Program Files\MagicISO 2008-02-03 08:02:25 0 d------c- C:\Program Files\Lavasoft 2008-02-03 08:02:25 0 d------c- C:\Documents and Settings\All Users\Application Data\Lavasoft 2008-02-03 08:01:48 0 d------c- C:\Program Files\Common Files\Wise Installation Wizard 2008-02-03 07:49:07 0 d------c- C:\Program Files\Dcads Games Collection 2008-01-21 11:56:19 0 d------c- C:\Documents and Settings\llaliberte\Application Data\Macromedia 2008-01-21 09:58:13 0 d------c- C:\Program Files\CCleaner 2008-01-21 09:32:25 0 d------c- C:\FLEXLM 2008-01-15 01:12:47 0 d------c- C:\Program Files\Common Files\Alias Shared 2008-01-15 01:12:47 0 d------c- C:\Program Files\Alias -- Find3M Report --------------------------------------------------------------- 2008-02-15 13:03:14 0 d------c- C:\Program Files\Microsoft AntiSpyware 2008-02-15 13:00:09 0 d------c- C:\Program Files\Symantec AntiVirus 2008-02-13 18:59:23 0 d------c- C:\Documents and Settings\llaliberte\Application Data\RemoteCalendars 2008-02-13 17:49:00 0 d------c- C:\Program Files\Common Files\Adobe 2008-02-08 15:01:37 0 d------c- C:\Documents and Settings\llaliberte\Application Data\U3 2008-02-04 15:02:24 4 --a----c- C:\WINDOWS\system32\745422 2008-02-03 08:01:48 0 d------c- C:\Program Files\Common Files 2008-02-03 07:53:48 209 --a----c- C:\Documents and Settings\llaliberte\Application Data\urlredir.cfg 2008-02-03 07:46:57 0 d------c- C:\Documents and Settings\llaliberte\Application Data\LimeWire 2008-02-03 07:46:30 0 d------c- C:\Program Files\LimeWire 2008-01-21 12:04:55 0 d--h---c- C:\Program Files\InstallShield Installation Information 2008-01-11 12:21:51 0 d------c- C:\Program Files\RemoteCalendars 2008-01-07 13:34:53 0 d------c- C:\Program Files\Rhapsody 2008-01-07 13:33:31 0 d------c- C:\Program Files\Common Files\Real 2008-01-07 13:33:20 0 d------c- C:\Documents and Settings\llaliberte\Application Data\Real 2007-11-26 10:32:30 37027 --a----c- C:\WINDOWS\atmoUn.exe 2007-11-15 02:20:49 0 --a----c- C:\WINDOWS\mozver.dat -- Registry Dump --------------------------------------------------------------- *Note* empty entries & legit default entries are not shown [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11] "ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 20:05] "gcasServ"="C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" [2005-02-10 21:32] "WinVNC"="C:\Program Files\UltraVNC\WinVNC.exe" [2005-03-29 21:33] "ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2004-12-10 17:02] "vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [2004-12-30 13:19] "bacstray"="C:\Program Files\Broadcom\BACS\\BacsTray.exe" [2004-04-20 13:05] "QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-03-09 11:26] "TnPopUp"="C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe" [2006-05-17 10:09] "Synchronization Manager"="C:\WINDOWS\system32\mobsync.exe" [2004-08-04 06:00] "Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-06 23:46] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 06:00] "swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-30 09:49] "H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 12:39] C:\Documents and Settings\llaliberte\Start Menu\Programs\Startup\ DESKTOP.INI [2004-08-11 18:15:06] C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2008-01-11 22:16:38] Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2007-05-11 00:29:22] AutoCAD Startup Accelerator.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe [2006-03-05 07:43:54] DESKTOP.INI [2004-08-11 18:15:06] Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoWelcomeScreen"=1 (0x1) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice] @="Service" [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E] AutoRun\command- E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a2f66e9b-5641-11dc-915c-00123f373843}] AutoRun\command- E:\LaunchU3.exe -a [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a4ccda09-5304-11db-90cd-00123f373843}] AutoRun\command- E:\LaunchU3.exe -a -- End of Deckard's System Scanner: finished at 2008-02-15 13:09:51 ------------ THANKS!!!! |
|
|
|
|
02-16-2008, 12:34 AM
|
#6 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: win32.trojan.agent - please help me remove
Hi Laura,
Click > Start > Control Panel > Add / Remove Programs and uninstall the following programs (if they exist): Dcads Games Collection More info -> http://www.fbmsoftware.com/spyware-n...es_Collection/ -------------------------------------------------------------- Please delete the following folder in BLUE: C:\Program Files\Dcads Games Collection -------------------------------------------------------------- Perform an online scan with Internet Explorer with Panda ActiveScan
* Turn off the real time scanner of any existing antivirus program while performing the online scan -------------------------------------------------------------- Please reply back with the following: Panda Online Scan Results Update on system behaviour?
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
02-18-2008, 10:04 AM
|
#7 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 10
OS: xp
|
Re: win32.trojan.agent - please help me remove
Again, sorry for the delay in getting back with you. I am only at this computer 3x/week!
I uninstalled Dcads Games Collection with no problem - when I went into Program Files to delete the folder, the folder did not exist--I assume that is ok. As for the status of the computer, things seem to be running ok in IE, especially after I cleared out my cookies and Temp internet files. No redirects or anything - so far, so good. My clock is not yet back to normal since I ran ComboFix - it says the correct time, but does not say AM or PM normally. Could you help to restore that ASAP? I think it might be doing some wonky things to my timesheet software. And the Panda Scan is in process - I will post when finished. Thanks again! |
|
|
|
|
02-18-2008, 11:02 AM
|
#8 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 10
OS: xp
|
Re: win32.trojan.agent - please help me remove
Results of the Pandascan:
Incident Status Location Adware:Adware/TrafficSol Not disinfected C:\Deckard\System Scanner\20080215130825\backup\DOCUME~1\LLALIB~1\LOCALS~1\Temp\nsi164C.tmp\bann.exe[Ķ%%\sprt_ads.dll] Adware:Adware/TrafficSol Not disinfected C:\Deckard\System Scanner\20080215130825\backup\DOCUME~1\LLALIB~1\LOCALS~1\Temp\Temporary Directory 1 for autocad.zip\setup.exe[ēÜĮ\bann.exe][Ķ%%\sprt_ads.dll] Adware:Adware/VapSup Not disinfected C:\Deckard\System Scanner\20080215130825\backup\DOCUME~1\LLALIB~1\LOCALS~1\Temp\tmp1665.tmp.exe[Ķ%%\iebrowserc.dll] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@247realmedia[1].txt Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@ad.yieldmanager[2].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@adrevolver[1].txt Spyware:Cookie/AdDynamix Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@ads.addynamix[2].txt Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@ads.pointroll[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@advertising[1].txt Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@apmebf[1].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@as-us.falkag[2].txt Spyware:Cookie/Falkag Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@as1.falkag[1].txt Spyware:Cookie/Atwola Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@atwola[1].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@belnk[1].txt Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@bfast[2].txt Spyware:Cookie/bravenetA Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@bravenet[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@bs.serving-sys[1].txt Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@burstnet[2].txt Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@casalemedia[2].txt Spyware:Cookie/CentrPort Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@centrport[1].txt Spyware:Cookie/Cgi-bin Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@cgi-bin[1].txt Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@com[1].txt Spyware:Cookie/did-it Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@did-it[2].txt Spyware:Cookie/Belnk Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@dist.belnk[2].txt Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@doubleclick[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@ehg-dig.hitbox[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@fastclick[1].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@go[1].txt Spyware:Cookie/HotLog Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@hotlog[2].txt Spyware:Cookie/Screensavers Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@i.screensavers[2].txt Spyware:Cookie/Linksynergy Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@linksynergy[2].txt Spyware:Cookie/Maxserving Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@maxserving[1].txt Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@media.adrevolver[2].txt Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@media.fastclick[2].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@overture[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@phg.hitbox[2].txt Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@questionmarket[2].txt Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@realmedia[1].txt Spyware:Cookie/WUpd Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@revenue[1].txt Spyware:Cookie/Searchportal Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@searchportal.information[1].txt Spyware:Cookie/Server.iad.Liveperson Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@server.iad.liveperson[2].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@serving-sys[1].txt Spyware:Cookie/SpyLog Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@spylog[1].txt Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@statcounter[1].txt Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@statse.webtrendslive[3].txt Spyware:Cookie/Mammamediasolutions Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@targetnet[1].txt Spyware:Cookie/Tradedoubler Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@tradedoubler[2].txt Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@tribalfusion[2].txt Spyware:Cookie/Valueclick Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@valueclick[2].txt Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@www.burstbeacon[1].txt Spyware:Cookie/Xiti Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@xiti[1].txt Spyware:Cookie/Adserver Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@z1.adserver[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\asuarez\Cookies\asuarez@zedo[1].txt Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\asuarez.elementstampa\Cookies\asuarez@bs.serving-sys[2].txt Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\asuarez.elementstampa\Cookies\asuarez@ehg-dig.hitbox[2].txt Spyware:Cookie/Go Not disinfected C:\Documents and Settings\asuarez.elementstampa\Cookies\asuarez@go[1].txt Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\asuarez.elementstampa\Cookies\asuarez@zedo[1].txt Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.atdmt.com/] Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.tribalfusion.com/] Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.doubleclick.net/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[statse.webtrendslive.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.247realmedia.com/] Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[ad.yieldmanager.com/] Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.overture.com/] Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.advertising.com/] Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.mediaplex.com/] Spyware:Cookie/QuestionMarket Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.questionmarket.com/] Spyware:Cookie/Zedo Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.zedo.com/] Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.burstnet.com/] Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.ads.pointroll.com/] Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.casalemedia.com/] Spyware:Cookie/Target Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.target.com/] Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.fastclick.net/] Spyware:Cookie/Traffic Marketplace Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.trafficmp.com/] Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.realmedia.com/] Spyware:Cookie/Statcounter Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.statcounter.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.bs.serving-sys.com/] Spyware:Cookie/Serving-sys Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.serving-sys.com/] Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.bluestreak.com/] Spyware:Cookie/BurstBeacon Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[www.burstbeacon.com/] Spyware:Cookie/Adrevolver Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.adrevolver.com/] Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[stat.onestat.com/] Spyware:Cookie/WebtrendsLive Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[statse.webtrendslive.com/S0014-01-1-17-218931-48461] Spyware:Cookie/Apmebf Not disinfected C:\Documents and Settings\llaliberte\Application Data\Mozilla\Firefox\Profiles\e1okinjt.default\cookies.txt[.apmebf.com/] Spyware:Cookie/Kount Not disinfected C:\Documents and Settings\rchubb\Cookies\rchubb@kount[1].txt Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\rchubb\Cookies\rchubb@overture[1].txt Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\rchubb\Cookies\rchubb@servedby.advertising[1].txt Potentially unwanted tool:Application/Pskill.E Not disinfected C:\I386\pskill.exe Potentially unwanted tool:Application/Pskill.E Not disinfected C:\QooBox\Quarantine\C\WINDOWS\SYSTEM32\pskill.exe.vir Potentially unwanted tool:Application/NirCmd.A Not disinfected C:\WINDOWS\Nircmd.exe |
|
|
|
|
02-18-2008, 12:30 PM
|
#9 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: win32.trojan.agent - please help me remove
In the Control Panel (Classic View) select Regional and Language Options
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
02-18-2008, 12:36 PM
|
#11 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: win32.trojan.agent - please help me remove
Could you please provide me with a new HiJackThis log and an update on your systems behaviour?
Thanks
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
02-18-2008, 12:45 PM
|
#12 (permalink) |
|
Registered User
Join Date: Feb 2008
Posts: 10
OS: xp
|
Re: win32.trojan.agent - please help me remove
New HijackThis:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 2:42:25 PM, on 2008-02-18 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Unable to get Internet Explorer version! Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\basfipm.exe C:\Program Files\Symantec AntiVirus\DefWatch.exe C:\Program Files\Dell\OpenManage\Client\Iap.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\Program Files\Symantec AntiVirus\SavRoam.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Symantec AntiVirus\Rtvscan.exe C:\WINDOWS\Technesis\Enterprise\Service\tnSvcNT.exe C:\Program Files\UltraVNC\WinVNC.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe C:\Program Files\Common Files\Symantec Shared\ccApp.exe C:\Program Files\Microsoft AntiSpyware\gcasDtServ.exe C:\PROGRA~1\SYMANT~1\VPTray.exe C:\Program Files\Broadcom\BACS\BacsTray.exe C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Microsoft ActiveSync\Wcescomm.exe C:\PROGRA~1\MI3AA1~1\rapimgr.exe C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE C:\Program Files\AutoCAD 2007\acad.exe C:\DOCUME~1\LLALIB~1\LOCALS~1\Temp\AdskCleanup.0001 C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe C:\Program Files\Common Files\Autodesk Shared\WSCommCntr1.exe C:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell.com R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005 O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.1121.2472\swg.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\Microsoft AntiSpyware\gcasServ.exe" O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe O4 - HKLM\..\Run: [bacstray] C:\Program Files\Broadcom\BACS\\BacsTray.exe O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [TnPopUp] "C:\Program Files\Common Files\Technesis\PopUp\billbrz.exe" O4 - HKLM\..\Run: [Synchronization Manager] %SystemRoot%\system32\mobsync.exe /logon O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\Wcescomm.exe" O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing) O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1005.cab O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by116fd.bay116.hotmail.msn.co...s/MsnPUpld.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1120074182376 O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab O16 - DPF: {A662DA7E-CCB7-4743-B71A-D817F6D575DF} - http://www.autodesk.com/global/dwfvi...iewerSetup.cab O16 - DPF: {CE74A05D-ED12-473A-97F8-85FB0E2F479F} (dlControl.UserControl1) - http://web1.nugs.net/dev/dlControl.CAB O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/.../installer.exe O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = elementstampa.local O17 - HKLM\Software\..\Telephony: DomainName = elementstampa.local O17 - HKLM\System\CCS\Services\Tcpip\..\{D85264AE-445F-4713-94E1-FAA911CFEADC}: NameServer = 10.1.1.223,4.2.2.2 O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = elementstampa.local O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = elementstampa.local O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINDOWS\system32\basfipm.exe O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Iap - Dell Inc - C:\Program Files\Dell\OpenManage\Client\Iap.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe O23 - Service: Technesis Services - Technesis - C:\WINDOWS\Technesis\Enterprise\Service\tnSvcNT.exe O23 - Service: VNC Server (winvnc) - UltraVNC - C:\Program Files\UltraVNC\WinVNC.exe -- End of file - 10748 bytes System behavior seems pretty normal - IE is running smoothly (though I mainly use FireFox). And no more weird popups in the toolbar. I have what I believe to be an unrelated software issue with my timesheet software, though I don't think you can help me out with that one! |
|
|
|
|
02-18-2008, 01:03 PM
|
#13 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: win32.trojan.agent - please help me remove
Glad to hear your computer is running great! Unfortunately, all I can really help you with is malware removal.
Well done, your logs are clean! There are just a few more things I would like you to do. The following procedure will clear out ComboFix.exe, as well as the backups and quarantines created by the fix. It will also reset your System Restore by flushing out previous restore points (which contain the infections) and create a new restore point. Click Start > Run and copy/paste, or type the following bolded text into the Run box and click OK: ComboFix /u ---------------------------------------------------------------- Microsoft Updates It is very important that you get all of the critical updates for your Operating System and Internet Explorer. Keeping your OS and browser up to date will help make you less susceptible to attacks by Trojans and viruses. Please go to Microsoft and download all the critical updates to help prevent possible re-infection. Malware Prevention Tools These programs configure your computer to prevent known malware-related changes. You can have more than one of these at a time and they take up minimal resources.
Alternative Web Browsers Using an alternative browser can help prevent malware from being installed without your knowledge, but may not work on all websites. Firewalls If you do not have a firewall, here are a few free ones available for personal use: Understanding and Using Firewalls Informational Reading In light of your recent troubles, I'm sure you'll like to avoid any future infections. Please take a look at these well written articles:
Please respond to this thread one more time so we can mark this thread as resolved.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
02-19-2008, 09:20 PM
|
#15 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: win32.trojan.agent - please help me remove
Alright, so we will have to do this a different way.
Please download the OTMoveIt2 by OldTimer. **Save it to your desktop**
----------------------------------------------- Reset Hidden/System Files and Folders
Reset System Restore To turn off System Restore click Start > Right Click My Computer > Properties. Click the System Restore tab and Check "Turn off System Restore" or "Turn off System Restore on all drives" Click Apply. When turning off System Restore, the existing restore points will be deleted. Click Yes to do this then Click OK. Turn on System Restore by Clicking Start. Right-click My Computer, and then click Properties. Click the System Restore tab. Uncheck "Turn off System Restore" or "Turn off System Restore on all drives." Click Apply, and then OK. This will create a new Restore Point. Clear Firefox Cookies
Clear IE7 cookies
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
|
02-20-2008, 05:04 PM
|
#17 (permalink) |
|
Analyst, Security Team
Join Date: Sep 2006
Location: Ontario, Canada
Posts: 2,948
OS: Windows 7 Ultimate
|
Re: win32.trojan.agent - please help me remove
Was my pleasure. Safe surfing.
__________________
Proud Member of ASAP Proud Member of UNITE Keep this forum alive - if you've been helped at this forum, please do consider a donation. Thank you for your support. Donation link for Tech Support Forum |
|
|
|
| Thread Tools | |
|
|
located at the bottom of the page.
then click 
