Go Back   Cyber Tech Help Support Forums > Software > Malware Removal

Notices

Malware Removal Discussion about Trojans, viruses, hoaxes, firewalls, spyware, and general Security issues. If you suspect your PC is infected with a virus, trojan or spyware app please include any supporting documentation or logs

Reply
 
Topic Tools
  #1  
Old April 23rd, 2007, 08:19 PM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
Exclamation explorer opens by itself

I use firefox browser myself but iexplorer keeps opening up with ( My PC has viruses click here for help) or (Google web page) Or also (create a virtual babe) .please any help would be greatly appreceated.I think this is something my daughter must have done.here is my hijack file= Logfile of HijackThis v1.99.1
Scan saved at 3:14:54 PM, on 23/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\updater.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\v7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vwsrv.exe
C:\WINDOWS\dsrss.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4thegame.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp140.tmp.dll
O2 - BHO: (no name) - {3cfa96f7-0287-4e99-8632-d64bfcd54394} - C:\WINDOWS\system32\iolapi.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\jkhfdd.dll",realset
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227 A755E9C2933154389A
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] C:\Program Files\PCPitstop\Exterminate\Reminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'abcdefgh.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1173141545937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1177348952718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\rxakcdz.dll (file missing)
O21 - SSODL: NqhrQqwvktkuEGfm - {34D4F06C-9E7E-5AC6-ABD6-109864007B08} - C:\WINDOWS\system32\fomw.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe
Reply With Quote
  #2  
Old April 23rd, 2007, 08:33 PM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
 
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Hello gardooney,

Please download VundoFix.exe to your desktop.

* Double-click VundoFix.exe to run it.
* Click the Scan for Vundo button.
* Once it's done scanning, click the Remove Vundo button.
* You will receive a prompt asking if you want to remove the files, click YES
* Once you click yes, your desktop will go blank as it starts removing Vundo.
* When completed, it will prompt that it will reboot your computer, click OK.
* Please post the contents of C:\vundofix.txt.


Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button." when VundoFix appears at reboot.


After the reboot, Disable your antivirus program and go here and run an online scan with BitDefender (you will need to use Internet Explorer for this scan). When the ActiveX Control has loaded, click on "Click here to scan" and grab a coffee.

When BitDefender completes the scan, select the "Detected Problems" tab. Click on "Click here to export scan". Save the file as an HTML to your Desktop. Then click on the saved file and allow it to open with your browser. Go to Edit - Select All. Then copy/paste that log back here, along with the contents of C:\vundofix.txt and a new HijackThis log please.
Reply With Quote
  #3  
Old April 23rd, 2007, 08:42 PM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:07:08 PM 22/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\iolapi.dll
C:\WINDOWS\system32\tmp1206.tmp.dll
C:\WINDOWS\system32\tmp636.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\iolapi.dll
C:\WINDOWS\system32\iolapi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp1206.tmp.dll
C:\WINDOWS\system32\tmp1206.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp636.tmp.dll
C:\WINDOWS\system32\tmp636.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V4.2.22
Scan started at 3:35:43 PM 23/04/2007

Listing files found while scanning....


No infected files were found.

I did the scan but it says no infected files found.Shall I move on to Bit Defender? Thanks for taking the time.
Reply With Quote
  #4  
Old April 23rd, 2007, 08:46 PM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
 
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
It found three files and deleted them. The "no infected files found" was a second scan after deleting those three.

Yes please do the Bitdefender Scan - it will take awhile but should get anything that VundoFix missed.
Reply With Quote
  #5  
Old April 23rd, 2007, 10:48 PM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
results

367825

Folders


5184

Boot Sectors


3

Archives


26036

Packed Files


32764







Results

Identified Viruses


34

Infected Files


126

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


123







Engines Info

Virus Definitions


487536

Engine build


AVCORE v1.0 (build 2397) (i386) (Feb 8 2007 14:24:08)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\$VAULT$.AVG\03051796.FIL


Infected with: Trojan.Spambot.BXB

C:\$VAULT$.AVG\03051796.FIL


Disinfection failed

C:\$VAULT$.AVG\03051796.FIL


Deleted

C:\$VAULT$.AVG\03637875.FIL


Infected with: Trojan.Peed.LM

C:\$VAULT$.AVG\03637875.FIL


Disinfection failed

C:\$VAULT$.AVG\03637875.FIL


Deleted

C:\$VAULT$.AVG\03637968.FIL


Infected with: Trojan.Peed.LJ

C:\$VAULT$.AVG\03637968.FIL


Disinfection failed

C:\$VAULT$.AVG\03637968.FIL


Deleted

C:\$VAULT$.AVG\03638937.FIL


Infected with: Trojan.Peed.LM

C:\$VAULT$.AVG\03638937.FIL


Disinfection failed

C:\$VAULT$.AVG\03638937.FIL


Deleted

C:\$VAULT$.AVG\03639187.FIL


Infected with: Trojan.Peed.LP

C:\$VAULT$.AVG\03639187.FIL


Disinfection failed

C:\$VAULT$.AVG\03639187.FIL


Deleted

C:\$VAULT$.AVG\03640218.FIL


Infected with: Trojan.Peed.LJ

C:\$VAULT$.AVG\03640218.FIL


Disinfection failed

C:\$VAULT$.AVG\03640218.FIL


Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>BaaaaBaa.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>BaaaaBaa.class


Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>BaaaaBaa.class


Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip


Updated

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>VaaaaaaaBaa.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>VaaaaaaaBaa.class


Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>VaaaaaaaBaa.class


Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip


Updated

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dvnny.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dvnny.class


Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dvnny.class


Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip


Updated

C:\Documents and Settings\HP_Administrator\Applicatio
Reply With Quote
  #6  
Old April 23rd, 2007, 10:49 PM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
more

Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Baaaaa.class


Infected with: Java.Trojan.Exploit.Bytverify.I

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Baaaaa.class


Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Baaaaa.class


Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip


Updated

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dix.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dix.class


Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dix.class


Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip


Updated

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dux.class


Infected with: Trojan.Java.ClassLoader.D

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dux.class


Disinfection failed

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip=>Dux.class


Deleted

C:\Documents and Settings\HP_Administrator\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ver sion.jar-7239fec5-44f12ddf.zip


Updated

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe=>01.exe


Infected with: MemScan:Trojan.DNSChanger.BF

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe=>01.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe=>01.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\00.exe


Update failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\13307\acexe.exe


Detected with: Adware.Agent.BE

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\13307\acexe.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\13307\acexe.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\di.exe


Infected with: Rootkit.Agent.J

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\di.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\di.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\driverpp.sys


Infected with: Rootkit.Zlob.A

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\driverpp.sys


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\driverpp.sys


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iedrives.dll


Infected with: Trojan.Zlob.AE

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iedrives.dll


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\iedrives.dll


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.bat


Infected with: Trojan.Zlob.AD

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.bat


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\install.bat


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ma1x1ddv.game


Infected with: Trojan.Porndialer.D

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ma1x1ddv.game


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\ma1x1ddv.game


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\msdrvctrl.exe


Infected with: Trojan.Zlob.AE

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\msdrvctrl.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\msdrvctrl.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OL0FOVI5\load[1].php


Infected with: GenPack:Generic.Malware.SFBdld!.A542039A

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OL0FOVI5\load[1].php


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Temporary Internet Files\Content.IE5\OL0FOVI5\load[1].php


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1122.tmp.exe


Infected with: Trojan.Agent.AMQ

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1122.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1122.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp130.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp130.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp130.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp132.tmp.exe


Infected with: Trojan.Agent.AMQ
Reply With Quote
  #7  
Old April 23rd, 2007, 10:50 PM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
more

132.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp132.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1A5.tmp.exe


Infected with: Trojan.BHO.AU

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1A5.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1A5.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1FF1.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1FF1.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp1FF1.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp230A.tmp.exe


Infected with: Trojan.Agent.AMQ

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp230A.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp230A.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2374.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2374.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2374.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2449.tmp.exe


Infected with: Trojan.Agent.AMQ

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2449.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp2449.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp29.tmp.exe


Infected with: Trojan.Agent.AMQ

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp29.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp29.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6C.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6C.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6C.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6E.tmp.exe


Infected with: Trojan.Agent.AMQ

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6E.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3B6E.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3C5.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3C5.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp3C5.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp4B6.tmp.exe


Infected with: Trojan.Agent.AMQ

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp4B6.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp4B6.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp508.tmp.exe


Infected with: Trojan.BHO.AU

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp508.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp508.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp5B8.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp5B8.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp5B8.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp610.tmp.exe


Infected with: Trojan.Agent.AMQ

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp610.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp610.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp636.tmp.exe


Infected with: Trojan.BHO.AU

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp636.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp636.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp9.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp9.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmp9.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpE.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpE.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpE.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpED6.tmp.exe


Infected with: Trojan.Downloader.Agent.AMM

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpED6.tmp.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\tmpED6.tmp.exe


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win32.194.exe~


Infected with: GenPack:Generic.Malware.SYdld!.9E572A88

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win32.194.exe~


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\win32.194.exe~


Deleted

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Windows_Update.exe


Infected with: Trojan.Downloader.Autoit.G

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Windows_Update.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\Local Settings\Temp\Windows_Update.exe


Deleted

C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001=>01.exe


Infected with: MemScan:Trojan.DNSChanger.BF

C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001=>01.exe


Disinfection failed

C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001=>01.exe


Deleted

C:\Documents and Settings\HP_Administrator\moviesdvds1176.exe=>(NSI S o)=>lzma_solid_nsis0001


Update failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\A0012379.rbf


Infected with: Trojan.Downloader.Agent.AYC

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\A0012379.rbf


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP51\A0012379.rbf


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP74\A0014759.dll


Infected with: Trojan.Agent.APX

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP74\A0014759.dll


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP74\A0014759.dll


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0005406.rbf


Infected with: Trojan.Downloader.Agent.AYC

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0005406.rbf


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP8\A0005406.rbf


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP80\A0015043.rbf


Infected with: Trojan.Downloader.Agent.AYC

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP80\A0015043.rbf


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP80\A0015043.rbf


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016160.dll


Infected with: Trojan.Duncan.A

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016160.dll


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016160.dll


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016162.dll


Infected with: Trojan.BHO.AU

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016162.dll


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016162.dll


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016187.exe


Infected with: Trojan.Clicker.MMO

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016187.exe


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP89\A0016187.exe


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A
Reply With Quote
  #8  
Old April 23rd, 2007, 11:05 PM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
the rest

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016222.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016222.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016223.exe
Infected with: Trojan.Peed.Gen
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016223.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016223.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016224.exe
Infected with: Trojan.Peed.Gen
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016224.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016224.exe
Delete
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016225.exe
Infected with: Trojan.Clicker.MMO
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016225.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0016225.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0017171.dll
Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0017171.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0017171.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0018166.dll
Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0018166.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0018166.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0019166.dll
Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0019166.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0019166.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0020166.dll
Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0020166.dll
Dsinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\A0020166.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\snapshot\MFEX-1.DAT
Infected with: Trojan.Peed.Gen
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\snapshot\MFEX-1.DAT
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP90\snapshot\MFEX-1.DAT
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020198.dll
Infected with: Trojan.Vqten.A
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020198.dll


Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020198.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020199.dll
Infected with: Trojan.Vqten.A
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020199.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020199.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020200.exe
Infected with: Trojan.Vqten.B
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020200.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020200.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020202.dll
Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020202.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020202.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020208.exe
Infected with: DeepScan:Generic.Malware.Yd!spg.FE8C4BE1
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020208.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020208.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020209.exe
Infected with: Trojan.Spy.KeyLogger.UT
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020209.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020209.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020215.exe
Infected with: Trojan.Clicker.MMO
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020215.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020215.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020216.exe
Infected with: Trojan.Clicker.MMO
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020216.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020216.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020235.exe
Infected with: Trojan.Zlob.AE
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020235.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020235.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020236.sys
Infected with: Rootkit.Zlob.A
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020236.sys
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020236.sys
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020237.exe
Infected with: Trojan.Zlob.AE
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020237.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020237.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020238.exe
Infected with: Trojan.Peed.Gen
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020238.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020238.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020240.dll
Infected with: Trojan.Vqten.A
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020240.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020240.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001=>01.exe
Infected with: MemScan:Trojan.DNSChanger.BF
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001=>01.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001=>01.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020245.exe=>(NSIS o)=>lzma_solid_nsis0001
Update failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020257.exe
Infected with: Trojan.Porndialer.D
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020257.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020257.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020260.exe
Infected with: Trojan.Peed.Gen
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020260.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020260.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020264.exe
Infected with: GenPack:Generic.Malware.SYdld!.9E572A88
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020264.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020264.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020314.dll
Infected with: Trojan.Agent.AOM
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020314.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020314.dll
Delete
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020326.dll
Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020326.dll
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020326.dll
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020327.exe
Infected with: Trojan.Vqten.B
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020327.exe
Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP91\A0020327.exe


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020328.exe


Infected with: Trojan.Vqten.B

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020328.exe


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020328.exe


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020355.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020355.exe


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020355.exe


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020356.exe


Infected with: Trojan.Peed.Gen

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020356.exe


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020356.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020358.exe
Infected with: GenPack:Generic.Malware.SYdld!.9E572A88
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020358.exe
Disinfection failed
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020358.exe
Deleted
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020363.dll


Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020363.dll


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020363.dll


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020364.exe


Infected with: Trojan.Vqten.B

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020364.exe


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP92\A0020364.exe


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0020480.dll


Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372
C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0020480.dll
Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0020480.dll


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021480.dll


Infected with: DeepScan:Generic.Malware.Fdld!!.15E7F372

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021480.dll


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021480.dll


Deleted

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021483.exe


Infected with: Trojan.Vqten.B

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021483.exe


Disinfection failed

C:\System Volume Information\_restore{106CF321-99A3-4E3A-9103-1BD027606A99}\RP93\A0021483.exe
Deleted
C:\VundoFix Backups\iolapi.dll.bad
Infected with: Trojan.Duncan.A
C:\VundoFix Backups\iolapi.dll.bad
Disinfection failed
C:\VundoFix Backups\iolapi.dll.bad
Deleted
C:\VundoFix Backups\tmp636.tmp.dll.bad
Infected with: Trojan.BHO.AU
C:\VundoFix Backups\tmp636.tmp.dll.bad
Disinfection failed
C:\VundoFix Backups\tmp636.tmp.dll.bad
Deleted
C:\WINDOWS\abc1006def.exe
Infected with: Trojan.Clicker.MMO
C:\WINDOWS\abc1006def.exe
Disinfection failed
C:\WINDOWS\abc1006def.exe
Deleted
C:\WINDOWS\dsrss.exe
Infected with: Trojan.Spy.KeyLogger.UT

C:\WINDOWS\dsrss.exe
Disinfection failed
C:\WINDOWS\dsrss.exe
Delete failed
C:\WINDOWS\efcabc.dll
Infected with: Trojan.Agent.AOM
C:\WINDOWS\efcabc.dll
Disinfection failed
C:\WINDOWS\efcabc.dll
Deleted
C:\WINDOWS\effddd.dll
Infected with: Trojan.Agent.AOM
C:\WINDOWS\effddd.dll
Disinfection failed
C:\WINDOWS\effddd.dll
Deleted
C:\WINDOWS\iihghf.dll
Infected with: Trojan.Agent.AOM
C:\WINDOWS\iihghf.dl
Disinfection failed
C:\WINDOWS\iihghf.dll
Deleted
C:\WINDOWS\jkhfdd.dll
Infected with: Trojan.Agent.AOM
C:\WINDOWS\jkhfdd.dll
Disinfection failed
C:\WINDOWS\jkhfdd.dll
Delete failed
C:\WINDOWS\jkjifc.dll
Infected with: Trojan.Agent.AOM
C:\WINDOWS\jkjifc.dll
Disinfection failed
C:\WINDOWS\jkjifc.dll
Deleted
C:\WINDOWS\ljgfec.dll
Infected with: Trojan.Agent.AOM
C:\WINDOWS\ljgfec.dll
Disinfection failed
C:\WINDOWS\ljgfec.dll
Deleted
C:\WINDOWS\msdrvctrl.exe
Infected with: Trojan.Zlob.AE
C:\WINDOWS\msdrvctrl.exe
Disinfection failed
C:\WINDOWS\msdrvctrl.exe
Deleted
C:\WINDOWS\ssqnno.dll
Infected with: Trojan.Agent.AOM
C:\WINDOWS\ssqnno.dll
Disinfection failed
C:\WINDOWS\ssqnno.dll
Deleted
C:\WINDOWS\system32\cent.exe.exe
Infected with: Trojan.Peed.Gen
C:\WINDOWS\system32\cent.exe.exe
Disinfection failed
C:\WINDOWS\system32\cent.exe.exe
Deleted
C:\WINDOWS\system32\cvkhgcy.dll
Infected with: Trojan.Vqten.A
C:\WINDOWS\system32\cvkhgcy.dll
Disinfection failed
C:\WINDOWS\system32\cvkhgcy.dll
Deleted
C:\WINDOWS\system32\dlh9jkd1q2.exe~
Infected with: Trojan.Peed.Gen
C:\WINDOWS\system32\dlh9jkd1q2.exe~
Disinfection failed
C:\WINDOWS\system32\dlh9jkd1q2.exe~
Deleted
C:\WINDOWS\system32\drivers\etc\hosts
Infected with: Trojan.QHosts.W
C:\WINDOWS\system32\drivers\etc\hosts
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts
Deleted
C:\WINDOWS\system32\drivers\etc\hosts.20070423-115445.backup
Infected with: Trojan.Qhost.HL
C:\WINDOWS\system32\drivers\etc\hosts.20070423-115445.backup
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.20070423-115445.backup
Deleted
C:\WINDOWS\system32\drivers\etc\hosts.20070423-121914.backup
Infected with: Generic.Qhost.897B437F
C:\WINDOWS\system32\drivers\etc\hosts.20070423-121914.backup
Disinfection failed
C:\WINDOWS\system32\drivers\etc\hosts.20070423-121914.backup
Deleted
C:\WINDOWS\system32\e.dll
Infected with: Trojan.Vqten.A
C:\WINDOWS\system32\e.dll
Disinfection failed
C:\WINDOWS\system32\e.dll
Deleted
C:\WINDOWS\system32\hfz.dll
Infected with: Trojan.Vqten.A
C:\WINDOWS\system32\hfz.dll
Disinfection failed
C:\WINDOWS\system32\hfz.dll
Deleted
C:\WINDOWS\system32\jdbeequau.dll
Infected with: Trojan.Vqten.A
C:\WINDOWS\system32\jdbeequau.dll
Disinfection failed
C:\WINDOWS\system32\jdbeequau.dll
Deleted
C:\WINDOWS\system32\max1d164v.exe
Infected with: Trojan.Porndialer.D

C:\WINDOWS\system32\max1d164v.exe


Disinfection failed

C:\WINDOWS\system32\max1d164v.exe

Deleted
C:\WINDOWS\system32\msdrives\driverpp.sys
Infected with: Rootkit.Zlob.A
C:\WINDOWS\system32\msdrives\driverpp.sys
Disinfection failed
C:\WINDOWS\system32\msdrives\driverpp.sys
Deleted
C:\WINDOWS\system32\msdrives\msdrvctrl.exe
Infected with: Trojan.Zlob.AE
C:\WINDOWS\system32\msdrives\msdrvctrl.exe
Disinfection failed
C:\WINDOWS\system32\msdrives\msdrvctrl.exe
Deleted
C:\WINDOWS\system32\n.dll
Infected with: Trojan.Vqten.A
C:\WINDOWS\system32\n.dll
Disinfection failed
C:\WINDOWS\system32\n.dll
Deleted

C:\WINDOWS\system32\nsv.dll

Infected with: Trojan.Vqten.A
C:\WINDOWS\system32\nsv.dll
Disinfection failed
C:\WINDOWS\system32\nsv.dll
Deleted
C:\WINDOWS\system32\otndairyytenr.dll
Infected with: Trojan.Vqten.A
C:\WINDOWS\system32\otndairyytenr.dll
Disinfection failed
C:\WINDOWS\system32\otndairyytenr.dll
Deleted
C:\WINDOWS\system32\tmp1A5.tmp.dll
Infected with: Trojan.BHO.AU
C:\WINDOWS\system32\tmp1A5.tmp.dll


Disinfection failed

C:\WINDOWS\system32\tmp1A5.tmp.dll


Deleted

C:\WINDOWS\system32\tmp508.tmp.dll


Infected with: Trojan.BHO.AU

C:\WINDOWS\system32\tmp508.tmp.dll


Disinfection failed

C:\WINDOWS\system32\tmp508.tmp.dll


Deleted

C:\WINDOWS\system32\totour.exe


Infected with: Trojan.Vqten.B

C:\WINDOWS\system32\totour.exe


Disinfection failed

C:\WINDOWS\system32\totour.exe


Deleted

C:\WINDOWS\system32\uav.dll


Infected with: Trojan.Vqten.A

C:\WINDOWS\system32\uav.dll


Disinfection failed

C:\WINDOWS\system32\uav.dll


Deleted

C:\WINDOWS\system32\v7.exe


Infected with: Trojan.Clicker.MMO

C:\WINDOWS\system32\v7.exe


Disinfection failed

C:\WINDOWS\system32\v7.exe


Delete failed

C:\WINDOWS\system32\vexg4am1et2.exe~


Infected with: Trojan.Peed.Gen

C:\WINDOWS\system32\vexg4am1et2.exe~


Disinfection failed

C:\WINDOWS\system32\vexg4am1et2.exe~


Deleted

C:\WINDOWS\system32\xbmigygyuvsft.dll


Infected with: Trojan.Vqten.A

C:\WINDOWS\system32\xbmigygyuvsft.dll


Disinfection failed

C:\WINDOWS\system32\xbmigygyuvsft.dll


Deleted

C:\WINDOWS\system32\yxpylhhjtob.dll


Infected with: Trojan.Vqten.A

C:\WINDOWS\system32\yxpylhhjtob.dll


Disinfection failed

C:\WINDOWS\system32\yxpylhhjtob.dll


Deleted

C:\WINDOWS\urspoo.dll


Infected with: Trojan.Agent.AOM

C:\WINDOWS\urspoo.dll


Disinfection failed

C:\WINDOWS\urspoo.dll


Deleted

C:\WINDOWS\wvwvwt.dll


Infected with: Trojan.Agent.AOM

C:\WINDOWS\wvwvwt.dll


Disinfection failed

C:\WINDOWS\wvwvwt.dll
Reply With Quote
  #9  
Old April 23rd, 2007, 11:07 PM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
the rest

vundo fix file
VundoFix V6.3.20

Checking Java version...

Java version is 1.5.0.5
Old versions of java are exploitable and should be removed.

Java version is 1.5.0.6
Old versions of java are exploitable and should be removed.

Scan started at 10:07:08 PM 22/04/2007

Listing files found while scanning....

C:\WINDOWS\system32\iolapi.dll
C:\WINDOWS\system32\tmp1206.tmp.dll
C:\WINDOWS\system32\tmp636.tmp.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\iolapi.dll
C:\WINDOWS\system32\iolapi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp1206.tmp.dll
C:\WINDOWS\system32\tmp1206.tmp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tmp636.tmp.dll
C:\WINDOWS\system32\tmp636.tmp.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V4.2.22
Scan started at 3:35:43 PM 23/04/2007

Listing files found while scanning....


No infected files were found.

and hijack this file Logfile of HijackThis v1.99.1
Scan saved at 5:27:39 PM, on 23/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\updater.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\v7.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\vwsrv.exe
C:\WINDOWS\dsrss.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\explorer.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.4thegame.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TY...ION&pf=desktop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: SpywareBlock Class - {0A87E45F-537A-40B4-B812-E2544C21A09F} - C:\Program Files\SpyCatcher 2006\SCActiveBlock.dll (file missing)
O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp140.tmp.dll
O2 - BHO: (no name) - {3cfa96f7-0287-4e99-8632-d64bfcd54394} - C:\WINDOWS\system32\iolapi.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O3 - Toolbar: &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [HPHUPD08] c:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [BootService] rundll32.exe "C:\WINDOWS\jkhfdd.dll",realset
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\updater.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227 A755E9C2933154389A
O4 - HKLM\..\Run: [VaCtrls] v7
O4 - HKLM\..\Run: [WinSysModule] dsrss.exe
O4 - HKLM\..\Run: [PCPitstop Registration Reminder] C:\Program Files\PCPitstop\Exterminate\Reminder.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - Global Startup: Extender Resource Monitor.lnk = C:\WINDOWS\ehome\RMSysTry.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra 'Tools' menuitem: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra 'Tools' menuitem: Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O9 - Extra button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra 'Tools' menuitem: RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Internet Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'abcdefgh.dll' missing
O11 - Options group: [INTERNATIONAL] International*
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/reso...an8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1173141545937
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1177348952718
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary...t.cab31267.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\puresp.dll
O20 - AppInit_DLLs:
O20 - Winlogon Notify: A3dxq - C:\WINDOWS\system32\a3dxx.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxdev.dll
O20 - Winlogon Notify: rpcc1 - C:\WINDOWS\system32\rpcc1.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: DCOM Server 60787 - {2C1CD3D7-86AC-4068-93BC-A02304B60787} - C:\WINDOWS\system32\rxakcdz.dll (file missing)
O21 - SSODL: NqhrQqwvktkuEGfm - {34D4F06C-9E7E-5AC6-ABD6-109864007B08} - C:\WINDOWS\system32\fomw.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Intel® Quick Resume Technology Drivers (ELService) - Intel Corporation - C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMon) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
O23 - Service: Imapi Helper - Alex Feinman - C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe
Reply With Quote
  #10  
Old April 23rd, 2007, 11:20 PM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
 
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Click START>CONTROL PANEL>ADD/REMOVE PROGRAMS

Uninstall ALL java

Download and install the updated java from here

Run HijackThis and check the following:


O2 - BHO: (no name) - {1557B435-8242-4686-9AA3-9265BF7525A4} - C:\WINDOWS\system32\tmp140.tmp.dll
O2 - BHO: (no name) - {3cfa96f7-0287-4e99-8632-d64bfcd54394} - C:\WINDOWS\system32\iolapi.dll (file missing)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O23 - Service: vwservice - Unknown owner - C:\WINDOWS\system32\vwsrv.exe

Click FIX CHECKED

Download the trial version of AVG Anti-Spyware 7.5 from here and install it.

If you have an exisiting copy of Ewido (which this software replaces), agree to the uninstall notification and uninstall Ewido. Reboot after. Then click the AVG download file again to install the software. (If you have a paid version of Ewido installed, go here to follow the steps to upgrade that now.)



After installation, double-click the icon on your Desktop to launch AVG Anti-Spyware 7.5.

On the top of the main screen click Shield. Then click the word active to change it to inactive.

You will need to also update AVG Anti-Spyware 7.5 to the latest definition files. On the top of the main screen click Update. Then click on Start Update. The update will start and a progress bar will show the updates being installed.

Now close AVG Anti-Spyware 7.5 (don't scan just yet).


Restart your computer and download SmitfraudFix.zip from here.

Unzip it to your desktop and doubleclick on smitfraudfix.cmd.

Choose Option 1 and hit Enter to generate a report about the infected files. Please save the Log (it will save to C:\rapport.txt) and post it here.
Reply With Quote
  #11  
Old April 24th, 2007, 12:39 AM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
log file

Took a while comp kept freezing and had to restart many times. SmitFraudFix v2.171

Scan done at 19:35:06.57, 23/04/2007
Run from C:\Documents and Settings\HP_Administrator\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\1.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\HP\KBD\KBD.EXE
C:\WINDOWS\updater.exe
C:\WINDOWS\system32\v7.exe
C:\WINDOWS\dsrss.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\WINDOWS\ehome\RMSysTry.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\iaantmon.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\ehome\RMSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\IntelDH\Intel(R) Quick Resume Technology\ELService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

C:\WINDOWS\dxdiag.dll FOUND !
C:\WINDOWS\iebrowser.dll FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

C:\WINDOWS\system32\msdrives\ FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\HP_Administrator\Application Data

C:\Documents and Settings\HP_Administrator\Application Data\Install.dat FOUND !

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\HP_ADM~1\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304B60787}"="DCOM Server 60787"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}\InProcServer32]
@="C:\WINDOWS\system32\rxakcdz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D 7-86AC-4068-93BC-A02304B60787}\InProcServer32]
@="C:\WINDOWS\system32\rxakcdz.dll"



»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32

pe386 detected, use a Rootkit scanner


»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 16.92.3.242
DNS Server Search Order: 16.92.3.243
DNS Server Search Order: 16.81.3.243
DNS Server Search Order: 16.118.3.243

Description: Intel(R) PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 192.168.0.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
Reply With Quote
  #12  
Old April 24th, 2007, 12:42 AM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
 
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
Reboot into Safe Mode (at startup tap the F8 key and select Safe Mode).


Open the SmitfraudFix Folder, then double-click smitfraudfix.cmd file to start the tool.
Select option #2 - Clean by typing 2 and press Enter.
Wait for the tool to complete and disk cleanup to finish.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?" answer Yes by typing Y and hit Enter.
The tool will also check if wininet.dll is infected. If a clean version is found, you will be prompted to replace wininet.dll. Answer Yes to the question "Replace infected file ?" by typing Y and hit Enter.

A reboot may be needed to finish the cleaning process, if you computer does not restart automatically please do it yourself manually. Reboot in Safe Mode.

The tool will create a log named rapport.txt in the root of your drive, eg: Local Disk C: or partition where your operating system is installed. Please post that log along with all others requested in your next reply.

Make sure all windows are closed and run AVG Anti-Spyware 7.5. Click Scanner, then click on the Scan tab. Click Complete System Scan to begin scanning. When the scan is complete click Recommended Action and change it to Quarantine. Then click Apply all actions.

Once the scan has finished, click the Save report button, then click Save Report As. This will create a text file. Make sure you know where to find this file again.



Then reboot back to Normal Mode. Post the second log (C:\rapport.txt) and your AVG AntiSpyware log please, along with a new HijackThis scan. You can use separate posts if needed.
Reply With Quote
  #13  
Old April 24th, 2007, 05:19 AM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
sorry for delay but could not get comp to restart it keeps crashing avg did not work here is the error log Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: SetServiceStatus failed, Value: 000006BF, Position: .\GuardOptions.cpp, 215
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: cannot open service control manager, Value: 000005B4, Position: .\GuardCheck.cpp, 204
Error: failed to create socket, Value: FFFFFFFF, Position: .\DownloadHttp.cpp, 251
Error: failed to create socket, Value: FFFFFFFF, Position: .\DownloadHttp.cpp, 251
Error: failed to create socket, Value: FFFFFFFF, Position: .\DownloadHttp.cpp, 251
Error: cannot open service control manager, Value: 0000051B, Position: .\GuardCheck.cpp, 204
Reply With Quote
  #14  
Old April 24th, 2007, 05:21 AM
gardooney gardooney is offline
Senior Member
 
Join Date: Feb 2006
O/S: Windows XP Home
Location: burlington
Posts: 156
here is smitfraud text

SmitFraudFix v2.171

Scan done at 19:59:17.04, 23/04/2007
Run from C:\Documents and Settings\HP_Administrator\My Documents\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304B60787}"="DCOM Server 60787"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}\InProcServer32]
@="C:\WINDOWS\system32\rxakcdz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D 7-86AC-4068-93BC-A02304B60787}\InProcServer32]
@="C:\WINDOWS\system32\rxakcdz.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\dxdiag.dll Deleted
C:\WINDOWS\iebrowser.dll Deleted
C:\WINDOWS\system32\msdrives\ Deleted
C:\Documents and Settings\HP_Administrator\Application Data\Install.dat Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CCS\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS1\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{892900FC-9814-4488-99C0-81491C1EE93D}: DhcpNameServer=16.92.3.242 16.92.3.243 16.81.3.243 16.118.3.243
HKLM\SYSTEM\CS3\Services\Tcpip\..\{DBFCFFCC-4C7E-4A9C-AFE5-7F9DA59BE454}: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.0.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\Curr entVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304B60787}"="DCOM Server 60787"

[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304B60787}\InProcServer32]
@="C:\WINDOWS\system32\rxakcdz.dll"

[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D 7-86AC-4068-93BC-A02304B60787}\InProcServer32]
@="C:\WINDOWS\system32\rxakcdz.dll"



»»»»»»»»»»»»»»»»»»»»»»»» End
Reply With Quote
  #15  
Old April 24th, 2007, 08:46 PM
dahli's Avatar
dahli dahli is offline
CTH Subscriber
 
Join Date: Oct 2004
Location: in a van down by the river
Posts: 5,335
  1. Download - rustbfix.exe ...and save it to your desktop.
  2. Double click on rustbfix.exe to run the tool.
    1. If a Rustock.b-infection is found, you will shortly hereafter be asked to reboot the computer. The reboot will probably take quite a while, and perhaps 2 reboots will be needed. But this will happen automatically.
    2. After the reboot 2 logfiles will open (%root%\avenger.txt & %root%\rustbfix\pelog.txt). If needed (still infected), post the content of these logfiles along with a new HijackThis log.
Reply With Quote
Reply

Bookmarks

Topic Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Topics
Topic Topic Starter Forum Replies Last Post
explorer opens by itself emilio68 Malware Removal 1 October 14th, 2008 01:12 AM
Explorer opens when I press c dennis20014 Internet / Browsers 2 August 20th, 2007 05:01 AM
mozilla opens up with explorer pop ups laptopaddict Malware Removal 24 January 19th, 2007 02:23 AM
mozilla opens up with explorer pop ups laptopaddict Internet / Browsers 2 January 13th, 2007 11:41 PM
Internet Explorer opens by itself truckchick4 Windows XP 6 March 18th, 2006 11:34 PM


All times are GMT +1. The time now is 03:34 PM.