Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus/spyware/worms


  • This topic is locked This topic is locked

#1
CatZilla

CatZilla

    Member

  • Member
  • PipPip
  • 37 posts
First off, this is my friend's computer, he gave it to me because he's technologically challenged.
He had some weird infection, with a system service "*windows update" (which I removed), and some random files in system32 (dll and exe). Also, Windows constantly keeps trying to read from the cdrom (mouse pointer changes every 3 seconds).

I did all the steps in the "You Must Read This Before Posting A Hijackthis Log" and installed Avast. Panda online scan said though, that there is still some stuff left to clean =\

Below you will find:
1) HiJackThis log
2) Uninstall list from HiJackThis
3) AVG Anti-Spyware - Scan Report
4) Panda Online scan report
Thanks in advance :whistling:

Oh, and I forgot to mention the system...
5.1.2600 (WinXP Retail), Windows XP SP2 Professional Corporate Edition


Logfile of HijackThis v1.99.1
Scan saved at 17:46:20, on 20.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online DSL.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать все при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Закачать при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1163976819999
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163976971577
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://apps.losangel...ll/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: wmasvsin.dll confbrw.dll brwstat.dll libdcabi.dll diagdss.dll statdss.dll confaud.dll audstat.dll winmfaul.dll diagijt.dll statijt.dll diagdei.dll statdei.dll e1.dll
O20 - Winlogon Notify: audmgr - audmgr32.dll (file missing)
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: deiconf - C:\WINDOWS\SYSTEM32\cfgdei.dll
O20 - Winlogon Notify: dssconf - cfgdss.dll (file missing)
O20 - Winlogon Notify: ijtconf - C:\WINDOWS\SYSTEM32\cfgijt.dll
O20 - Winlogon Notify: uxthwmer - C:\WINDOWS\System32\uxthwmer.dll (file missing)
O20 - Winlogon Notify: vsutmsgi - C:\WINDOWS\System32\vsutmsgi.dll (file missing)
O20 - Winlogon Notify: wstdmode - C:\WINDOWS\System32\wstdmode.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe



Uninstall list from HiJackThis:
##CAMERADRIVERNAME##
Ad-Aware SE Personal
Adobe Flash Player 9 ActiveX
AOL Instant Messenger
avast! Antivirus
Codec Pack - All In 1 6.0.2.2
FlashGet(JetCar)
Google Earth
HijackThis 1.99.1
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
hp deskjet 3820 series
hp deskjet 3820 series (Remove only)
HP Deskjet 3840
HP Software Update
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.2_06
Logitech QuickCam Software
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Premium
Microsoft Office XP Professional with FrontPage
Mozilla Firefox (2.0)
MSXML 4.0 SP2 (KB927978)
NVIDIA Drivers
Panda ActiveScan
Samsung Mobile USB Modem Software
Security Update for Microsoft .NET Framework 2.0 (KB917283)
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB925486)
Skype 2.5
Sound Blaster PCI
Super Utilities 1.53
Total Commander 6.53 Podarok Edition 5
Update for Windows XP (KB894391)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB908531)
Update for Windows XP (KB910437)
Update for Windows XP (KB911280)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
VIA Audio Driver Setup Program
VIA Rhine-Family Fast-Ethernet Adapter
Winamp (remove only)
Windows Commander (Remove only)
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Media Format Runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 10
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Yahoo! Install Manager
Yahoo! Mail Quick Select Tool (PhotoMail)
Yahoo! Toolbar




---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 15:21:26 20.11.2006

+ Scan result:



HKU\S-1-5-21-796845957-1580436667-854245398-1003\Software\2-Antispyware -> Adware.AntiSpyware : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1580436667-854245398-1003\Software\2-Antispyware\AntiSpyware -> Adware.AntiSpyware : Cleaned with backup (quarantined).
HKU\S-1-5-21-796845957-1580436667-854245398-1003\Software\2-Antispyware\AntiSpyware\Registration -> Adware.AntiSpyware : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_0_445900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_0_446000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_502200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_502200.jpg -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_516700.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_586000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_586000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_588400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_588400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_609800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_609800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_625700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_625700.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_628800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_628800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_635500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_635500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_656500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_656500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_658500.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_659200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_659200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_659300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_659300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_677200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_759800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_0_1_759800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_1_0_448600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_0_814200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_0_815600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_0_815900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_579200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_581800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_588200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_591500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_591500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_593000.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_593000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_596400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_596400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_597400.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_597400.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_601500.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_601500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_608300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_608300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_616100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_616500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_616500.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_617600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_621200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_621200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_636300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_636300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_658300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_658300.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_683100.gif -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_683100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_777200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_777200.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_777800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_1_777800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_504300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_548200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_558300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_578000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_578000.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_602800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_632800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_632800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_673800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_673800.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_673900.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_2_673900.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_3_629200.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_4_585100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_4_585100.swf -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_4_612300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_4_618600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_434_2_4_638500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_517800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_524800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_527100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_528500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_530800.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_551700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_555300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_584000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_589000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_591300.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_595500.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_604700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_620000.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_637600.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_642100.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\WINDOWS\system32\AdCache\B_656700.htm -> Adware.Cydoor : Cleaned with backup (quarantined).
C:\Documents and Settings\dmitriy\Start Menu\Programs\Power Scan -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\Documents and Settings\dmitriy\Start Menu\Programs\Power Scan\Power Scan.lnk -> Adware.PowerScan : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B329C4D8-8686-4AE5-BC20-17DE21A2FF95}\RP69\A0001678.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B329C4D8-8686-4AE5-BC20-17DE21A2FF95}\RP69\A0001679.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B329C4D8-8686-4AE5-BC20-17DE21A2FF95}\RP69\A0001680.exe -> Adware.WebRebates : Cleaned with backup (quarantined).
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Adware.WebRebates : Cleaned with backup (quarantined).
C:\WINDOWS\system32\SVHOST.exe -> Backdoor.Rbot.wi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\TFTP2584 -> Backdoor.Rbot.wi : Cleaned with backup (quarantined).
C:\WINDOWS\system32\frionx.exe -> Backdoor.Rbot.wi : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{B329C4D8-8686-4AE5-BC20-17DE21A2FF95}\RP71\A0001714.EXE -> Downloader.Agent.am : Cleaned with backup (quarantined).
C:\WINDOWS\system32\pfnvhdljnb.exe -> Hijacker.Small.ngu : Cleaned with backup (quarantined).
C:\Program Files\TotalCmd\Programm\Radmin\radmin.exe -> Not-A-Virus.RemoteAdmin.Win32.RAdmin.22 : Ignored and added to exceptions
C:\WINDOWS\system32\statdss.dll -> Proxy.Agent.lm : Cleaned with backup (quarantined).
:mozilla.45:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.46:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.132:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.111:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Agava : Cleaned.
:mozilla.33:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.74:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Bfast : Cleaned.
:mozilla.127:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.84:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.85:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.86:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.20:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.124:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.108:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.63:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.64:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.65:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.70:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.112:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Texttbnru : Cleaned.
:mozilla.130:C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
C:\Program Files\TotalCmd\Programm\XnView\keygen.exe -> Trojan.Yodup : Cleaned with backup (quarantined).
C:\Documents and Settings\Dima\Local Settings\Temp\temp.fr2103 -> Worm.Warezov : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002685.exe -> Worm.Warezov : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002689.dll -> Worm.Warezov : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002708.DLL -> Worm.Warezov : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brwperf.exe.bak -> Worm.Warezov : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brwprf32.dll.bak -> Worm.Warezov : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brwstat.dll.bak -> Worm.Warezov : Cleaned with backup (quarantined).
C:\WINDOWS\system32\confbrw.dll -> Worm.Warezov : Cleaned with backup (quarantined).
C:\WINDOWS\system32\conscdfv.exe -> Worm.Warezov : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wmasvsin.dll -> Worm.Warezov : Cleaned with backup (quarantined).
C:\Documents and Settings\Dima\Local Settings\Temp\temp.fr6923 -> Worm.Warezov.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002692.dll -> Worm.Warezov.dd : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002680.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002681.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002682.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002695.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002696.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002714.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002715.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uxthwmer.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wstdmode.exe -> Worm.Warezov.df : Cleaned with backup (quarantined).
C:\Documents and Settings\Dima\Local Settings\Temp\temp.fr5536 -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002683.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002684.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002686.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002688.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002690.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\audconf.exe -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\audmgr32.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\cfgdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\dmocwebc.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\WINDOWS\system32\winmfaul.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[1068] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[1132] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[1332] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[1560] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[568] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[620] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[632] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[808] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
[900] C:\WINDOWS\system32\diagdss.dll -> Worm.Warezov.dq : Cleaned with backup (quarantined).
C:\Documents and Settings\Dima\Local Settings\Temp\7.tmp -> Worm.Warezov.et : Cleaned with backup (quarantined).
C:\Documents and Settings\Dima\Local Settings\Temp\temp.fr5406 -> Worm.Warezov.et : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{C1FAAEE0-29AF-4826-8743-E001450D5C6B}\RP11\A0002691.dll -> Worm.Warezov.et : Cleaned with backup (quarantined).
C:\WINDOWS\system32\uxthwmer.dll -> Worm.Warezov.et : Cleaned with backup (quarantined).
C:\WINDOWS\system32\wstdmode.dll -> Worm.Warezov.ev : Cleaned with backup (quarantined).
C:\WINDOWS\system32\jobeqcap.dll -> Worm.Warezov.ew : Cleaned with backup (quarantined).
C:\WINDOWS\system32\resuadpt.exe -> Worm.Warezov.ew : Cleaned with backup (quarantined).
C:\WINDOWS\system32\audstat.dll -> Worm.Warezov.ex : Cleaned with backup (quarantined).
C:\WINDOWS\system32\confaud.dll -> Worm.Warezov.ex : Cleaned with backup (quarantined).
C:\WINDOWS\system32\brwmgr32.dll.bak -> Worm.Warezov.fs : Cleaned with backup (quarantined).


::Report end






Incident Status Location

Possible Virus. Not disinfected C:\Program Files\TotalCmd\Plugins\wfx\cdrip\Ripper.wfx
Virus:W32/Spamta.KG.worm!CME-416 Disinfected C:\Documents and Settings\Dima\Local Settings\Temp\1B.tmp
Spyware:Cookie/TopRebates.com Not disinfected C:\Documents and Settings\Dima\Local Settings\Temp\Cookies\[email protected][2].txt
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.com.com/]
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.atdmt.com/]
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.2o7.net/]
Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.hitbox.com/]
Spyware:Cookie/Bfast Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.bfast.com/]
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.casalemedia.com/]
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.doubleclick.net/]
Spyware:Cookie/BurstNet Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.burstnet.com/]
Spyware:Cookie/Yadro Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.yadro.ru/]
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Dima\Application Data\Mozilla\Firefox\Profiles\euk0mi65.default\cookies.txt[.advertising.com/]
Virus:W32/Spamta.LB.worm Disinfected C:\WINDOWS\system32\audprf32.dll

Edited by CatZilla, 20 November 2006 - 05:09 PM.

  • 0

Advertisements


#2
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
You may want to print this or save it to notepad as we will go to safe mode.

Fix these with HiJackThis – mark them, close IE, click fix checked

O20 - AppInit_DLLs: wmasvsin.dll confbrw.dll brwstat.dll libdcabi.dll diagdss.dll statdss.dll confaud.dll audstat.dll winmfaul.dll diagijt.dll statijt.dll diagdei.dll statdei.dll e1.dll
O20 - Winlogon Notify: audmgr - audmgr32.dll (file missing)
O20 - Winlogon Notify: brwmgr - brwmgr32.dll (file missing)
O20 - Winlogon Notify: deiconf - C:\WINDOWS\SYSTEM32\cfgdei.dll
O20 - Winlogon Notify: dssconf - cfgdss.dll (file missing)
O20 - Winlogon Notify: ijtconf - C:\WINDOWS\SYSTEM32\cfgijt.dll
O20 - Winlogon Notify: uxthwmer - C:\WINDOWS\System32\uxthwmer.dll (file missing)
O20 - Winlogon Notify: vsutmsgi - C:\WINDOWS\System32\vsutmsgi.dll (file missing)
O20 - Winlogon Notify: wstdmode - C:\WINDOWS\System32\wstdmode.dll (file missing)

DownLoad http://www.downloads...org/KillBox.zip or
http://www.thespykil...les/killbox.exe

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\WINDOWS\SYSTEM32\cfgdei.dll
C:\WINDOWS\SYSTEM32\cfgijt.dll

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% - OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
  • 0

#3
CatZilla

CatZilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks for the blazing fast reply, I'll do all that right now and report back =)
  • 0

#4
CatZilla

CatZilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
The HiJackThis fix worked, but KillBox didn't do anything:

# 1 [Files to Delete]
Path = C:\WINDOWS\SYSTEM32\cfgdei.dll
*This File could not be Deleted

# 2 [Files to Delete]
Path = C:\WINDOWS\SYSTEM32\cfgijt.dll
*This File could not be Deleted



New HiJackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 18:23:05, on 20.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online DSL.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать все при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Закачать при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1163976819999
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163976971577
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://apps.losangel...ll/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O20 - Winlogon Notify: deiconf - C:\WINDOWS\SYSTEM32\cfgdei.dll
O20 - Winlogon Notify: ijtconf - C:\WINDOWS\SYSTEM32\cfgijt.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
  • 0

#5
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Run killbox again on those files but use the delete on reboot option
  • 0

#6
CatZilla

CatZilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Those files are now gone. Cool =)

I must say I dislike this part though:
C:\WINDOWS\system32\deiconf.exe
C:\WINDOWS\system32\ijtconf.exe

New log:

Logfile of HijackThis v1.99.1
Scan saved at 18:36:34, on 20.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\deiconf.exe
C:\WINDOWS\system32\ijtconf.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\HiJackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [deidiag] C:\WINDOWS\system32\deiconf.exe
O4 - HKLM\..\Run: [ijtdiag] C:\WINDOWS\system32\ijtconf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online DSL.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать все при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Закачать при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1163976819999
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163976971577
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://apps.losangel...ll/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O20 - AppInit_DLLs: diagdei.dll diagijt.dll statijt.dll statdei.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by CatZilla, 20 November 2006 - 05:39 PM.

  • 0

#7
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
A moving target

Fix

O4 - HKLM\..\Run: [deidiag] C:\WINDOWS\system32\deiconf.exe

O4 - HKLM\..\Run: [ijtdiag] C:\WINDOWS\system32\ijtconf.exe

O20 - AppInit_DLLs: diagdei.dll diagijt.dll statijt.dll statdei.dll

use killbox to delete

C:\WINDOWS\system32\deiconf.exe

C:\WINDOWS\system32\ijtconf.exe

C:\WINDOWS\system32\diagdei.dll

C:\WINDOWS\system32\diagijt.dll

C:\WINDOWS\system32\statijt.dll

C:\WINDOWS\system32\statdei.dll
  • 0

#8
CatZilla

CatZilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
I think it's gone. Is it?..

Logfile of HijackThis v1.99.1
Scan saved at 18:55:15, on 20.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [deidiag] C:\WINDOWS\system32\deiconf.exe
O4 - HKLM\..\Run: [ijtdiag] C:\WINDOWS\system32\ijtconf.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online DSL.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать все при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Закачать при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1163976819999
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163976971577
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://apps.losangel...ll/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by CatZilla, 20 November 2006 - 06:12 PM.

  • 0

#9
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
No, these are still there

fix them w/hijack
O4 - HKLM\..\Run: [deidiag] C:\WINDOWS\system32\deiconf.exe
O4 - HKLM\..\Run: [ijtdiag] C:\WINDOWS\system32\ijtconf.exe
  • 0

#10
CatZilla

CatZilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Oh [bleep] I didn't notice those. I already hooked up my normal computer =\
I'll post an update in 10 mins.
  • 0

#11
CatZilla

CatZilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
It's nice how the forum replaces dаmn with [bleep]...
Anyway, here's the [hopefully clean] log:

Logfile of HijackThis v1.99.1
Scan saved at 19:55:08, on 20.11.2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\System32\LVCOMSX.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\TotalCmd\TOTALCMD.EXE
C:\Install\_Malware removal\HiJackThis\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapp...rch/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - C:\PROGRA~1\FLASHGET\jccatch.dll
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\fgiebar.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn2\ycomp5_6_0_0.dll
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\System32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: Verizon Online DSL.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Закачать все при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_all.htm
O8 - Extra context menu item: Закачать при помощи FlashGet - C:\PROGRA~1\FLASHGET\jc_link.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\npjpi150_09.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FLASHGET\flashget.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {08BEF711-06DA-48B2-9534-802ECAA2E4F9} (PlxInstall Class) - http://down.plaxo.co...laxoInstall.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1163976819999
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1163976971577
O16 - DPF: {72C23FEC-3AF9-48FC-9597-241A8EBDFE0A} (InstallShield International Setup Player) - http://apps.losangel...ll/isetupml.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - http://download.game...aploader_v6.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

Edited by CatZilla, 20 November 2006 - 06:57 PM.

  • 0

#12
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Clean Posted Image

Turn off restore points, boot, turn them back on – here’s how

http://service1.syma...src=sec_doc_nam
  • 0

#13
CatZilla

CatZilla

    Member

  • Topic Starter
  • Member
  • PipPip
  • 37 posts
Thanks a lot =)
I've learned some new stuff about cyber security today :blink:
Great job, really :whistling:
  • 0

#14
MFDnSC

MFDnSC

    Banned

  • Banned
  • PipPipPipPip
  • 1,137 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :whistling:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP