Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Zotop.D Troyan.Win32.DNSChanger Backdoor.Win32.Agent.aid Construct

Started by campos , Oct 16 2006 04:06 PM

  • This topic is locked This topic is locked

#1
campos
Posted 16 October 2006 - 04:06 PM

campos

    New Member

  • Member
  • Pip
  • 6 posts
Hello,
I have tried to clean this up myself but it just seems to be getting worse. Please Help.

Hijackthis Log:

Logfile of HijackThis v1.99.1
Scan saved at 3:14:00 PM, on 10/15/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Greg\Desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {A8BD6820-6ED7-423E-9558-2D1486B0FEEA} - (no file)
O3 - Toolbar: &VSToolBar - {821F87FF-8245-4972-9E28-732E92EC2F51} - C:\Program Files\VSToolbar\VSToolBar.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [otgdoqk.dll] C:\WINDOWS\system32\rundll32.exe C:\WINDOWS\system32\otgdoqk.dll,klbyjue
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: hpoddt01.exe.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: dxclib303562752.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

Panda Log:

Potentially unwanted tool:Application/VSToolbar Not disinfected C:\Program Files\VSToolbar\VSToolBar.dll
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\bzzpj27x.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\bzzpj27x.default\cookies.txt[www.winantivirus.com/]
Spyware:Cookie/Winantivirus Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\bzzpj27x.default\cookies.txt[.winantivirus.com/]
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Greg\Application Data\Mozilla\Firefox\Profiles\bzzpj27x.default\cookies.txt[stats1.reliablestats.com/]
Spyware:Cookie/Mediaplex Not disinfected C:\Documents and Settings\Greg\Cookies\greg@mediaplex[1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Greg\Cookies\[email protected][1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Greg\Desktop\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Greg\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Adware:Adware/YazzleSudoku Not disinfected C:\Program Files\Common Files\Yazzle1122OinUninstaller.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\Common Files\{3092E0BD-0CC0-1033-1103-040702200001}\Activate.exe
Adware:Adware/DollarRevenue Not disinfected C:\Program Files\Common Files\{3092E0BD-0CC0-1033-1103-040702200001}\Uninst.exe
Adware:Adware/Maxifiles Not disinfected C:\Program Files\ipwins\Uninst.exe[²ÜÇ\nsProcess.dll]
Adware:Adware/DeluxeComunications Not disinfected C:\WINDOWS\system32\bkd.exe
Potentially unwanted tool:Application/VSToolbar Not disinfected C:\WINDOWS\system32\oeigatdu.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
  • 0

Advertisements

#2
Flrman1
Posted 16 October 2006 - 04:38 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Please do not post duplicate topics. I have replied to your other topic here:

http://www.geekstogo...mp;#entry812142

This thread is closed.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP