Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Need help in removing toolbar888 and trojan.dialer.qs

Started by DeVile , Oct 21 2006 11:33 AM

  • This topic is locked This topic is locked

#1
DeVile
Posted 21 October 2006 - 11:33 AM

DeVile

    New Member

  • Member
  • Pip
  • 4 posts
Need help to remove this trojan. It just will not go away after being picked up by my ewido. I am running on windows xp. I've used vundofix to remove some files away. please advise on how to proceed. Thanks for the help. Much Appreciated! :whistling:

Logfile of HijackThis v1.99.1
Scan saved at 1:33:00 AM, on 10/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Network\Wireless 802.11 USB Adapter\WlanMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hijackthis\HijackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ntu.edu.sg
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {468C142E-5A0E-5BB2-665F-0547E310F8AA} - C:\WINDOWS\system32\bystxzh.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: WLAN Monitor Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} - https://www.windowso...nSSWebAgent.CAB
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} (LSSupCtl Class) - https://www-secure.s...rl/LSSupCtl.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {697C57A6-4DDF-11D5-9A37-009027E91173} (MkDownload Control) - http://www.wmpa.net/.../mkDownload.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141222762406
O16 - DPF: {79E0C1C0-316D-11D5-A72A-006097BFA1AC} (EPSON Web Printer-SelfTest Control Class) - http://www.epson.com...rg/ESTPTest.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92024A2B-5245-4B2F-80FF-0B35F115D339} (APEXImageViewer.APEXImgViewer) - https://www2.hdb.gov...ImageViewer.CAB
O16 - DPF: {9B03C5F1-F5AB-47EE-937D-A8EDA626F876} (Anonymizer Anti-Spyware Scanner) - http://download.zone...ctor/WebAAS.cab
O16 - DPF: {A37C6A0C-7CF2-4267-90D2-F0C9349E7950} (AniAvata Control) - http://www.jungsoft....ta/AniAvata.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - https://www-secure.s...rl/SymAData.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE05CC2-EEA0-4C45-A413-A5BA5E861B89}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  • 0

Advertisements

#2
Flrman1
Posted 26 October 2006 - 08:13 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Hi DeVile

Welcome to GTG! :whistling:

Sorry for the delay in response. If you still need help with this, please do the following:

* Run ActiveScan online virus scan here

When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from ActiveScan


* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
  • 0

#3
DeVile
Posted 27 October 2006 - 03:15 AM

DeVile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Did a panda scan but a virus was detected by my Avast while installing the file for pandascan. After the scan, there was nothing detected and thus no report.

Actually after i used the vundofix and deleted some suspicious looking files away, seemed to have removed the trojan, but i just need to be sure now.

Logfile of HijackThis v1.99.1
Scan saved at 5:11:00 PM, on 10/27/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Network\Wireless 802.11 USB Adapter\WlanMonitor.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\FlashGet\flashget.exe
C:\Documents and Settings\Owner\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ntu.edu.sg
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: WLAN Monitor Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141222762406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92024A2B-5245-4B2F-80FF-0B35F115D339} (APEXImageViewer.APEXImgViewer) - https://www2.hdb.gov...ImageViewer.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE05CC2-EEA0-4C45-A413-A5BA5E861B89}: NameServer = 165.21.83.88,165.21.100.88
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe


Ace Utilities
Adobe Photoshop 7.0
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
Adobe Reader Japanese Fonts
Adobe® Photoshop® Album Starter Edition 3.0
ArcSoft Camera Suite
ArcSoft PhotoBase 3
ArcSoft PhotoStudio 5
avast! Antivirus
BitComet 0.70
Broadcom 440x Driver Installer
Canon Camera Window for ZoomBrowser EX
Canon CanoScan Toolbox 4.1
Canon iP1600
Canon PhotoRecord
Canon Utilities Easy-PhotoPrint
Canon Utilities Easy-PrintToolBox
Canon Utilities File Viewer Utility 1.2
Canon Utilities PhotoStitch 3.1
Canon Utilities RemoteCapture 2.7
Canon Utilities ZoomBrowser EX
CCleaner (remove only)
Dell ResourceCD
DivX Player
EasyCleaner
ewido anti-spyware 4.0
FlashGet(JetCar)
HijackThis 1.99.1
Hotfix for Windows XP (KB896344)
ICQ
Intel® Extreme Graphics Driver
IrfanView (remove only)
iTunes
J2ME Wireless Toolkit 2.2
J2SE Development Kit 5.0 Update 2
J2SE Runtime Environment 5.0 Update 2
Kerio Personal Firewall 2.1.5
K-Lite Codec Pack 2.71 Full
Logitech iTouch Software
Logitech MouseWare 9.79.1
Macromedia Flash Player 8
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Data Access Components KB870669
Microsoft Office XP Professional with FrontPage
Microsoft Windows Media Video 9 VCM
Mozilla Firefox (2.0)
Mozilla Thunderbird (1.5)
Nero
Nokia Connectivity Cable Driver
Nokia PC Connectivity Solution
Nokia PC Suite
Nokia Software Updater
Nvu 1.0
Panda ActiveScan
QuickTime
RealPlayer
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Shockwave
SmartMovie Converter (for Symbian phones)
SoundMAX
Spelling Dictionaries For Adobe Reader Package
Spybot - Search & Destroy 1.4
SpywareBlaster v3.5.1
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB910437)
Update for Windows XP (KB916595)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VoiceXP
Winamp (remove only)
Windows Defender
Windows Defender Signatures
Windows Driver Package - MSN (usbccgp) USB (04/19/2006 1.1.0.2)
Windows Driver Package - Nokia Modem (06/12/2006 6.81.0.21)
Windows Genuine Advantage v1.3.0254.0
Windows Installer 3.1 (KB893803)
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Safety Scanner
Windows Media Connect
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB834707
Windows XP Hotfix - KB867282
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890047
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB890923
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893066
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WinRAR archiver
WinZip
Wireless 802.11 USB Adapter
Yahoo! Anti-Spy
Yahoo! Internet Mail
Yahoo! Toolbar
YAMAHA MidRadio Player
YPOPs! 0.8.6.2
  • 0

#4
Flrman1
Posted 27 October 2006 - 12:40 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/Remove programs and uninstall this old version of Java:

J2SE Runtime Environment 5.0 Update 2


* Now go here and install the latest version of Java.


* Click here to download ATF Cleaner by Atribune and save it to your desktop.
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


* Restart your computer.


* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

  • 0

#5
DeVile
Posted 27 October 2006 - 10:18 PM

DeVile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
BitDefender Online Scanner







Scan report generated at: Sat, Oct 28, 2006 - 11:58:23









Scan path: A:\;C:\;D:\;E:\;















Statistics

Time


01:53:47

Files


524141

Folders


5752

Boot Sectors


3

Archives


6394

Packed Files


54036







Results

Identified Viruses


1

Infected Files


2

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


2







Engines Info

Virus Definitions


479252

Engine build


AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins


13

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\Local Folders\Junk=>(message 330)=>[Subject: the file]=>(MIME part)=>eBook.Uu


Infected with: Win32.Nyxem.E@mm

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\Local Folders\Junk=>(message 330)=>[Subject: the file]=>(MIME part)=>eBook.Uu


Disinfection failed

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\Local Folders\Junk=>(message 330)=>[Subject: the file]=>(MIME part)=>eBook.Uu


Deleted

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\Local Folders\Junk=>(message 330)=>[Subject: the file]=>(MIME part)


Updated

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\Local Folders\Junk=>(message 330)


Updated

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\Local Folders\Junk


Updated

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\localhost-3\Inbox=>(message 145)=>[Subject: the file]=>(MIME part)=>eBook.Uu


Infected with: Win32.Nyxem.E@mm

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\localhost-3\Inbox=>(message 145)=>[Subject: the file]=>(MIME part)=>eBook.Uu


Disinfection failed

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\localhost-3\Inbox=>(message 145)=>[Subject: the file]=>(MIME part)=>eBook.Uu


Deleted

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\localhost-3\Inbox=>(message 145)=>[Subject: the file]=>(MIME part)


Updated

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\localhost-3\Inbox=>(message 145)


Updated

C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\bcmbf8so.default\Mail\localhost-3\Inbox


Updated

C:\WINDOWS\inf\WD_VIR~1.PNF


Clean

C:\WINDOWS\inf\wfp0.inf


Clean

C:\WINDOWS\inf\wfp0.PNF


Clean

C:\WINDOWS\inf\wfp1.inf


Clean

C:\WINDOWS\inf\wfp1.PNF


Clean

C:\WINDOWS\inf\wfp2.inf


Clean

C:\WINDOWS\inf\wfp2.PNF


Clean

C:\WINDOWS\inf\wfp3.inf


Clean

C:\WINDOWS\inf\wfp3.PNF


Clean

C:\WINDOWS\inf\wfp4.inf


Clean

C:\WINDOWS\inf\wfp4.PNF


Clean

C:\WINDOWS\inf\wfp5.inf


Clean

C:\WINDOWS\inf\wfp5.PNF


Clean

C:\WINDOWS\inf\wfp6.inf


Clean

C:\WINDOWS\inf\wfp6.PNF


Clean

C:\WINDOWS\inf\wfp7.inf


Clean

C:\WINDOWS\inf\wfp7.PNF


Clean

C:\WINDOWS\inf\wfp8.inf


Clean

C:\WINDOWS\inf\wfp8.PNF


Clean

C:\WINDOWS\inf\windowsdefender.adm


Clean

C:\WINDOWS\inf\windowsdefender.adm=>(unicode)


Clean

C:\WINDOWS\inf\windrvr6.PNF


Clean

C:\WINDOWS\inf\wm819639.inf


Clean

C:\WINDOWS\inf\wm819639.PNF


Clean

C:\WINDOWS\inf\wmaccess.inf


Clean

C:\WINDOWS\inf\wmaccess.PNF


Clean

C:\WINDOWS\inf\wmad.inf


Clean

C:\WINDOWS\inf\wmad.PNF


Clean

C:\WINDOWS\inf\wmdm.inf


Clean

C:\WINDOWS\inf\wmdm.PNF


Clean

C:\WINDOWS\inf\WMDM10.inf


Clean

C:\WINDOWS\inf\WMDM10.PNF


Clean

C:\WINDOWS\inf\wmexpack.inf


Clean

C:\WINDOWS\inf\wmexpack.PNF


Clean

C:\WINDOWS\inf\wmfsdk.inf


Clean

C:\WINDOWS\inf\WMFSDK.PNF


Clean

C:\WINDOWS\inf\WMFSDK10.inf


Clean

C:\WINDOWS\inf\WMFSDK10.PNF


Clean

C:\WINDOWS\inf\wmp.inf


Clean

C:\WINDOWS\inf\wmp.PNF


Clean

C:\WINDOWS\inf\WMP10.inf


Clean

C:\WINDOWS\inf\WMP10.PNF


Clean

C:\WINDOWS\inf\wmplayer.adm


Clean

C:\WINDOWS\inf\wmplayer.adm=>(unicode)


Clean

C:\WINDOWS\inf\wmpocm.inf


Clean

C:\WINDOWS\inf\wmpocm.PNF


Clean

C:\WINDOWS\inf\WMSET10.inf


Clean

C:\WINDOWS\inf\WMSET10.PNF


Clean

C:\WINDOWS\inf\wmsetsdk.inf


Clean

C:\WINDOWS\inf\wmsetsdk.PNF


Clean

C:\WINDOWS\inf\wmtour.inf


Clean

C:\WINDOWS\inf\wmtour.PNF


Clean

C:\WINDOWS\inf\wmv9vcm.inf


Clean

C:\WINDOWS\inf\wmv9vcm.PNF


Clean

C:\WINDOWS\inf\wordpad.inf


Clean

C:\WINDOWS\inf\wordpad.PNF


Clean

C:\WINDOWS\inf\wpd10.inf


Clean

C:\WINDOWS\inf\WPD10.PNF


Clean

C:\WINDOWS\inf\wpdmtp.inf


Clean

C:\WINDOWS\inf\wpdmtp.PNF


Clean

C:\WINDOWS\inf\wsh.inf


Clean

C:\WINDOWS\inf\wsh.PNF


Clean

C:\WINDOWS\inf\wstcodec.inf


Clean

C:\WINDOWS\inf\wstcodec.PNF


Clean

C:\WINDOWS\inf\wtv0.inf


Clean

C:\WINDOWS\inf\wtv0.PNF


Clean

C:\WINDOWS\inf\wtv1.inf


Clean

C:\WINDOWS\inf\wtv1.PNF


Clean

C:\WINDOWS\inf\wtv2.inf


Clean

C:\WINDOWS\inf\wtv2.PNF


Clean

C:\WINDOWS\inf\wtv3.inf


Clean

C:\WINDOWS\inf\wtv3.PNF


Clean

C:\WINDOWS\inf\wtv4.inf


Clean

C:\WINDOWS\inf\wtv4.PNF


Clean

C:\WINDOWS\inf\wtv5.inf


Clean

C:\WINDOWS\inf\wtv5.PNF


Clean

C:\WINDOWS\inf\wuau.adm


Clean

C:\WINDOWS\inf\wuau.adm=>(unicode)


Clean

C:\WINDOWS\inf\xact2_1_x86.inf


Clean

C:\WINDOWS\inf\xact2_1_x86.PNF


Clean

C:\WINDOWS\inf\xact2_2_x86.inf


Clean

C:\WINDOWS\inf\xact2_2_x86.PNF


Clean

C:\WINDOWS\inf\xact_x86.inf


Clean

C:\WINDOWS\inf\xact_x86.PNF


Clean

C:\WINDOWS\inf\xinput1_1_x86.inf


Clean

C:\WINDOWS\inf\xinput1_1_x86.PNF


Clean

C:\WINDOWS\inf\xinput9_1_0_x86.inf


Clean

C:\WINDOWS\inf\xinput9_1_0_x86.PNF


Clean

C:\WINDOWS\inf\xscan_xp.inf


Clean

C:\WINDOWS\inf\xscan_xp.PNF


Clean

C:\WINDOWS\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\2.0.50727\FL_aspnet_filter_dll_____X86.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\2.0.50727\FL_aspnet_wp_exe_____X86.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\2.0.50727\FL_webengine_dll_135889_____X86.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\2.0.50727\System.Web_dll_5_____X86.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\$PatchCache$\Managed\D6461317C3DC4F04799BDCE9E42626FE\CacheSize.txt


Clean

C:\WINDOWS\Installer\10225eb.msi


Clean

C:\WINDOWS\Installer\10225eb.msi=>(Embedded EXE)


Clean

C:\WINDOWS\Installer\10225eb.msi=>(Embedded EXE)


Clean

C:\WINDOWS\Installer\10225eb.msi=>(Embedded EXE)


Clean

C:\WINDOWS\Installer\10225eb.msi=>(Embedded EXE)


Clean

C:\WINDOWS\Installer\103bd5.msp


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>cdoex.dll.D0DF3458_A845_11D3_8D0A_0050046416B9


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>F525_pkmws.dll.662E5E6B_7913_4DEE_84E0_F9A52DB890D1


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeycate.3A69.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeyclas.AAB6.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeymana.E480.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeypkmr.469E.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeypkms.4ADF.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeysche.392D.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeysear.0AFE.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeysmar.0440.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>fKeywork.3C85.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>F_athprxy.dll.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>F_mssadmin.dll.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>F_mssadmws.dll.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>F_msserror.dll.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>F_mssitlb.dll.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>F_srchadm.dll.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>msdaippd.955A.E8D71C4B_62C9_4D1B_A02F_C916CAE50331


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>msdapmld.3807.E8D71C4B_62C9_4D1B_A02F_C916CAE50331


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>MSONSEXT.DLL


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>mssrchad.7288.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>NSEXTINT.DLL


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>pkmaxctl.1156.D8F5FB96_64D2_4A23_A500_8BEBF2FF592F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>pkmcdodl.910C.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>PkmCored.EEF1.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>Pkmormsd.5F4F.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>PkmTrace.D314.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>promotes.5E36.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>secmanag.CF96.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>SrchAdmS.4B01.78AD3BD4_846F_4B0D_9154_FC23623FA74B


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>vaiddman.1EB9.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bd5.msp=>(Embedded CAB)=>vaipkmme.7CC4.76FACAA8_4C38_49B4_B59C_6698F3D0BB4F


Clean

C:\WINDOWS\Installer\103bfa.msp


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>htmeddll.CAB3.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>mdmexeX8.67AC.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>mdmuidll.3A63.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>msdbg2dl.2BF3.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>msenvdll.CAB3.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>pdmdllX8.67AC.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>cpdejite.B4BA.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>vsbrowse.4F33.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103bfa.msp=>(Embedded CAB)=>vsdebugd.221A.3643236F_FC70_11D3_A536_0090278A1BB8


Clean

C:\WINDOWS\Installer\103c1d.msp


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>CDO.DLL_0001


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>CDO.DLL_0004


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>CONTAB32.DLL


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>EMABLT32.DLL


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>EMSABP32.DLL_0005


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>EMSMDB32.DLL_0005


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>MSMAPI32.DLL_0001


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>OUTEX.DLL


Clean

C:\WINDOWS\Installer\103c1d.msp=>(Embedded CAB)=>OUTLLIBR.DLL


Clean

C:\WINDOWS\Installer\103c32.msp


Clean

C:\WINDOWS\Installer\103c32.msp=>(Embedded CAB)


Clean

C:\WINDOWS\Installer\103c32.msp=>(Embedded CAB)=>WINWORD.EXE


Clean

C:\WINDOWS\Installer\103c49.msp


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcstatus.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcstatus.htm=>(JAVASCRIPT 8)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen1.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen1.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen1.htm=>(JAVASCRIPT 4)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen2.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen2.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen2.htm=>(JAVASCRIPT 6)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen3.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcConnection.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcConnection.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcConnection.htm=>(JAVASCRIPT 3)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcConnection.htm=>(JAVASCRIPT 5)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>Remote_Assistance_Graphic.png


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>monitor_left.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>monitor_right.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>address_book.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>attention.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>arrow.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>buddy.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>buddy_attention.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>logon_anim.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>buddy_away.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>buddy_busy.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>buddy_none.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>buddy_offline.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>generic_mail.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>info.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>messenger_big.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>square_bullet.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>outlook.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>outlook_express.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>Envelope.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>floppy.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>IM_icon.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>icon_extweb.gif


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen4.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen4.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen4.htm=>(JAVASCRIPT 4)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen5.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen5.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen5.htm=>(JAVASCRIPT 7)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 2)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 3)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 4)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 5)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 6)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(VBSCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 7)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 7)=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 7)=>(JAVASCRIPT 4)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT 15)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT)=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6.htm=>(JAVASCRIPT)=>(JAVASCRIPT 4)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6_head.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen6_head.htm=>(JAVASCRIPT 3)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcInviteStatus.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcInviteStatus.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcInviteStatus.htm=>(JAVASCRIPT 5)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen7.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen7.htm=>(JAVASCRIPT 1)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen7.htm=>(JAVASCRIPT 7)


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen8.htm


Clean

C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchdt_p3.cab=>rcBuddy.cab=>rcscreen8.htm=>(JAVASCRIPT 1)


Clean


Logfile of HijackThis v1.99.1
Scan saved at 12:08:01 PM, on 10/28/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Network\Wireless 802.11 USB Adapter\WlanMonitor.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\PROGRA~1\MOZILL~2\FIREFOX.EXE
C:\Documents and Settings\Owner\My Documents\Malware Removal Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ntu.edu.sg
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: WLAN Monitor Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141222762406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92024A2B-5245-4B2F-80FF-0B35F115D339} (APEXImageViewer.APEXImgViewer) - https://www2.hdb.gov...ImageViewer.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE05CC2-EEA0-4C45-A413-A5BA5E861B89}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  • 0

#6
Flrman1
Posted 28 October 2006 - 11:27 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
How is the pc behaving now?

Let's run another scan:

* Run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0

#7
DeVile
Posted 28 October 2006 - 08:55 PM

DeVile

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
My PC is working as normal already. Is it safe to say the trojan has been removed??

*KASPERSKY ONLINE SCANNER REPORT*
Sunday, October 29, 2006 10:49:31 AM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2
(Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/10/2006
Kaspersky Anti-Virus database records: 235981

*Scan Settings*
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
*Scan Target* My Computer
A:\
C:\
D:\
E:\
*Scan Statistics*
Total number of scanned objects 55353
Number of viruses found 0
Number of infected objects 0 / 0
Number of suspicious objects 0
Duration of the scan process 01:35:14


*Infected Object Name* *Virus Name* *Last Action*
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application
Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Windows
Defender\Support\MPLog-10252006-082046.log Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is
locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is
locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked
skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is
locked skipped
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\cert8.db Object is
locked skipped
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\flashgot.log Object is
locked skipped
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\history.dat Object is
locked skipped
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\key3.db Object is
locked skipped
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\parent.lock Object is
locked skipped
C:\Documents and Settings\Owner\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\urlclassifier2.sqlite
Object is locked skipped
C:\Documents and Settings\Owner\Cookies\index.dat Object is locked
skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Messenger\[email protected]\SharingMetadata\Logs\Dfsr.log
Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Messenger\[email protected]\SharingMetadata\pending.dat
Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_669C_3CE0_9C3C_AD05\dfsr.db
Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_669C_3CE0_9C3C_AD05\fsr.log
Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_669C_3CE0_9C3C_AD05\fsrtmp.log
Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Messenger\[email protected]\SharingMetadata\Working\database_669C_3CE0_9C3C_AD05\tmp.edb
Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows
Defender\FileTracker\{4ACCE1DE-760F-45AC-A221-A8E9AB3CAF39} Object is
locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows Live Contacts\[email protected]\real\members.stg
Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Microsoft\Windows Live
Contacts\[email protected]\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\Cache\_CACHE_001_ Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\Cache\_CACHE_002_ Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\Cache\_CACHE_003_ Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Application
Data\Mozilla\Firefox\Profiles\5u8hs8sy.default\Cache\_CACHE_MAP_ Object
is locked skipped
C:\Documents and Settings\Owner\Local
Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\Local
Settings\History\History.IE5\MSHist012006102920061030\index.dat Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DF249.tmp Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD2F9.tmp Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFD4FE.tmp Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFEE8B.tmp Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temp\~DFEEA5.tmp Object
is locked skipped
C:\Documents and Settings\Owner\Local Settings\Temporary Internet
Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\integ\avast.int Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is
locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\report\Resident
protection.txt Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is
locked skipped
C:\System Volume
Information\_restore{BDCE0F9A-1A36-4879-A09C-ACA9D9E544FF}\RP1376\change.log
Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{633F172A-99FC-4EB9-8388-797D59BD5B36}.bin
Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked
skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\Antivirus.Evt Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\DEFAULT.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\SOFTWARE.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\SYSTEM.LOG Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked
skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked
skipped
C:\WINDOWS\Temp\Perflib_Perfdata_6a8.dat Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
*Scan process completed.*

Logfile of HijackThis v1.99.1
Scan saved at 10:53:44 AM, on 10/29/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Kerio\Personal Firewall\persfw.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Network\Wireless 802.11 USB Adapter\WlanMonitor.exe
C:\Program Files\MessengerDiscovery\MessengerDiscovery Live.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner\My Documents\Malware Removal Tools\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = www.yahoo.com.sg
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ntu.edu.sg
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: IeCatch5 Class - {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - C:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\fgiebar.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Startup: WLAN Monitor Utility.lnk = ?
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download All by FlashGet - C:\PROGRA~1\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\PROGRA~1\ICQ\ICQ.exe
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {62789780-B744-11D0-986B-00609731A21D} (Autodesk MapGuide ActiveX Control) - http://www.can.com.sg/mwf/mgaxctrl.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1141222762406
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {92024A2B-5245-4B2F-80FF-0B35F115D339} (APEXImageViewer.APEXImgViewer) - https://www2.hdb.gov...ImageViewer.CAB
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.c...utocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8BE05CC2-EEA0-4C45-A413-A5BA5E861B89}: NameServer = 165.21.83.88,165.21.100.88
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter: text/x-mrml - {C51721BE-858B-4A66-A8BF-D2882FF49820} - C:\Program Files\YAMAHA\MidRadio Player\midradio.ocx
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Kerio Personal Firewall (PersFw) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall\persfw.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
  • 0

#8
Flrman1
Posted 29 October 2006 - 11:33 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I guess you're good to go,

* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#9
Flrman1
Posted 29 October 2006 - 11:35 AM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
I guess you're good to go,

* Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


* Go to Windows update and install all "High Priority Updates".


* Now turn off System Restore:

On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

Restart your computer, turn System Restore back on and create a restore point.

To create a restore point:

Single-click Start and point to All Programs.
Mouse over Accessories, then System Tools, and select System Restore.
In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the Next button.
Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click Create and you're done.
  • 0

#10
Flrman1
Posted 11 November 2006 - 08:52 PM

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP