|
|
|
|
|||||
|
|
|
|
|
|
|||
| Welcome
to Tech Support Forum home to more then 136,000 problems solved. Issues
have included: Spyware, Malware, Virus Issues, Windows, Microsoft,
Linux, Networking, Security, Hardware, and Gaming Getting your
problem solved is as easy as: 1. Registering for a free account 2. Asking your question 3. Receiving an answer Registered members: * See fewer ads. * And much more..
|
| Want to know how to post a question? click here | Having problems with spyware and pop-ups? First Steps |
|
|||||||
| Resolved HJT Threads Resolved spyware and popup issues. |
|
|
LinkBack | Thread Tools |
07-14-2005, 07:21 PM
|
#21 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
i'm downloading spyware doctor just to run the scan i'll c&p the results in here
|
|
     |
| Important Information |
|
Join the #1 Tech Support Forum Today - It's Totally Free!
TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free. Join TechSupportforum.com Today - Click Here |
|
07-14-2005, 10:04 PM
|
#22 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
###########################Runnning Processes DATA###########################
processName = C:\WINDOWS\SYSTEM\KERNEL32.DLL File Size = 548624 File Path = C:\WINDOWS\SYSTEM\COMCTL32.DLL ModuleMD5 = df6d458f396751ceae590e042cb10811 processName = C:\WINDOWS\SYSTEM\MSGSRV32.EXE File Size = 45056 File Path = C:\WINDOWS\SYSTEM\CFGMGR32.DLL ModuleMD5 = cb51fcec5eafc1ca1b55bd66414ac64f processName = C:\WINDOWS\SYSTEM\MPREXE.EXE File Size = 548624 File Path = C:\WINDOWS\SYSTEM\COMCTL32.DLL ModuleMD5 = df6d458f396751ceae590e042cb10811 processName = C:\WINDOWS\SYSTEM\MMTASK.TSK File Size = 471040 File Path = C:\WINDOWS\SYSTEM\KERNEL32.DLL ModuleMD5 = df25456bbb343e913e7eb54550f36267 processName = C:\WINDOWS\SYSTEM\MSTASK.EXE File Size = 786432 File Path = C:\WINDOWS\SYSTEM\OLE32.DLL ModuleMD5 = 2b580ec0af8b3104284ce3a6a8a71890 processName = C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE File Size = 471040 File Path = C:\WINDOWS\SYSTEM\KERNEL32.DLL ModuleMD5 = df25456bbb343e913e7eb54550f36267 processName = C:\WINDOWS\EXPLORER.EXE File Size = 98816 File Path = C:\WINDOWS\SYSTEM\ACTXPRXY.DLL ModuleMD5 = f967fb3a8b05f93c3d736a8afb5d4e86processName = C:\WINDOWS\SYSTEM\SYSTRAY.EXE File Size = 786432 File Path = C:\WINDOWS\SYSTEM\OLE32.DLL ModuleMD5 = 2b580ec0af8b3104284ce3a6a8a71890 processName = C:\WINDOWS\LOADQM.EXE File Size = 57344 File Path = C:\WINDOWS\SYSTEM\RNR20.DLL ModuleMD5 = 40b13c04193acc6bf035f38eb5a4586e processName = C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE File Size = 45056 File Path = C:\WINDOWS\SYSTEM\MSAFD.DLL ModuleMD5 = 143535c49ae413498f2a015aabb8be95 processName = C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE File Size = 10806 File Path = C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMCPS.DLL ModuleMD5 = 4c4ce2cf97ed9c612aedece11466e8f3 processName = C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE File Size = 10806 File Path = C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMCPS.DLL ModuleMD5 = 4c4ce2cf97ed9c612aedece11466e8f3 processName = C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE File Size = 548624 File Path = C:\WINDOWS\SYSTEM\COMCTL32.DLL ModuleMD5 = df6d458f396751ceae590e042cb10811 processName = C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE processName = C:\WINDOWS\SYSTEM\DDHELP.EXE File Size = 407552 File Path = C:\WINDOWS\SYSTEM\TRID_D3D.DLL ModuleMD5 = 038865beb12f9cd1afe1e2b9475c3f37 processName = C:\WINDOWS\SYSTEM\RNAAPP.EXE File Size = 135168 File Path = C:\WINDOWS\SYSTEM\RNAUI.DLL ModuleMD5 = ff81e6d412e5b6a2eaf4a40f4c666d95 processName = C:\WINDOWS\SYSTEM\TAPISRV.EXE File Size = 24576 File Path = C:\WINDOWS\SYSTEM\UMDM32.DLL ModuleMD5 = 010eef2ad514cd779e38a95078d9426c processName = C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\SPYHUNTER.EXE File Size = 49152 File Path = C:\PROGRAM FILES\ENIGMA SOFTWARE GROUP\SPYHUNTER\ESGI_MD5H.DLL ModuleMD5 = 825ef6e7a427885e9d0f1e994c92dc4f processName = C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE File Size = 160016 File Path = C:\WINDOWS\SYSTEM\MSLS31.DLL ModuleMD5 = fbd9b6e6a07fab5e83fb8b41c8468ad8 processName = C:\WINDOWS\NOTEPAD.EXE File Size = 53248 File Path = C:\WINDOWS\NOTEPAD.EXE ModuleMD5 = 0d2b84d0ee7955ac3bbe44e936723f9a ###########################REGISTRY MD5 DATA########################### <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=SystemTray Data=SysTray.Exe FileSize = 36864 MD5= Name=LoadPowerProfile Data=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme FileSize = MD5= Name=LoadQM Data=loadqm.exe FileSize = 7536 MD5= Name=msnappau Data="c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe" FileSize = 86016 MD5=e377c992dfbb5837826ea311e436c66d Name=Mirabilis ICQ Data=C:\PROGRA~1\ICQ\ICQNet.exe FileSize = 38984 MD5=4e34897ac56fe596d9d445a82e392d57 Name=AVG7_CC Data=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP FileSize = 352768 MD5=82f0d9baf07f7a63d6ca044251dd5598 Name=AVG7_EMC Data=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE FileSize = 272896 MD5=f4c4aabcca4ea3a675e5bbc3e821e7e1 Name=AVG7_AMSVR Data=C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE FileSize = 330240 MD5=9dbd26d7d7967d918c507b1e2a93a37e Name=SpyHunter Data=C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter.exe FileSize = 2469888 MD5=b0966fa7fbc70d83e6bdbf7257247bff <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCEEX> <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=msnmsgr Data="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background FileSize = 6856704 MD5=79ac63592f9b6750f2026a2520c11bee <HKEY_CURRENT_USER\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE> <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN> Name=msnmsgr Data="C:\PROGRAM FILES\MSN MESSENGER\MSNMSGR.EXE" /background FileSize = 6856704 MD5=79ac63592f9b6750f2026a2520c11bee <HKEY_USERS\.DEFAULT\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE>#############################FILE MD5 DATA############################# <C:\WINDOWS\Start Menu\Programs\StartUp> ##########################BROWSER ADD-ON DATA########################## <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar> CLSID = {BA52B914-B692-46c4-B683-905236F6F655} FilePath = File Size = 0 File MD5 = Description = McAfee VirusScan CLSID = {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} FilePath = File Size = 0 File MD5 = Description = 0 CLSID = {8E718888-423F-11D2-876E-00A0C9082467} FilePath = C:\WINDOWS\SYSTEM\MSDXM.OCX File Size = 1676800 File MD5 = d3d8b0684ed7a88ffce4956880907827 Description = 0 <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {4D5C8C25-D075-11d0-B416-00C04FB90376} FilePath = C:\WINDOWS\SYSTEM\SHDOCVW.DLL File Size = 1338368 File MD5 = 94f6961f9d85f00b4e160331f1e257d8 CLSID = {4528BBE0-4E08-11D5-AD55-00010333D0AD} FilePath = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL File Size = 316560 File MD5 = 79101e205a4a426ce3bac85949b7358e <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Explorer Bars> CLSID = {EFA24E64-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\SYSTEM\SHDOCVW.DLL File Size = 1338368 File MD5 = 94f6961f9d85f00b4e160331f1e257d8 CLSID = {EFA24E62-B078-11D0-89E4-00C04FC9E26E} FilePath = C:\WINDOWS\SYSTEM\SHDOCVW.DLL File Size = 1338368 File MD5 = 94f6961f9d85f00b4e160331f1e257d8 CLSID = {32683183-48a0-441b-a342-7c2a440a9478} FilePath = C:\WINDOWS\SYSTEM\BROWSEUI.DLL File Size = 1026048 File MD5 = 6b923d17712b0f3ba71e5185ac632862 CLSID = {4528BBE0-4E08-11D5-AD55-00010333D0AD} FilePath = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL File Size = 316560 File MD5 = 79101e205a4a426ce3bac85949b7358e <HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects> CLSID = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} FilePath = File Size = 0 File MD5 = <HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Extensions> CLSID = {6224f700-cba3-4071-b251-47cb894244cd} FilePath = File Size = 0 File MD5 = CLSID = {4528BBE0-4E08-11D5-AD55-00010333D0AD} FilePath = C:\PROGRAM FILES\YAHOO!\MESSENGER\YHEXBMES0527.DLL File Size = 316560 File MD5 = 79101e205a4a426ce3bac85949b7358e <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Extensions> CLSID = CmdMapping FilePath = File Size = 0 File MD5 = <HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks> CLSID = {CFBFAE00-17A6-11D0-99CB-00C04FD64497} FilePath = C:\WINDOWS\SYSTEM\SHDOCVW.DLL File Size = 1338368 File MD5 = 94f6961f9d85f00b4e160331f1e257d8 Description = ##########################LSP CHAIN DATA########################## <HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WINSOCK2\PARAMETERS>Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 Filepath = C:\WINDOWS\SYSTEM\mswsosp.dll File Size = 45056 File MD5 = 3b23fb583569e42a004ecfb646f8dfaa Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 Filepath = C:\WINDOWS\SYSTEM\msafd.dll File Size = 45056 File MD5 = 143535c49ae413498f2a015aabb8be95 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 Filepath = C:\WINDOWS\SYSTEM\msafd.dll File Size = 45056 File MD5 = 143535c49ae413498f2a015aabb8be95 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 Filepath = C:\WINDOWS\SYSTEM\msafd.dll File Size = 45056 File MD5 = 143535c49ae413498f2a015aabb8be95 Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 Filepath = C:\WINDOWS\SYSTEM\rsvpsp.dll File Size = 40960 File MD5 = c7b82174cb0ce69278296fe2b432fc8d Sequence Num = SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 Filepath = C:\WINDOWS\SYSTEM\rsvpsp.dll File Size = 40960 File MD5 = c7b82174cb0ce69278296fe2b432fc8d ##########################UNINSTALL DATA########################## <HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL>Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\DXM_Runtime Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\InetFind DisplayName = Find... On the Internet Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSJavaVM Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MSTASK Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\OutlookExpress DisplayName = Microsoft Outlook Express 6 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\FrontPageExpress Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\NetMeeting Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Shockwave Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Shockwaveflash Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Chlen-us Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HTMLHelp Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{C4BA56E6-3DA9-4454-AD39-81FB11810984} DisplayName = McAfee VirusScan Professional Bonus Pack InstallLocation = C:\Program Files\McAfee\McAfee Shared Components\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\890175 DisplayName = Windows 98 Q890175 Update Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\888113 DisplayName = Windows 98 Q888113 Update Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\891711 DisplayName = Windows 98 KB891711 Update Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\840315 DisplayName = Windows 98 Q840315 Update Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Q823559 DisplayName = Windows 98 Q823559 Update Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IExpress Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} DisplayName = Microsoft .NET Framework 1.1 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinZip DisplayName = WinZip InstallLocation = C:\PROGRA~1\WINZIP\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft .NET Framework 1.1 (1033) DisplayName = Microsoft .NET Framework 1.1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\TweakNow RegCleaner_is1 DisplayName = TweakNow RegCleaner InstallLocation = C:\Program Files\TweakNow RegCleaner\ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\fontcore Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEData Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE4Data Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ADIELangPack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ARIELangPack DisplayName = Arabic Language Support Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\SchedulingAgent Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\128PATCH Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE40 DisplayName = Microsoft Internet Explorer 6 SP1 and Internet Tools Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\expinst Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MobileOptionPack Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE5BAKEX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICW Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IE_EXTRA Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AddressBook Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VGX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\IEREADME Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Branding Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{ABEB838C-A1A7-4C5D-B7E1-8B4314600816} DisplayName = MSN Messenger 7.0 InstallLocation = Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\ICQ DisplayName = ICQ Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WinMX DisplayName = WinMX Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\WMP7 DisplayName = Windows Media Player 7.1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Y!TunnelPro 2.0 DisplayName = Y!TunnelPro 2.0 Build 368 InstallLocation = C:\Program Files\Digital Asphyxia\Y!TunnelPro 2.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\AVG7Uninstall DisplayName = AVG Free Edition Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\VBRunDLL DisplayName = VBRunDLL 3.0 InstallLocation = C:\Program Files\ZakFromAnotherPlanet\VBRunDLL Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Yazak Chat DisplayName = Yazak Chat 7.64.2 InstallLocation = C:\Program Files\ZakFromAnotherPlanet\Yazak Chat Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\HijackThis DisplayName = HijackThis 1.99.1 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\Microsoft NetShow Player 2.0 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\MPlayer2 Subkey Name = Software\Microsoft\Windows\CurrentVersion\Uninstall\{EE5B8E34-973C-4FBE-AC83-99F064009FC7} DisplayName = SpyHunter InstallLocation = C:\Program Files\Enigma Software Group\SpyHunter |
|
|
|
|
07-15-2005, 12:35 AM
|
#24 (permalink) | |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,336
OS: N/A
|
Please do not install needless antispyware programs onto your machine
Spyhunter - These programs are rogueware and we highly recommend that you uninstall them. Rogue or Suspect means that these products are of unknown, questionable, or dubious value as anti-spyware protection. This is from The Spyware Warrior's List of Rogue/Suspect Anti-Spyware Products & Web Sites Quote:
Close it after you have finished installation. Download & overwrite the existing file - "radius.td3", located in folder >> C:\Program Files\TDS-3\ with this file
__________________
Question - what have you done for the community today? Last edited by sUBs; 07-15-2005 at 12:39 AM. |
|
|
|
|
|
07-15-2005, 04:46 AM
|
#25 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
sorry i didn't realised i downloaded spyware, spybot had already picked it up and i'd deleted the rest of it off when i found your post. here's the tds-3 scan
21:39:08 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 21:39:09 [Init] Started 15-07-05 21:39:09 New Zealand Standard Time (UTC: -12), Internet Time @443.85 21:39:09 [Init] Loading TDS-3 Systems ... 21:39:09 [Init] Token successfully adjusted. 21:39:09 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 21:39:09 [Init] • Plugins : OK. Loaded 13 21:39:10 [Init] • Exec Protection : Not Installed 21:39:10 [Init] WARNING: Your Radius.TD3 database needs to be updated! 21:39:10 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 21:39:10 [Init] Licensed users can use the Update facility from the TDS menu 21:39:12 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 21:40:18 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 21:40:18 [Init] • Systems Initialised [60689 references - 32508 primaries/15856 traces/12325 variants/other] 21:40:18 [Init] Radius Systems loaded. <Databases updated 15-07-2005> 21:40:25 [Init] TDS-3 Ready. <Grafton@203.167.130.52, 127.0.0.1 - new zealand> 21:40:26 [Tip Of The Day] Did you know? - TDS-3 is the only anti-trojan system that allows you to CLOSE TCP ports. Simply go to Netstat through the System Analysis menu! 21:40:26 [TDS] Good evening Grafton. Go home! The weekend is here at last! 21:40:41 [Mutex Memory Scan] Started... 21:40:43 [Mutex Memory Scan] Finished (no trojan mutexes found). 21:40:43 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 21:41:11 [CRC32] Started - verifying 29 files ... 21:41:13 [CRC32] File doesn't exist: C:\WINDOWS\System\cmd.exe 21:41:14 [CRC32] File doesn't exist: C:\WINDOWS\System\netstat.exe 21:41:17 [CRC32] File doesn't exist: C:\WINDOWS\System\drwatson.exe 21:41:20 [CRC32] File doesn't exist: C:\WINDOWS\System\drwtsn32.exe 21:41:21 [CRC32] File doesn't exist: C:\WINDOWS\System\rundll32.exe 21:41:23 [CRC32] File doesn't exist: C:\WINDOWS\System\taskman.exe 21:41:27 [CRC32] File doesn't exist: C:\WINDOWS\System\taskmgr.exe 21:41:28 [CRC32] File doesn't exist: C:\WINDOWS\System\winlogon.exe 21:41:29 [CRC32] File doesn't exist: C:\WINDOWS\System\regedt32.exe 21:41:30 [CRC32] File doesn't exist: C:\WINDOWS\System\netmsg.dll 21:41:31 [CRC32] File doesn't exist: C:\WINDOWS\System\winsock.dll 21:41:32 [CRC32] Test finished. 21:44:45 [Memory Scan] Memory scan started, please wait a moment ... 21:44:55 [Memory Scan] Memory scan complete. 21:44:55 [Mutex Memory Scan] Started... 21:44:57 [Mutex Memory Scan] Finished (no trojan mutexes found). 21:44:57 [Trace Scan] Started... 21:46:37 [Trace Scan] Finished. 21:46:37 [ServiceScan] Scanning for services and drivers ... 21:46:38 [ServiceScan] Scanned 18 services and drivers. 21:46:38 [File Scan] Scanning in A:\ ... 21:46:40 [File Scan] Scanned 0 files: 0 alarms in 2.25 seconds (Avg 1. files/sec) 21:46:40 [File Scan] Scanning in C:\ ... 22:46:05 [File Scan] Scanned 13986 files: 0 alarms in 3564.063 seconds (Avg 4.92 files/sec) 22:46:06 [File Scan] Scanning in D:\ ... 22:46:06 [File Scan] Scanned 0 files: 0 alarms in 0.0625 seconds (Avg 1. files/sec) 22:46:07 [Scan] Finished. |
|
|
|
|
07-15-2005, 04:55 AM
|
#26 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,336
OS: N/A
|
Your TDS3 scan is incomplete. Either that or you have a really small hdd
 Please re-do it again.
__________________
Question - what have you done for the community today? |
|
|
|
|
07-15-2005, 08:33 PM
|
#27 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
okay wihout sounding totally stupid what a hdd?i've ran the scan again here are the results:
13:09:09 [Init] Trojan Defence Suite v3.2.0 (UNLICENSED) 13:09:09 [Init] Started 16-07-05 13:09:09 New Zealand Standard Time (UTC: -12), Internet Time @89.69 13:09:09 [Init] Loading TDS-3 Systems ... 13:09:10 [Init] Token successfully adjusted. 13:09:10 [Init] • TDS Privileges : OK. Adjusted TDS-3 token privileges to maximum 13:09:10 [Init] • Plugins : OK. Loaded 13 13:09:11 [Init] • Exec Protection : Not Installed 13:09:11 [Init] WARNING: Your Radius.TD3 database needs to be updated! 13:09:11 [Init] Please download the latest from http://tds.diamondcs.com.au/radius.td3 13:09:11 [Init] Licensed users can use the Update facility from the TDS menu 13:09:15 [Init] Loading Radius Advanced Scanning Systems ... <R3 Engine, DCS Labs> 13:10:23 [Init] • Radius Advanced Specialist Extensions on standby for 13 trojan families 13:10:28 [Init] • Systems Initialised [60689 references - 32508 primaries/15856 traces/12325 variants/other] 13:10:28 [Init] Radius Systems loaded. <Databases updated 15-07-2005> 13:10:28 [Init] TDS-3 Ready. <Grafton@0.0.0.0, 127.0.0.1 - new zealand> 13:10:28 [Tip Of The Day] You can also retrieve the data files by pointing your web browser at http://tds.diamondcs.com.au/radius.td3 13:10:28 [TDS] Good afternoon Grafton. 13:10:44 [Mutex Memory Scan] Started... 13:10:46 [Mutex Memory Scan] Finished (no trojan mutexes found). 13:10:46 [TDS-3] This is an EVALUATION demo of TDS-3. Please see the help file for help on registering. 13:11:13 [CRC32] Started - verifying 29 files ... 13:11:15 [CRC32] File doesn't exist: C:\WINDOWS\System\cmd.exe 13:11:15 [CRC32] File doesn't exist: C:\WINDOWS\System\netstat.exe 13:11:19 [CRC32] File doesn't exist: C:\WINDOWS\System\drwatson.exe 13:11:22 [CRC32] File doesn't exist: C:\WINDOWS\System\drwtsn32.exe 13:11:24 [CRC32] File doesn't exist: C:\WINDOWS\System\rundll32.exe 13:11:25 [CRC32] File doesn't exist: C:\WINDOWS\System\taskman.exe 13:11:26 [CRC32] File doesn't exist: C:\WINDOWS\System\taskmgr.exe 13:11:30 [CRC32] File doesn't exist: C:\WINDOWS\System\winlogon.exe 13:11:31 [CRC32] File doesn't exist: C:\WINDOWS\System\regedt32.exe 13:11:32 [CRC32] File doesn't exist: C:\WINDOWS\System\netmsg.dll 13:11:34 [CRC32] File doesn't exist: C:\WINDOWS\System\winsock.dll 13:11:35 [CRC32] Test finished. 13:14:41 [Memory Scan] Memory scan started, please wait a moment ... 13:14:50 [Memory Scan] Memory scan complete. 13:14:50 [Mutex Memory Scan] Started... 13:14:52 [Mutex Memory Scan] Finished (no trojan mutexes found). 13:14:52 [Trace Scan] Started... 13:16:28 [Trace Scan] Finished. 13:16:28 [ServiceScan] Scanning for services and drivers ... 13:16:29 [ServiceScan] Scanned 18 services and drivers. 13:16:29 [File Scan] Scanning in A:\ ... 13:16:31 [File Scan] Scanned 0 files: 0 alarms in 2.261719 seconds (Avg 1. files/sec) 13:16:31 [File Scan] Scanning in C:\ ... 14:10:44 [File Scan] Scanned 13678 files: 0 alarms in 3252.582 seconds (Avg 5.21 files/sec) 14:10:46 [File Scan] Scanning in D:\ ... 14:10:46 [File Scan] Scanned 0 files: 0 alarms in 5.078125E-02 seconds (Avg 1. files/sec) 14:10:46 [Scan] Finished. |
|
|
|
|
07-15-2005, 08:43 PM
|
#28 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,336
OS: N/A
|
hdd - Hard Disk DriveIt seems all the scans we did only shows that you're clean from malware. What problems do you have apart from Windows' update?
__________________
Question - what have you done for the community today? |
|
|
|
|
07-15-2005, 11:38 PM
|
#29 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
the problems are, that we can't use windows update as it crashes ie, also we can't click on links as all it does is bring up the outside window. sometimes we can c&p the link into the blank window but most of the time we can't do that either. all this has happened since i went into a booby trapped website a couple of months ago and mcafee had notified me of 3 backdoor trojans, one or two of them couldn't be cleaned. straight after that all this started. i redownloaded adaware and spybot yesterday (i've always found them pretty good) and they both picked up alexa in my system. i had those two programs on this pc when the viruses got into the system and neither of them picked it up then. (alexa was one of the backdoors mentioned by mcafee which since had been corrupted and removed). this is why i've insisted there is something on this pc, if there isn't anything apart from reformatting is there anything thing i could do?
|
|
|
|
|
07-16-2005, 02:53 AM
|
#31 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
Logfile of HijackThis v1.99.1
Scan saved at 8:35:12 PM, on 7/16/05 Platform: Windows 98 Gold (Win9x 4.10.1998) MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106) Running processes: C:\WINDOWS\SYSTEM\KERNEL32.DLL C:\WINDOWS\SYSTEM\MSGSRV32.EXE C:\WINDOWS\SYSTEM\MPREXE.EXE C:\WINDOWS\SYSTEM\mmtask.tsk C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE C:\WINDOWS\SYSTEM\MSTASK.EXE C:\WINDOWS\EXPLORER.EXE C:\WINDOWS\SYSTEM\RNAAPP.EXE C:\WINDOWS\SYSTEM\TAPISRV.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGAMSVR.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGEMC.EXE C:\PROGRAM FILES\GRISOFT\AVG FREE\AVGCC.EXE C:\WINDOWS\SYSTEM\SYSTRAY.EXE C:\WINDOWS\LOADQM.EXE C:\PROGRAM FILES\MSN APPS\UPDATER\01.03.0000.1005\EN-US\MSNAPPAU.EXE C:\WINDOWS\REGEDIT.EXE C:\WINDOWS\REGEDIT.EXE C:\PROGRAM FILES\HIJACKTHIS.EXE O1 - Hosts: 64.91.255.87 www.dcsresearch.com O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHELPER.DLL O2 - BHO: (no name) - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - (no file) O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\SYSTEM\MSDXM.OCX O3 - Toolbar: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - (no file) O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file) O4 - HKLM\..\Run: [AVG7_AMSVR] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGAMSVR.EXE O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGEMC.EXE O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\GRISOFT\AVGFRE~1\AVGCC.EXE /STARTUP O4 - HKLM\..\Run: [SystemTray] SysTray.Exe O4 - HKLM\..\Run: [LoadQM] loadqm.exe O4 - HKLM\..\Run: [msnappau] "c:\program files\MSN Apps\Updater\01.03.0000.1005\en-us\msnappau.exe" O4 - HKLM\..\Run: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKLM\..\RunServices: [KB891711] C:\WINDOWS\SYSTEM\KB891711\KB891711.EXE O4 - HKLM\..\RunServices: [SchedulingAgent] mstask.exe O4 - HKLM\..\RunServices: [LoadPowerProfile] Rundll32.exe powrprof.dll,LoadCurrentPwrScheme O4 - HKCU\..\Run: [HijackThis startup scan] C:\PROGRAM FILES\HijackThis.exe /startupscan O15 - Trusted Zone: http://*.windowsupdate.com |
|
|
|
|
07-16-2005, 02:56 AM
|
#32 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
okay now when i boot up i've been getting these messages on the blue screen:
An exception OE uhas accurred at 0028:C994560F in VXD --- This was caled from 0028:C143CA51in VXD CDVSD(01) + 00000B31. It may be possible to continue. Press any key. Also i've had: A Fatal exception has occurred at C994560F and the machine has rebooted itself twice for no apparent reason |
|
|
|
|
07-16-2005, 01:38 PM
|
#33 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,336
OS: N/A
|
Please follow the steps outlined on this website to troubleshoot Windows Update.
http://www3.telus.net/dandemar/update.htm Let me know how it went
__________________
Question - what have you done for the community today? |
|
|
|
|
07-16-2005, 07:15 PM
|
#34 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
okay i've about had it now. the link just freezes the machine. i'm going to make a hotmail address and email photo's etc i have to that (as i can't load a burner as installation disk won't load) and reformat. i have the original win98 disk and have a startup disk made. i have basic knowledge on reformatting, i know you reboot with the start up disk then type format c:/ (please correct me if i'm wrong here), then i insert the win98 disk and follow the prompts. i'm online for about 30 mins can you please get back to me a.s.a.p thanks
|
|
|
|
|
07-16-2005, 09:11 PM
|
#35 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
okay i have good news and bad news. my computer is opening links and updating windows (you should be able to see my grin from where you are). BUT it is 'unable to install updates'. the fact that's it's downloading them is a start though. i downloaded something called mcrepair.exe (as directed by a website as i had a missing rpc stub to operate the cd burner). i eagerly await your reply;)
|
|
|
|
|
07-17-2005, 01:39 AM
|
#36 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
okay i have some good news. i shut down avg and just downloaded one update at the time which was sucessful. i ran panda scan which picked up 3 lots of spyware and i deleted them off. here is the log, so far it's all good at this end unless i've left something out.Incident Status Location
Adware:adware/cws.searchmeup No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\VBRUNDLL Adware:adware/exactsearch No disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\INTERNET EXPLORER\ACTIVEX COMPATIBILITY\{53F066F0-A4C0-4F46-83EB-2DFD03F938CF} Adware:adware/brilliantdigitalNo disinfected HKEY_CLASSES_ROOT\Interface\{48E59292-9880-11CF-9754-00AA00C00908} |
|
|
|
|
07-17-2005, 02:11 AM
|
#37 (permalink) |
|
Asst Manager Security, Expert Analyst, Moderator, Security Team; Rangemaster, Moderator, TSF Academy
Join Date: May 2005
Posts: 24,336
OS: N/A
|
This is for the files Panda failed to disinfect
I have attached a file to this post - regdel.txt Download it & rename it "regdel.reg" (inclusive of the quotes) Double-click on it & answer YES when prompted to merge into the Registry Reboot & let me know how your computer feels now.
__________________
Question - what have you done for the community today? |
|
|
|
|
07-18-2005, 02:18 AM
|
#40 (permalink) |
|
Registered User
Join Date: Jul 2005
Posts: 88
OS: xp
|
my hard drive has fried. it was running well, i have or had yahoo messenger which wasn't running properly so i uninstalled it and rebooted and that was it. a message saying 'explorer.exe is missing please reinstall windows'. i've started a reformat, i've got as far as putting in the start up disk and i'm running scandisk on it at the moment. ok can you please give me clear instructions on reformatting, so far i've typed in format :C and it's run that far but i'm not %100 percent sure what to do next. i know i put the win98 cd in but it's bringing a huge list of files it apparently doesn't have. can you please get back to me a.s.a.p as i'm not at home i'm on someone else's pc. so i can print out instructions and take them with me.
|
|
|
|
| Thread Tools | |
|
|
