|
|||||||
| Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs |
 |
|
|
Topic Tools |
|
#1
April 23rd, 2007, 08:19 PM
|
|||
|
|||
explorer opens by itself
I use firefox browser myself but iexplorer keeps opening up with ( My PC has viruses click here for help) or (Google web page) Or also (create a virtual babe) .please any help would be greatly appreceated.I think this is something my daughter must have done.here is my hijack file= Logfile of HijackThis v1.99.1
Scan saved at 3:14:54 PM, on 23/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ehome\ehtray.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\updater.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\v7.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\vwsrv.exe C:\WINDOWS\dsrss.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4thegame.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing) O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp140.tmp.dll O2 - BHO: (no name) - {3cfa96f7-0287-4e99-8632-d64bfcd54394} - C:\WINDOWS\system32\iolapi.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\jkhfdd.dll",realset O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227 A755E9C2933154389A O4 - HKLM\..\Run: [VaCtrls] v7 O4 - HKLM\..\Run: [WinSysModule] dsrss.exe O4 - HKLM\..\Run: [PCPitstop Registration Reminder] C:\Program Files\PCPitstop\Exterminate\Reminder.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'abcdefgh.dll' missing O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1173141545937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1177348952718 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\system32\rpcc1.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\rxakcdz.dll (file missing) O21 - SSODL: NqhrQqwvktkuEGfm - {34D4F06C-9E7E-5AC6-ABD6-109864007B08} - C:\WINDOWS\system32\fomw.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe 
|
|
#2
April 23rd, 2007, 08:33 PM
|
||||
|
||||
|
Hello gardooney,
Please download VundoFix.exe to your desktop. * Double-click VundoFix.exe to run it. * Click the Scan for Vundo button. * Once it's done scanning, click the Remove Vundo button. * You will receive a prompt asking if you want to remove the files, click YES * Once you click yes, your desktop will go blank as it starts removing Vundo. * When completed, it will prompt that it will reboot your computer, click OK. * Please post the contents of C:\vundofix.txt. Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot. After the reboot, Disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee. When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here, along with the contents of C:\vundofix.txt and a new HijackThis log please.
|
|
#3
April 23rd, 2007, 08:42 PM
|
|||
|
|||
|
VundoFix V6.3.20
Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 10:07:08 PM 22/04/2007 Listing files found while scanning.... C:\WINDOWS\system32\iolapi.dll C:\WINDOWS\system32\tmp1206.tmp.dll C:\WINDOWS\system32\tmp636.tmp.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\iolapi.dll C:\WINDOWS\system32\iolapi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tmp1206.tmp.dll C:\WINDOWS\system32\tmp1206.tmp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tmp636.tmp.dll C:\WINDOWS\system32\tmp636.tmp.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V4.2.22 Scan started at 3:35:43 PM 23/04/2007 Listing files found while scanning.... No infected files were found. I did the scan but it says no infected files found.Shall I move on to Bit Defender? Thanks for taking the time.
|
|
#4
April 23rd, 2007, 08:46 PM
|
||||
|
||||
|
It found three files and deleted them. The "no infected files found" was a second scan after deleting those three.
Yes please do the Bitdefender Scan - it will take awhile but should get anything that VundoFix missed.
|
|
#5
April 23rd, 2007, 10:48 PM
|
|||
|
|||
|
results
367825
Folders 5184 Boot Sectors 3 Archives 26036 Packed Files 32764 Results Identified Viruses 34 Infected Files 126 Suspect Files 0 Warnings 0 Disinfected 0 Deleted Files 123 Engines Info Virus Definitions 487536 Engine build AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08) Scan plugins 14 Archive plugins 38 Unpack plugins 6 E-mail plugins 6 System plugins 1 Scan Settings First Action Disinfect Second Action Delete Heuristics Yes Enable Warnings Yes Scanned Extensions *; Exclude Extensions Scan Emails Yes Scan Archives Yes Scan Packed Yes Scan Files Yes Scan Boot Yes Scanned File Status C:\$VAULT$.AVG\03051796.FIL Infected with: Trojan.Spambot.BXB C:\$VAULT$.AVG\03051796.FIL Disinfection failed C:\$VAULT$.AVG\03051796.FIL Deleted C:\$VAULT$.AVG\03637875.FIL Infected with: Trojan.Peed.LM C:\$VAULT$.AVG\03637875.FIL Disinfection failed C:\$VAULT$.AVG\03637875.FIL Deleted C:\$VAULT$.AVG\03637968.FIL Infected with: Trojan.Peed.LJ C:\$VAULT$.AVG\03637968.FIL Disinfection failed C:\$VAULT$.AVG\03637968.FIL Deleted C:\$VAULT$.AVG\03638937.FIL Infected with: Trojan.Peed.LM C:\$VAULT$.AVG\03638937.FIL Disinfection failed C:\$VAULT$.AVG\03638937.FIL Deleted C:\$VAULT$.AVG\03639187.FIL Infected with: Trojan.Peed.LP C:\$VAULT$.AVG\03639187.FIL Disinfection failed C:\$VAULT$.AVG\03639187.FIL Deleted C:\$VAULT$.AVG\03640218.FIL Infected with: Trojan.Peed.LJ C:\$VAULT$.AVG\03640218.FIL Disinfection failed C:\$VAULT$.AVG\03640218.FIL Deleted C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>BaaaaBaa.class Infected with: Java.Trojan.Exploit.Bytverify C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>BaaaaBaa.class Disinfection failed C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>BaaaaBaa.class Deleted C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip Updated C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>VaaaaaaaBaa.class Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>VaaaaaaaBaa.class Disinfection failed C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>VaaaaaaaBaa.class Deleted C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip Updated C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dvnny.class Infected with: Java.Trojan.Exploit.Bytverify C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dvnny.class Disinfection failed C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dvnny.class Deleted C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip Updated C:\Documents and Settings\HP_Administrator\Applicatio
|
|
#6
April 23rd, 2007, 10:49 PM
|
|||
|
|||
|
more
Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Baaaaa.class
Infected with: Java.Trojan.Exploit.Bytverify.I C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Baaaaa.class Disinfection failed C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Baaaaa.class Deleted C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip Updated C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dix.class Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dix.class Disinfection failed C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dix.class Deleted C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip Updated C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dux.class Infected with: Trojan.Java.ClassLoader.D C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dux.class Disinfection failed C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dux.class Deleted C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip Updated C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe=>01.exe Infected with: MemScan:Trojan.DNSChanger.BF C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe=>01.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe=>01.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe Update failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\13307\acexe.exe Detected with: Adware.Agent.BE C:\Documents and Settings\HP_Administrator\Local Settings\Temp\13307\acexe.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\13307\acexe.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\di.exe Infected with: Rootkit.Agent.J C:\Documents and Settings\HP_Administrator\Local Settings\Temp\di.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\di.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\driverpp.sys Infected with: Rootkit.Zlob.A C:\Documents and Settings\HP_Administrator\Local Settings\Temp\driverpp.sys Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\driverpp.sys Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iedrives.dll Infected with: Trojan.Zlob.AE C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iedrives.dll Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iedrives.dll Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.bat Infected with: Trojan.Zlob.AD C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.bat Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.bat Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ma1x1ddv.game Infected with: Trojan.Porndialer.D C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ma1x1ddv.game Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ma1x1ddv.game Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\msdrvctrl.exe Infected with: Trojan.Zlob.AE C:\Documents and Settings\HP_Administrator\Local Settings\Temp\msdrvctrl.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\msdrvctrl.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OL0FOVI5\load[1].php Infected with: GenPack:Generic.Malware.SFBdld!.A542039A C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OL0FOVI5\load[1].php Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OL0FOVI5\load[1].php Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1122.tmp.exe Infected with: Trojan.Agent.AMQ C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1122.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1122.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp130.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp130.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp130.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp132.tmp.exe Infected with: Trojan.Agent.AMQ
|
|
#7
April 23rd, 2007, 10:50 PM
|
|||
|
|||
|
more
132.tmp.exe
Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp132.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1A5.tmp.exe Infected with: Trojan.BHO.AU C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1A5.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1A5.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1FF1.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1FF1.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1FF1.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp230A.tmp.exe Infected with: Trojan.Agent.AMQ C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp230A.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp230A.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2374.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2374.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2374.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2449.tmp.exe Infected with: Trojan.Agent.AMQ C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2449.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2449.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp29.tmp.exe Infected with: Trojan.Agent.AMQ C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp29.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp29.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6C.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6C.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6C.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6E.tmp.exe Infected with: Trojan.Agent.AMQ C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6E.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6E.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3C5.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3C5.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3C5.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp4B6.tmp.exe Infected with: Trojan.Agent.AMQ C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp4B6.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp4B6.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp508.tmp.exe Infected with: Trojan.BHO.AU C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp508.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp508.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp5B8.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp5B8.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp5B8.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp610.tmp.exe Infected with: Trojan.Agent.AMQ C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp610.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp610.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp636.tmp.exe Infected with: Trojan.BHO.AU C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp636.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp636.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp9.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp9.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp9.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpE.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpE.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpE.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpED6.tmp.exe Infected with: Trojan.Downloader.Agent.AMM C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpED6.tmp.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpED6.tmp.exe Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win32.194.exe~ Infected with: GenPack:Generic.Malware.SYdld!.9E572A88 C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win32.194.exe~ Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win32.194.exe~ Deleted C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Windows_Update.exe Infected with: Trojan.Downloader.Autoit.G C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Windows_Update.exe Disinfection failed C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Windows_Update.exe Deleted C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001=>01.exe Infected with: MemScan:Trojan.DNSChanger.BF C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001=>01.exe Disinfection failed C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001=>01.exe Deleted C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001 Update failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\A0012379.rbf Infected with: Trojan.Downloader.Agent.AYC C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\A0012379.rbf Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\A0012379.rbf Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP74\A0014759.dll Infected with: Trojan.Agent.APX C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP74\A0014759.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP74\A0014759.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0005406.rbf Infected with: Trojan.Downloader.Agent.AYC C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0005406.rbf Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0005406.rbf Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP80\A0015043.rbf Infected with: Trojan.Downloader.Agent.AYC C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP80\A0015043.rbf Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP80\A0015043.rbf Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016160.dll Infected with: Trojan.Duncan.A C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016160.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016160.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016162.dll Infected with: Trojan.BHO.AU C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016162.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016162.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016187.exe Infected with: Trojan.Clicker.MMO C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016187.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016187.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A
|
|
#8
April 23rd, 2007, 11:05 PM
|
|||
|
|||
|
the rest
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016222.exe
Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016222.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016223.exe Infected with: Trojan.Peed.Gen C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016223.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016223.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016224.exe Infected with: Trojan.Peed.Gen C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016224.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016224.exe Delete C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016225.exe Infected with: Trojan.Clicker.MMO C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016225.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016225.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0017171.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0017171.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0017171.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0018166.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0018166.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0018166.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0019166.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0019166.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0019166.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0020166.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0020166.dll Dsinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0020166.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\snapshot\MFEX-1.DAT Infected with: Trojan.Peed.Gen C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\snapshot\MFEX-1.DAT Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\snapshot\MFEX-1.DAT Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020198.dll Infected with: Trojan.Vqten.A C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020198.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020198.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020199.dll Infected with: Trojan.Vqten.A C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020199.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020199.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020200.exe Infected with: Trojan.Vqten.B C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020200.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020200.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020202.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020202.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020202.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020208.exe Infected with: DeepScan:Generic.Malware.Yd!spg.FE8C4BE1 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020208.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020208.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020209.exe Infected with: Trojan.Spy.KeyLogger.UT C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020209.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020209.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020215.exe Infected with: Trojan.Clicker.MMO C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020215.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020215.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020216.exe Infected with: Trojan.Clicker.MMO C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020216.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020216.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020235.exe Infected with: Trojan.Zlob.AE C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020235.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020235.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020236.sys Infected with: Rootkit.Zlob.A C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020236.sys Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020236.sys Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020237.exe Infected with: Trojan.Zlob.AE C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020237.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020237.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020238.exe Infected with: Trojan.Peed.Gen C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020238.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020238.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020240.dll Infected with: Trojan.Vqten.A C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020240.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020240.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001=>01.exe Infected with: MemScan:Trojan.DNSChanger.BF C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001=>01.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001=>01.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001 Update failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020257.exe Infected with: Trojan.Porndialer.D C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020257.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020257.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020260.exe Infected with: Trojan.Peed.Gen C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020260.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020260.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020264.exe Infected with: GenPack:Generic.Malware.SYdld!.9E572A88 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020264.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020264.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020314.dll Infected with: Trojan.Agent.AOM C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020314.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020314.dll Delete C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020326.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020326.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020326.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020327.exe Infected with: Trojan.Vqten.B C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020327.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020327.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020328.exe Infected with: Trojan.Vqten.B C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020328.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020328.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020355.exe Infected with: Trojan.Peed.Gen C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020355.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020355.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020356.exe Infected with: Trojan.Peed.Gen C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020356.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020356.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020358.exe Infected with: GenPack:Generic.Malware.SYdld!.9E572A88 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020358.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020358.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020363.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020363.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020363.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020364.exe Infected with: Trojan.Vqten.B C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020364.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020364.exe Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0020480.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0020480.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0020480.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021480.dll Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372 C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021480.dll Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021480.dll Deleted C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021483.exe Infected with: Trojan.Vqten.B C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021483.exe Disinfection failed C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021483.exe Deleted C:\VundoFix Backups\iolapi.dll.bad Infected with: Trojan.Duncan.A C:\VundoFix Backups\iolapi.dll.bad Disinfection failed C:\VundoFix Backups\iolapi.dll.bad Deleted C:\VundoFix Backups\tmp636.tmp.dll.bad Infected with: Trojan.BHO.AU C:\VundoFix Backups\tmp636.tmp.dll.bad Disinfection failed C:\VundoFix Backups\tmp636.tmp.dll.bad Deleted C:\WINDOWS\abc1006def.exe Infected with: Trojan.Clicker.MMO C:\WINDOWS\abc1006def.exe Disinfection failed C:\WINDOWS\abc1006def.exe Deleted C:\WINDOWS\dsrss.exe Infected with: Trojan.Spy.KeyLogger.UT C:\WINDOWS\dsrss.exe Disinfection failed C:\WINDOWS\dsrss.exe Delete failed C:\WINDOWS\efcabc.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\efcabc.dll Disinfection failed C:\WINDOWS\efcabc.dll Deleted C:\WINDOWS\effddd.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\effddd.dll Disinfection failed C:\WINDOWS\effddd.dll Deleted C:\WINDOWS\iihghf.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\iihghf.dl Disinfection failed C:\WINDOWS\iihghf.dll Deleted C:\WINDOWS\jkhfdd.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\jkhfdd.dll Disinfection failed C:\WINDOWS\jkhfdd.dll Delete failed C:\WINDOWS\jkjifc.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\jkjifc.dll Disinfection failed C:\WINDOWS\jkjifc.dll Deleted C:\WINDOWS\ljgfec.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\ljgfec.dll Disinfection failed C:\WINDOWS\ljgfec.dll Deleted C:\WINDOWS\msdrvctrl.exe Infected with: Trojan.Zlob.AE C:\WINDOWS\msdrvctrl.exe Disinfection failed C:\WINDOWS\msdrvctrl.exe Deleted C:\WINDOWS\ssqnno.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\ssqnno.dll Disinfection failed C:\WINDOWS\ssqnno.dll Deleted C:\WINDOWS\system32\cent.exe.exe Infected with: Trojan.Peed.Gen C:\WINDOWS\system32\cent.exe.exe Disinfection failed C:\WINDOWS\system32\cent.exe.exe Deleted C:\WINDOWS\system32\cvkhgcy.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\cvkhgcy.dll Disinfection failed C:\WINDOWS\system32\cvkhgcy.dll Deleted C:\WINDOWS\system32\dlh9jkd1q2.exe~ Infected with: Trojan.Peed.Gen C:\WINDOWS\system32\dlh9jkd1q2.exe~ Disinfection failed C:\WINDOWS\system32\dlh9jkd1q2.exe~ Deleted C:\WINDOWS\system32\drivers\etc\hosts Infected with: Trojan.QHosts.W C:\WINDOWS\system32\drivers\etc\hosts Disinfection failed C:\WINDOWS\system32\drivers\etc\hosts Deleted C:\WINDOWS\system32\drivers\etc\hosts.20070423-115445.backup Infected with: Trojan.Qhost.HL C:\WINDOWS\system32\drivers\etc\hosts.20070423-115445.backup Disinfection failed C:\WINDOWS\system32\drivers\etc\hosts.20070423-115445.backup Deleted C:\WINDOWS\system32\drivers\etc\hosts.20070423-121914.backup Infected with: Generic.Qhost.897B437F C:\WINDOWS\system32\drivers\etc\hosts.20070423-121914.backup Disinfection failed C:\WINDOWS\system32\drivers\etc\hosts.20070423-121914.backup Deleted C:\WINDOWS\system32\e.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\e.dll Disinfection failed C:\WINDOWS\system32\e.dll Deleted C:\WINDOWS\system32\hfz.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\hfz.dll Disinfection failed C:\WINDOWS\system32\hfz.dll Deleted C:\WINDOWS\system32\jdbeequau.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\jdbeequau.dll Disinfection failed C:\WINDOWS\system32\jdbeequau.dll Deleted C:\WINDOWS\system32\max1d164v.exe Infected with: Trojan.Porndialer.D C:\WINDOWS\system32\max1d164v.exe Disinfection failed C:\WINDOWS\system32\max1d164v.exe Deleted C:\WINDOWS\system32\msdrives\driverpp.sys Infected with: Rootkit.Zlob.A C:\WINDOWS\system32\msdrives\driverpp.sys Disinfection failed C:\WINDOWS\system32\msdrives\driverpp.sys Deleted C:\WINDOWS\system32\msdrives\msdrvctrl.exe Infected with: Trojan.Zlob.AE C:\WINDOWS\system32\msdrives\msdrvctrl.exe Disinfection failed C:\WINDOWS\system32\msdrives\msdrvctrl.exe Deleted C:\WINDOWS\system32\n.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\n.dll Disinfection failed C:\WINDOWS\system32\n.dll Deleted C:\WINDOWS\system32\nsv.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\nsv.dll Disinfection failed C:\WINDOWS\system32\nsv.dll Deleted C:\WINDOWS\system32\otndairyytenr.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\otndairyytenr.dll Disinfection failed C:\WINDOWS\system32\otndairyytenr.dll Deleted C:\WINDOWS\system32\tmp1A5.tmp.dll Infected with: Trojan.BHO.AU C:\WINDOWS\system32\tmp1A5.tmp.dll Disinfection failed C:\WINDOWS\system32\tmp1A5.tmp.dll Deleted C:\WINDOWS\system32\tmp508.tmp.dll Infected with: Trojan.BHO.AU C:\WINDOWS\system32\tmp508.tmp.dll Disinfection failed C:\WINDOWS\system32\tmp508.tmp.dll Deleted C:\WINDOWS\system32\totour.exe Infected with: Trojan.Vqten.B C:\WINDOWS\system32\totour.exe Disinfection failed C:\WINDOWS\system32\totour.exe Deleted C:\WINDOWS\system32\uav.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\uav.dll Disinfection failed C:\WINDOWS\system32\uav.dll Deleted C:\WINDOWS\system32\v7.exe Infected with: Trojan.Clicker.MMO C:\WINDOWS\system32\v7.exe Disinfection failed C:\WINDOWS\system32\v7.exe Delete failed C:\WINDOWS\system32\vexg4am1et2.exe~ Infected with: Trojan.Peed.Gen C:\WINDOWS\system32\vexg4am1et2.exe~ Disinfection failed C:\WINDOWS\system32\vexg4am1et2.exe~ Deleted C:\WINDOWS\system32\xbmigygyuvsft.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\xbmigygyuvsft.dll Disinfection failed C:\WINDOWS\system32\xbmigygyuvsft.dll Deleted C:\WINDOWS\system32\yxpylhhjtob.dll Infected with: Trojan.Vqten.A C:\WINDOWS\system32\yxpylhhjtob.dll Disinfection failed C:\WINDOWS\system32\yxpylhhjtob.dll Deleted C:\WINDOWS\urspoo.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\urspoo.dll Disinfection failed C:\WINDOWS\urspoo.dll Deleted C:\WINDOWS\wvwvwt.dll Infected with: Trojan.Agent.AOM C:\WINDOWS\wvwvwt.dll Disinfection failed C:\WINDOWS\wvwvwt.dll
|
|
#9
April 23rd, 2007, 11:07 PM
|
|||
|
|||
|
the rest
vundo fix file
VundoFix V6.3.20 Checking Java version... Java version is 1.5.0.5 Old versions of java are exploitable and should be removed. Java version is 1.5.0.6 Old versions of java are exploitable and should be removed. Scan started at 10:07:08 PM 22/04/2007 Listing files found while scanning.... C:\WINDOWS\system32\iolapi.dll C:\WINDOWS\system32\tmp1206.tmp.dll C:\WINDOWS\system32\tmp636.tmp.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\iolapi.dll C:\WINDOWS\system32\iolapi.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tmp1206.tmp.dll C:\WINDOWS\system32\tmp1206.tmp.dll Has been deleted! Attempting to delete C:\WINDOWS\system32\tmp636.tmp.dll C:\WINDOWS\system32\tmp636.tmp.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V4.2.22 Scan started at 3:35:43 PM 23/04/2007 Listing files found while scanning.... No infected files were found. and hijack this file Logfile of HijackThis v1.99.1 Scan saved at 5:27:39 PM, on 23/04/2007 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v7.00 (7.00.5730.0011) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ehome\ehtray.exe C:\HP\KBD\KBD.EXE C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\updater.exe C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\v7.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\vwsrv.exe C:\WINDOWS\dsrss.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\WINDOWS\system32\dllhost.exe C:\WINDOWS\eHome\ehmsas.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\ehome\RMSysTry.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\explorer.exe C:\Program Files\HijackThis\HijackThis.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4thegame.com/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing) O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp140.tmp.dll O2 - BHO: (no name) - {3cfa96f7-0287-4e99-8632-d64bfcd54394} - C:\WINDOWS\system32\iolapi.dll (file missing) O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\jkhfdd.dll",realset O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227 A755E9C2933154389A O4 - HKLM\..\Run: [VaCtrls] v7 O4 - HKLM\..\Run: [WinSysModule] dsrss.exe O4 - HKLM\..\Run: [PCPitstop Registration Reminder] C:\Program Files\PCPitstop\Exterminate\Reminder.exe O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing) O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing) O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O10 - Broken Internet access because of LSP provider 'abcdefgh.dll' missing O11 - Options group: [INTERNATIONAL] International* O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1173141545937 O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1177348952718 O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll O20 - AppInit_DLLs: O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\system32\rpcc1.dll O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\rxakcdz.dll (file missing) O21 - SSODL: NqhrQqwvktkuEGfm - {34D4F06C-9E7E-5AC6-ABD6-109864007B08} - C:\WINDOWS\system32\fomw.dll (file missing) O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe
|
|
#10
April 23rd, 2007, 11:20 PM
|
||||
|
||||
|
Click START>CONTROL PANEL>ADD/REMOVE PROGRAMS
Uninstall ALL java Download and install the updated java from here Run HijackThis and check the following: O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp140.tmp.dll O2 - BHO: (no name) - {3cfa96f7-0287-4e99-8632-d64bfcd54394} - C:\WINDOWS\system32\iolapi.dll (file missing) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file) O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe Click FIX CHECKED Download the trial version of AVG Anti-Spyware 7.5 from here and install it. If you have an exisiting copy of Ewido (which this software replaces), agree to the uninstall notification and uninstall Ewido. Reboot after. Then click the AVG download file again to install the software. (If you have a paid version of Ewido installed, go here to follow the steps to upgrade that now.) After installation, double-click the icon on your Desktop to launch AVG Anti-Spyware 7.5. On the top of the main screen click Shield. Then click the word active to change it to inactive. You will need to also update AVG Anti-Spyware 7.5 to the latest definition files. On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed. Now close AVG Anti-Spyware 7.5 (don't scan just yet). Restart your computer and download SmitfraudFix.zip from here. Unzip it to your desktop and doubleclick on smitfraudfix.cmd. Choose Option 1 and hit Enter to generate a report about the infected files. Please save the Log (it will save to C:\rapport.txt) and post it here.
|
|
#11
April 24th, 2007, 12:39 AM
|
|||
|
|||
|
log file
Took a while comp kept freezing and had to restart many times. SmitFraudFix v2.171
Scan done at 19:35:06.57, 23/04/2007 Run from C:\Documents and Settings\HP_Administrator\My Documents\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\1.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\RTHDCPL.EXE C:\WINDOWS\ehome\ehtray.exe C:\HP\KBD\KBD.EXE C:\WINDOWS\updater.exe C:\WINDOWS\system32\v7.exe C:\WINDOWS\dsrss.exe C:\PROGRA~1\Grisoft\AVG7\avgcc.exe C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\MSN Messenger\msnmsgr.exe C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe C:\WINDOWS\ehome\RMSysTry.exe C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe C:\PROGRA~1\Grisoft\AVG7\avgemc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\HPZipm12.exe C:\WINDOWS\ehome\RMSvc.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\WINDOWS\system32\dllhost.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\WINDOWS\eHome\ehmsas.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\WINDOWS\system32\wuauclt.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\cmd.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS C:\WINDOWS\dxdiag.dll FOUND ! C:\WINDOWS\iebrowser.dll FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\msdrives\ FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data C:\Documents and Settings\HP_Administrator\Application Data\Install.dat FOUND ! »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0] "Source"="About:Home" "SubscribedURL"="About:Home" "FriendlyName"="My Current Home Page" »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{2C1CD3D7-86AC-4068-93BC-A02304B60787}"="DCOM Server 60787" [HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}\InProcServer32] @="C:\WINDOWS\system32\rxakcdz.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D 7-86AC-4068-93BC-A02304B60787}\InProcServer32] @="C:\WINDOWS\system32\rxakcdz.dll" »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"=" " »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32 pe386 detected, use a Rootkit scanner »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 16.92.3.242 DNS Server Search Order: 16.92.3.243 DNS Server Search Order: 16.81.3.243 DNS Server Search Order: 16.118.3.243 Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport DNS Server Search Order: 192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS3\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End
|
|
#12
April 24th, 2007, 12:42 AM
|
||||
|
||||
|
Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).
Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool. Select option #2 - Clean by typing 2 and press Enter. Wait for the tool to complete and disk cleanup to finish. You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter. The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter. A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode. The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply. Make sure all windows are closed and run AVG Anti-Spyware 7.5. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions. Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again. Then reboot back to Normal Mode. Post the second log (C:\rapport.txt) and your AVG AntiSpyware log please, along with a new HijackThis scan. You can use separate posts if needed.
|
|
#13
April 24th, 2007, 05:19 AM
|
|||
|
|||
|
sorry for delay but could not get comp to restart it keeps crashing avg did not work here is the error log Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: SetServiceStatus failed, Value: 000006BF, Position: .\GuardOptions.cpp, 215 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204 Error: failed to create socket, Value: FFFFFFFF, Position: .\DownloadHttp.cpp, 251 Error: failed to create socket, Value: FFFFFFFF, Position: .\DownloadHttp.cpp, 251 Error: failed to create socket, Value: FFFFFFFF, Position: .\DownloadHttp.cpp, 251 Error: cannot open service control manager, Value: 0000051B, Position: .\GuardCheck.cpp, 204
|
|
#14
April 24th, 2007, 05:21 AM
|
|||
|
|||
|
here is smitfraud text
SmitFraudFix v2.171
Scan done at 19:59:17.04, 23/04/2007 Run from C:\Documents and Settings\HP_Administrator\My Documents\SmitfraudFix OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT The filesystem type is NTFS Fix run in safe mode »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{2C1CD3D7-86AC-4068-93BC-A02304B60787}"="DCOM Server 60787" [HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}\InProcServer32] @="C:\WINDOWS\system32\rxakcdz.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D 7-86AC-4068-93BC-A02304B60787}\InProcServer32] @="C:\WINDOWS\system32\rxakcdz.dll" »»»»»»»»»»»»»»»»»»»»»»»» Killing process »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files C:\WINDOWS\dxdiag.dll Deleted C:\WINDOWS\iebrowser.dll Deleted C:\WINDOWS\system32\msdrives\ Deleted C:\Documents and Settings\HP_Administrator\Application Data\Install.dat Deleted »»»»»»»»»»»»»»»»»»»»»»»» DNS HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243 HKLM\SYSTEM\CS3\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1 »»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "System"="" »»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning Registry Cleaning done. »»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler] "{2C1CD3D7-86AC-4068-93BC-A02304B60787}"="DCOM Server 60787" [HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}\InProcServer32] @="C:\WINDOWS\system32\rxakcdz.dll" [HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D 7-86AC-4068-93BC-A02304B60787}\InProcServer32] @="C:\WINDOWS\system32\rxakcdz.dll" »»»»»»»»»»»»»»»»»»»»»»»» End
|
|
#15
April 24th, 2007, 08:46 PM
|
||||
|
||||
|
|
| Bookmarks |
«
Previous Topic
|
Next Topic
»
| Topic Tools | |
|
|
Similar Topics
|
||||
| Topic | Topic Starter | Forum | Replies | Last Post |
| explorer opens by itself | emilio68 | Malware Removal | 1 | October 14th, 2008 01:12 AM |
| Explorer opens when I press c | dennis20014 | Internet / Browsers | 2 | August 20th, 2007 05:01 AM |
| mozilla opens up with explorer pop ups | laptopaddict | Malware Removal | 24 | January 19th, 2007 02:23 AM |
| mozilla opens up with explorer pop ups | laptopaddict | Internet / Browsers | 2 | January 13th, 2007 11:41 PM |
| Internet Explorer opens by itself | truckchick4 | Windows XP | 6 | March 18th, 2006 11:34 PM |
All times are GMT +1. The time now is 07:26 PM.