Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus/Spyware Infection


  • Please log in to reply

#1
Imu

Imu

    Member

  • Member
  • PipPip
  • 34 posts
Hey.

Well..It all started this afternoon. I got a an icon on my taskbar saying that my computer was infected with spyware and i needed to click that thing to get protection. I decided to run Adaware Se personal anti spyware. It deleted 74 objects and the red icon went away. Later, when i opened my outlook express, i started receiveing thousands and thousands of unknown emails. it says 5000 + messages are pending. Another scary thing is that when i try to open AVG antivirus, it closes by itself and the same applies with hijackthis. I was able to copy the hijackthis log with great difficulty as whenever i open it, it closes by itself. Please help. I would be glad if the reply notification comes on [email protected] rather than the email which i used when registering with geeks2go since that email is flooded with unknown emails as mentioned above.

Logfile of HijackThis v1.99.1
Scan saved at 11:23:38 PM, on 12/2/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\svchost.exe
C:\syst.exe
C:\WINDOWS\System32\vxga4m1et4.exe
C:\WINDOWS\System32\qvx5gamet2.exe
c:\exe.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\w.exe.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mr\My Documents\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [Microsoft standard protector] C:\WINDOWS\inet20091\socks.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [System64] C:\WINDOWS\System32\inet.exe
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Key] C:\DOCUME~1\user\LOCALS~1\Temp\9D.tmp
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay12...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BB2A78-63DD-4505-8D9C-4061FB186219}: NameServer = 196.45.144.2 80.255.63.26
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

Edited by Imu, 02 December 2006 - 03:06 PM.

  • 0

Advertisements


#2
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Right Click the Desktop and Select New--> Folder--> Name it SysClean
  • Download the Sysclean Package to the folder you made.
  • Next,download the Virus Pattern Files (Official Pattern Release) to your desktop from Here
  • Right Click and Select Extract All to unzip the folder.
  • Now,from the unzipped folder,move lpt$vpn.XXX file to the SysClean folder.
  • Restart in your computer into safe mode now.
  • Click here for info on how to boot to safe mode if you don't already know how.
  • When you are in safe mode, open the SysClean Folder and doubleclick sysclean.com
  • Be sure Automatically clean or delete detected files is checked.
  • Click the Scan button to begin, please be patient,it will take a little bit to finish.
  • When the scan is complete, verify the log from the scan (SYSCLEAN.LOG) is in the SysClean folder and restart back to Normal Mode.
  • Copy and Paste those results in the next reply.
Note: If you need further help running Sysclean, see the tutorial here.
  • 0

#3
Imu

Imu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Heya..thanks..



/--------------------------------------------------------------\
| Trend Micro System Cleaner |
| Copyright 2006, Trend Micro, Inc. |
| http://www.antivirus.com |
\--------------------------------------------------------------/


2006-12-03, 01:48:14, Auto-clean mode specified.
2006-12-03, 01:48:14, Running scanner "C:\Documents and Settings\user\Desktop\SYSCLEAN\TSC.BIN"...
2006-12-03, 01:50:12, Scanner "C:\Documents and Settings\user\Desktop\SYSCLEAN\TSC.BIN" has finished running.
2006-12-03, 01:50:12, TSC Log:

2006-12-03, 01:53:29, An error was detected on "C:\System Volume Information\*.*": Access is denied.
2006-12-03, 02:29:38, Files Detected:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2006 01:54:37
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 971 (144387 Patterns) (2006/11/30) (397100)
Command Line: C:\Documents and Settings\user\Desktop\SYSCLEAN\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\user\Desktop\SYSCLEAN

C:\exe.exe [TROJ_DLOADER.FSV]
C:\WINDOWS\comdlj32.dll [TROJ_AGENT.BPM]
C:\WINDOWS\system32\dlh9jkd1q2.exe [TROJ_FAKEALRT.AG]
C:\WINDOWS\system32\dlh9jkd1q5.exe [TROJ_SMALL.DIH]
C:\WINDOWS\system32\inet.exe [TROJ_DLOADER.FFG]
C:\WINDOWS\system32\qvx5gamet2.exe [TROJ_DLOADER.FFG]
C:\WINDOWS\system32\qvxga6met3.exe [TROJ_SMALL.CPB]
C:\WINDOWS\system32\qvxga7met4.exe [TROJ_SMALL.CPB]
C:\WINDOWS\system32\S4dBbc5.exe [TROJ_SMALL.DUL]
C:\WINDOWS\system32\spoolsvv.exe [TROJ_AGENT.BPM]
C:\WINDOWS\system32\vxg4am1et2.exe [TROJ_SMALL.DWP]
C:\WINDOWS\system32\vxga1me4t1.exe [TROJ_SMALL.FAY]
C:\WINDOWS\system32\vxga3me2.exe [TROJ_SMALL.CPB]
C:\WINDOWS\system32\vxga4m1et4.exe [TROJ_AGENT.BPM]
C:\WINDOWS\system32\vxga5me3.exe [TROJ_SMALL.CPB]
C:\WINDOWS\xpupdate.exe [TROJ_FAKEALRT.AG]
44885 files have been read.
44885 files have been checked.
39812 files have been scanned.
121230 files have been scanned. (including files in archived)
16 files containing viruses.
Found 16 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 02:29:37
---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 02:29:38, Files Clean:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2006 01:54:37
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 971 (144387 Patterns) (2006/11/30) (397100)
Command Line: C:\Documents and Settings\user\Desktop\SYSCLEAN\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\user\Desktop\SYSCLEAN

Success Clean [TROJ_DLOADER.FSV]( 1) from C:\exe.exe
Success Clean [ TROJ_AGENT.BPM]( 1) from C:\WINDOWS\comdlj32.dll
Success Clean [TROJ_FAKEALRT.AG]( 1) from C:\WINDOWS\system32\dlh9jkd1q2.exe
Success Clean [TROJ_DLOADER.FFG]( 1) from C:\WINDOWS\system32\inet.exe
Success Clean [TROJ_DLOADER.FFG]( 1) from C:\WINDOWS\system32\qvx5gamet2.exe
Success Clean [ TROJ_SMALL.DUL]( 1) from C:\WINDOWS\system32\S4dBbc5.exe
Success Clean [ TROJ_AGENT.BPM]( 1) from C:\WINDOWS\system32\spoolsvv.exe
Success Clean [ TROJ_SMALL.DWP]( 1) from C:\WINDOWS\system32\vxg4am1et2.exe
Success Clean [ TROJ_SMALL.FAY]( 1) from C:\WINDOWS\system32\vxga1me4t1.exe
Success Clean [ TROJ_AGENT.BPM]( 1) from C:\WINDOWS\system32\vxga4m1et4.exe
Success Clean [TROJ_FAKEALRT.AG]( 1) from C:\WINDOWS\xpupdate.exe
44885 files have been read.
44885 files have been checked.
39812 files have been scanned.
121230 files have been scanned. (including files in archived)
16 files containing viruses.
Found 16 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 02:29:37 34 minutes 52 seconds (2092.01 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 02:29:38, Clean Fail:
Copyright © 1990 - 2004 Trend Micro Inc.
Report Date : 12/3/2006 01:54:37
VSAPI Engine Version : 8.000-1001
VSCANTM Version : 1.1-1001
Virus Pattern Version : 971 (144387 Patterns) (2006/11/30) (397100)
Command Line: C:\Documents and Settings\user\Desktop\SYSCLEAN\VSCANTM.BIN /NBPM /S /CLEANALL /DCEGENCLEAN /LAPPEND /LD /LC /LCF /NM /NB /C /ACTIVEACTION=5 C:\*.* /P=C:\Documents and Settings\user\Desktop\SYSCLEAN

44885 files have been read.
44885 files have been checked.
39812 files have been scanned.
121230 files have been scanned. (including files in archived)
16 files containing viruses.
Found 16 viruses totally.
Maybe 0 viruses totally.
Stop At : 12/3/2006 02:29:37 34 minutes 52 seconds (2092.01 seconds) has elapsed.

---------*---------*---------*---------*---------*---------*---------*---------*
2006-12-03, 02:29:38, Scanner "C:\Documents and Settings\user\Desktop\SYSCLEAN\VSCANTM.BIN" has finished running.
  • 0

#4
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go here to download AlcanShorty_en.exe and save it to your desktop.
  • Doubleclick the alcanShorty.exe file and follow prompts.
  • It will make a folder on desktop called Alcan Shorty
  • Open the Alcan Shorty folder & double click the run.bat file to run it.
  • This will download a file called BFU.exe and a BFU script.
  • If your firewall asks for permission to connect to the internet, you must allow it.
  • A message box will pop up saying complete.
  • Be patient and wait for the message box to appear as it may take some time.
  • Press OK then BFU.exe will open.
  • Select the option to "Show log after script ends"
  • Execute the script by clicking the Execute button.
  • Note that you should see a progress bar while the script is being executed.
  • When the script has finished press copy & that will make a copy of the report in your clipboard.
  • Paste the log into notepad and save it to your desktop to post back here later.
Note: If you have any questions about the use of BFU please read here.


* Download the trial version of AVG Anti-Spyware 7.5 here.
  • Click on the "Download Now" button and save the setup file to your desktop.
  • Doubleclick on the avgas-setup file to begin the installation.
  • When the installation is complete, open AVG Anti-Spyware and update the definition files.
  • On the main screen click on the "Update now" link and the update should begin immediately.
    • If the update does not begin, select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • When the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
  • If you cannot download the updates, update manuallly according to the directions here.
  • If you do the manual update, look under "Full database" and click the "Download now" button.
  • DO NOT run a scan yet. You will do that later in safe mode.
* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Run AVG Anti-Spyware:
  • Launch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • It will then begin the scanning process, be patient it may take a while for the scan to complete.
  • When the scan is complete, you must select an action.
  • Select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen
  • Save the report as a text file and save it to your desktop.
  • Close AVG Anti-Spyware.
* Restart back into Windows normally now.


* Come back here and post a new HijackThis log, as well as the log from the AVG Anti-Spyware scan and the report from the Alcanshorty fix.

* Also open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.
  • 0

#5
Imu

Imu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Heya.. Thanks..Sorry for the late reply.

Below are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 1:25:01 AM, on 12/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\WINDOWS\System32\nordsys.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\mr\My Documents\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe
O4 - HKLM\..\Run: [System64] C:\WINDOWS\System32\inet.exe
O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay12...es/MsnPUpld.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BB2A78-63DD-4505-8D9C-4061FB186219}: NameServer = 196.45.144.2 80.255.63.26
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\artm_new.dll (file missing)
O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SQLDGM - Unknown owner - C:\WINDOWS\sql-dgm.exe (file missing)


Ad-Aware SE Personal
Adobe Download Manager 2.0 (Remove Only)
Adobe Photoshop 7.0
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS
Adobe Reader 7.0
Ahead InCD
Apple Software Update
Ares 1.8.8
AVG Anti-Spyware 7.5
AVG Free Edition
Bluetooth Software
CCleaner (remove only)
DivX
DivX Player
Emirates
ewido anti-malware
FairStars Audio Converter 1.52
Free Download Manager 2.1
HijackThis 1.99.1
hp deskjet 3600
HP Memories Disc
HP Photo and Imaging 2.0 - Deskjet Series
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7
J2SE Runtime Environment 5.0 Update 9
Living 3D Dolphins Screen Saver
Living Waterfalls 2 Screen Saver
Macromedia Flash Player 8
Microsoft Office 2000 Disc 2
Microsoft Office 2000 Premium
Mozilla Firefox (1.5.0.7)
MP3 Convert Lord 1.0
Nero - Burning Rom
Nokia Connectivity Cable Driver
Nokia PC Suite
Panda ActiveScan
Photo Toolkit 1.1
RealPlayer
Realtek AC'97 Audio
S3 S3Chromo
S3 S3Config3D
S3 S3Display
S3 S3Gamma2
S3 S3Info2
S3 S3Overlay
S3 S3RefreshLock
S3 S3TrayPlus
Sony Ericsson PC Suite
UniChrome Pro IGP Display Driver and Utilities
Uninstall CEDP Stealer 4.0 for MSN Messenger
Update for Windows XP (KB898461)
VIA Integrated Setup Wizard
Windows Installer 3.1 (KB893803)
Windows Live Messenger
Windows Live Sign-in Assistant
Windows XP Hotfix - KB842773
WinRAR archiver
Yahoo! Toolbar


BFU v1.00.9
Windows XP SP1 (WinNT 5.01.2600 SP1)
Script started at 7:27:30 PM, on 12/3/2006

Option Unload Explorer: Yes
Failed: DllUnregister C:\WINDOWS\DH.dll|1 (file not found)
Failed: DllUnregister C:\Program Files\Deskbar\deskbar.dll|1 (file not found)
Failed: DllUnregister \asappsrv.dll|1 (file not found)
Failed: DllUnregister \MyToolBar.dll|1 (file not found)
Failed: DllUnregister \888Bar.dll|1 (file not found)
Failed: ServiceStop Network Monitor (service not found)
Failed: ServiceStop cmdService (service not found)
Failed: ServiceDisable Network Monitor (service not found)
Failed: ServiceDisable cmdService (service not found)
Failed: ServiceDelete Network Monitor (service not found)
Failed: ServiceDelete cmdService (service not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools (key not found)
Failed: RegDelValue HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (key not found)
Failed: RegDelValue HKCU\System\CurrentControlSet\Control\Lsa|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|p2pnetwork (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\OLE|winlog (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Associations|LowRiskFileTypes (key not found)
Failed: RegDelValue HKCU\Microsoft\Windows\CurrentVersion\policies\Explorer\Run|WinUpdate.exe (key not found)
Failed: RegDelValue HKCU\software\microsoft\windows\currentversion\policies\explorer\run|{84c4d3ae-0bb0-1033-0729-050001} (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU1 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CU2 (key not found)
Failed: RegDelValue HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|services32 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetwork (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|ms-update (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2pnetworking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|p2p networking (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|virtual-ie (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|MS DATABASE (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|xp (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|winlog (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|wmplayer (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|tetriz3 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|CQ4d6 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|SystemTools (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|eventwvr (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|truetype (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|0mcamcap (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|mysvcig38 (key not found)
Failed: RegDelValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices|drpXPd (key not found)
Option pause between commands: 300 ms
Option pause between commands: 50 ms
Failed: FolderDelete C:\Program Files\MsConfigs (folder not found)
Failed: FolderDelete C:\Program Files\winupdates (folder not found)
Failed: FolderDelete C:\Program Files\winupdate (folder not found)
Failed: FolderDelete C:\Program Files\winsupdater (folder not found)
Failed: FolderDelete C:\Program Files\MsUpdate (folder not found)
Failed: FolderDelete C:\Program Files\MsMovies (folder not found)
Failed: FolderDelete C:\Program Files\wmplayer (folder not found)
Failed: FolderDelete C:\Program Files\outlook (folder not found)
Failed: FileDelete C:\Program Files\Common Files\Windows\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\Common Files\Download\mc-*-*.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-1033-*-*}\MyToolBar.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\update.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\services.dll (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\activate.exe (operation failed)
Failed: FileDelete C:\Program Files\common files\{*-*-2057-*-*}\MyToolBar.dll (operation failed)
Failed: FolderDelete C:\Program Files\toolbar888 (folder not found)
Failed: FolderDelete C:\Program Files\e-mailpaysu toolbar (folder not found)
Failed: FolderDelete C:\Program Files\EMUSIC TOOLBAR (folder not found)
Failed: FolderDelete C:\Program Files\find dvd toolbar (folder not found)
Failed: FolderDelete C:\Program Files\GULESIDER VERKTøYLINJE (folder not found)
Failed: FolderDelete C:\Program Files\sesam-p4 toolbar (folder not found)
Failed: FolderDelete C:\Program Files\slownik ling (folder not found)
Failed: FolderDelete C:\Program Files\MediaPipe (folder not found)
Failed: FolderDelete C:\Program Files\p2pnetworks (folder not found)
Failed: FolderDelete C:\DOCUME~1\user\LOCALS~1\Temp\Free Download Manager (operation failed)
Failed: FileDelete C:\DOCUME~1\user\LOCALS~1\Temp\~DFD658.tmp (operation failed)
Failed: FolderDelete C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\WD8D8DG9 (operation failed)
Failed: FolderDelete C:\Program Files\Maxifiles (folder not found)
Failed: FolderDelete C:\Program Files\DNS (folder not found)
Failed: FolderDelete C:\Program Files\EQAdvice (folder not found)
Failed: FolderDelete C:\Program Files\FCAdvice (folder not found)
Failed: FolderDelete C:\Program Files\PSCastor (folder not found)
Failed: FolderDelete C:\Program Files\CMIntex (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd1 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\FreeProd2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\svchostsys (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\simtest (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderDelete C:\Program Files\InetGet2 (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\VCClient (folder not found)
Failed: FolderDelete C:\Program Files\Network Monitor (folder not found)
Failed: FolderDelete C:\WINDOWS\inet20001 (folder not found)
Failed: FolderDelete C:\Program Files\Update06 (folder not found)
Failed: FolderDelete C:\Program Files\Update03 (folder not found)
Failed: FolderDelete C:\Program Files\Update04 (folder not found)
Failed: FolderDelete C:\Program Files\Update08 (folder not found)
Failed: FolderDelete C:\Program Files\W-Update (folder not found)
Failed: FolderDelete C:\Program Files\Yazzle Sudoku (folder not found)
Failed: FolderDelete C:\Program Files\Cas (folder not found)
Failed: FolderDelete C:\Program Files\CasStub (folder not found)
Failed: FolderDelete C:\Program Files\Cas2Stub (folder not found)
Failed: FolderDelete C:\Program Files\ipwins (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\Snowball Wars (folder not found)
Failed: FolderDelete C:\Program Files\folder.js (folder not found)
Failed: FolderDelete C:\Program Files\ini.ini (folder not found)
Failed: FolderDelete C:\temp (folder not found)
Failed: FolderDelete C:\WINDOWS\mdrive (folder not found)
Failed: FolderDelete C:\WINDOWS\System32\crunner (folder not found)
Failed: FolderDelete C:\Program Files\PECarlin (folder not found)
Failed: FolderDelete C:\Program Files\AXVenore (folder not found)
Failed: FolderDelete C:\Program Files\SDVita (folder not found)
Failed: FolderDelete C:\Program Files\EQBranch (folder not found)
Failed: FolderDelete C:\Program Files\EQArticle (folder not found)
Failed: FolderDelete C:\Program Files\PSHope (folder not found)
Failed: FolderDelete C:\Program Files\Batty (folder not found)
Failed: FolderDelete C:\Program Files\Batty2 (folder not found)
Failed: FolderDelete C:\Program Files\AXFibula (folder not found)
Failed: FolderDelete C:\Program Files\CMFibula (folder not found)
Failed: FolderDelete C:\Program Files\PSLister (folder not found)
Failed: FolderDelete C:\Program Files\PSCloner (folder not found)
Failed: FolderDelete C:\Program Files\PSDream (folder not found)
Failed: FolderDelete C:\Program Files\cmapp (folder not found)
Failed: FolderDelete C:\Program Files\cmman (folder not found)
Failed: FolderDelete C:\Program Files\cmsystem (folder not found)
Failed: FolderDelete C:\Program Files\fcengine (folder not found)
Failed: FolderDelete C:\Program Files\wincmapp (folder not found)
Failed: FolderDelete C:\Program Files\Deskbar\Cache (folder not found)
Failed: FolderDelete C:\Program Files\popupwithcast (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\cloader (folder not found)
Failed: FolderDelete C:\Program Files\Common Files\misc001 (folder not found)
Failed: FolderCreate C:\bintheredunthat (folder already exists)
Failed: FileMove C:\WINDOWS\win*-*.exe|C:\bintheredunthat (source file not found)
Script completed.



---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 1:15:47 AM 12/5/2006

+ Scan result:



C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP254\A0114743.exe -> Backdoor.SdBot : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117372.exe -> Downloader.Small : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117379.exe -> Downloader.Small.cib : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116350.exe -> Downloader.Small.dam : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116352.exe -> Downloader.Small.dam : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117373.exe -> Downloader.Small.dgk : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP267\A0115360.exe -> Logger.Bancos : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116346.dll -> Proxy.Agent.ji : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> TrackingCookie.Adrevolver : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Advertising : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> TrackingCookie.Atdmt : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> TrackingCookie.Fastclick : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Mediaplex : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Overture : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Revenue : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][2].txt -> TrackingCookie.Statcounter : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Tribalfusion : Cleaned.
C:\Documents and Settings\user\Cookies\[email protected][1].txt -> TrackingCookie.Yieldmanager : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117352.dll -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP270\A0120369.dll -> Trojan.Agent.oh : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117374.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117375.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117377.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0117378.exe -> Trojan.Small : Cleaned.
C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116353.exe -> Worm.Banwarum.f : Cleaned.


::Report end
  • 0

#6
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Go to Add/REmove programs and uninstall these old versions of Java:

J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 7



* Click here to download ATF Cleaner by Atribune and save it to your desktop.


* Click Here and download Killbox and save it to your desktop.


* Click here for info on how to boot to safe mode if you don't already know how.


* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to.


* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKLM\..\Run: [spoolsvv] C:\WINDOWS\System32\spoolsvv.exe

O4 - HKLM\..\Run: [System64] C:\WINDOWS\System32\inet.exe

O4 - HKLM\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe

O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe

O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe

O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe

O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\artm_new.dll (file missing)

O20 - Winlogon Notify: winsys2freg - C:\Documents and Settings\All Users.WINDOWS\Documents\Settings\winsys2f.dll (file missing)



* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Double-click on Killbox.exe to run it.
  • Put a tick by Standard File Kill.
  • In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time:

    C:\WINDOWS\System32\spoolsvv.exe

    C:\WINDOWS\System32\inet.exe

    C:\WINDOWS\System32\nordsys.exe

    C:\WINDOWS\System32\taskdir.exe

    C:\WINDOWS\System32\dlh9jkd1q2.exe


  • Click on the button that has the red circle with the X in the middle after you enter each file.
  • It will ask for confimation to delete the file.
  • Click Yes.
  • Continue with that procedure until you have pasted all of these in the "Paste Full Path of File to Delete" box.
  • Killbox may tell you that one or more files do not exist.
  • If that happens, just continue on with all the files. Be sure you don't miss any.
  • Exit the Killbox.
* Run ATF Cleaner:
  • Double-click ATF-Cleaner.exe to run the program.
  • Under Main choose: Select All
  • Click the Empty Selected button.
  • If you use Firefox:
  • Click Firefox at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
  • If you use Opera:
  • Click Opera at the top and choose: Select All
  • Click the Empty Selected button.
  • NOTE: If you would like to keep your saved passwords, please click No at the prompt.
[*]Click Exit on the Main menu to close the program.
[/list]
* Restart back into Windows normally now.


* Go here and do the BitDefender online virus scan.
  • Click "I Agree" to agree to the EULA.
  • Allow the ActiveX control to install when prompted.
  • Click "Click here to scan" to begin the scan.
  • Please refrain from using the computer until the scan is finished.
  • When the scan is finished, click on "Click here to export the scan results"
  • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..

  • 0

#7
Imu

Imu

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Heya..Thanks..My PC has become relatively faster han before. Infected much much faster than baefore. Thanks! Below are the logs.

Logfile of HijackThis v1.99.1
Scan saved at 12:22:52 AM, on 12/8/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\VTTimer.exe
C:\WINDOWS\System32\VTtrayp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\COMMON~1\PCSuite\Services\SERVIC~1.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\PROGRA~1\COMMON~1\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Bluetooth Software\bin\btwdins.exe
C:\PROGRA~1\BLUETO~1\BTSTAC~1.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Outlook Express\msimn.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Documents and Settings\mr\My Documents\Hijackthis\HijackThis.exe

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: FDMIECookiesBHO Class - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdmcks.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\ycomp5_5_7_0.dll (file missing)
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DeviceDiscovery] C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb08.exe
O4 - HKLM\..\Run: [DataLayer] C:\Program Files\Common Files\PCSuite\DataLayer\DataLayer.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe -onlytray
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe
O4 - HKLM\..\Run: [InCD] C:\Program Files\Ahead\InCD\InCD.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Free Download Manager] C:\Program Files\Free Download Manager\fdm.exe -autorun
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe
O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: VIA RAID TOOL.lnk = C:\Program Files\VIA\RAID\raid_tool.exe
O8 - Extra context menu item: Download all with Free Download Manager - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: Download selected with Free Download Manager - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Download with Free Download Manager - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Bluetooth Software\btsendto_ie.htm
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.syma...bin/AvSniff.cab
O16 - DPF: {31B7EB4E-8B4B-11D1-A789-00A0CC6651A8} (Cult3D ActiveX Player) - http://www.cult3d.co...wnload/cult.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by121fd.bay12...es/MsnPUpld.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.syma...n/bin/cabsa.cab
O16 - DPF: {85D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin class) - http://secure2.comne...login-devel.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/...s/msnchat45.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{89BB2A78-63DD-4505-8D9C-4061FB186219}: NameServer = 196.45.144.2 80.255.63.26
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - WIDCOMM, Inc. - C:\Program Files\Bluetooth Software\bin\btwdins.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InCD File System Service (InCDsrv) - Unknown owner - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: SQLDGM - Unknown owner - C:\WINDOWS\sql-dgm.exe (file missing)











Statistics

Time


01:25:59

Files


528596

Folders


4431

Boot Sectors


4

Archives


97165

Packed Files


52241







Results

Identified Viruses


17

Infected Files


26

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


26







Engines Info

Virus Definitions


329294

Engine build


AVCORE v1.0 (build 2368) (i386) (Nov 16 2006 11:31:19)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\!Submit\nordsys.exe


Infected with: Worm.Glowa.AE

C:\!Submit\nordsys.exe


Disinfection failed

C:\!Submit\nordsys.exe


Deleted

C:\$VAULT$.AVG\02173484.FIL


Infected with: [email protected]

C:\$VAULT$.AVG\02173484.FIL


Disinfection failed

C:\$VAULT$.AVG\02173484.FIL


Deleted

C:\$VAULT$.AVG\11516890.FIL


Infected with: Worm.Glowa.AF

C:\$VAULT$.AVG\11516890.FIL


Disinfection failed

C:\$VAULT$.AVG\11516890.FIL


Deleted

C:\$VAULT$.AVG\37799750.FIL


Infected with: Trojan.Downloader.APC

C:\$VAULT$.AVG\37799750.FIL


Disinfection failed

C:\$VAULT$.AVG\37799750.FIL


Deleted

C:\AVG7QT.DAT


Infected with: Trojan.Qhosts.B

C:\AVG7QT.DAT


Disinfection failed

C:\AVG7QT.DAT


Deleted

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)=>lzma_solid_nsis0004


Infected with: Dropped:Application.Adware.NewDotNet.A

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)=>lzma_solid_nsis0004


Disinfection failed

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)=>lzma_solid_nsis0004


Deleted

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)


Update failed

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)=>lzma_solid_nsis0012


Infected with: Trojan.Pws.Bjcg.D

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)=>lzma_solid_nsis0012


Disinfection failed

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)=>lzma_solid_nsis0012


Deleted

C:\Downloads\CEDP-Stealer-Setup.exe=>(NSIS o)


Update failed

C:\Downloads\dolphinfree.exe=>wise0042


Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Downloads\dolphinfree.exe=>wise0042


Deleted

C:\Downloads\dolphinfree.exe


Update failed

C:\Downloads\waterfalls2free.exe=>wise0042


Detected with: Application.Adware.NewDotNet.B.Dropper

C:\Downloads\waterfalls2free.exe=>wise0042


Deleted

C:\Downloads\waterfalls2free.exe


Update failed

C:\Program Files\ewido anti-malware\Quarantine\fil9156CC29.dat=>(gzip)


Infected with: Trojan.Downloader.APC

C:\Program Files\ewido anti-malware\Quarantine\fil9156CC29.dat=>(gzip)


Disinfection failed

C:\Program Files\ewido anti-malware\Quarantine\fil9156CC29.dat=>(gzip)


Deleted

C:\Program Files\ewido anti-malware\Quarantine\fil9156CC29.dat


Update failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116347.exe


Infected with: Trojan.Fakealert.FC

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116347.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116347.exe


Deleted

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116348.exe


Infected with: Trojan.Downloader.CS

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116348.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116348.exe


Deleted

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116349.exe


Infected with: Trojan.Downloader.CS

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116349.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116349.exe


Deleted

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116351.exe


Infected with: Trojan.Proxy.Tibs.A

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116351.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116351.exe


Deleted

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116354.exe


Infected with: Trojan.Proxy.Tibs.A

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116354.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116354.exe


Deleted

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116355.exe


Infected with: Trojan.Fakealert.FC

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116355.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP268\A0116355.exe


Deleted

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP273\A0129371.exe


Infected with: Worm.Glowa.AE

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP273\A0129371.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP273\A0129371.exe


Deleted

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP273\A0130379.exe


Infected with: Worm.Glowa.AE

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP273\A0130379.exe


Disinfection failed

C:\System Volume Information\_restore{CC29BC39-A045-4B81-80DF-70438A778A2A}\RP273\A0130379.exe


Deleted

C:\WINDOWS\system32\2pac.txt


Infected with: Generic.Botget.75E46DB8

C:\WINDOWS\system32\2pac.txt


Deleted

C:\WINDOWS\system32\dlh9jkd1q6.exe


Infected with: Trojan.Downloader.Tiny.ET

C:\WINDOWS\system32\dlh9jkd1q6.exe


Disinfection failed

C:\WINDOWS\system32\dlh9jkd1q6.exe


Deleted

C:\WINDOWS\system32\google.png.exe


Infected with: Worm.Glowa.AC

C:\WINDOWS\system32\google.png.exe


Disinfection failed

C:\WINDOWS\system32\google.png.exe


Deleted

C:\WINDOWS\system32\i


Infected with: Generic.Botget.543AE9D3

C:\WINDOWS\system32\i


Deleted

C:\WINDOWS\system32\se.exe.exe


Infected with: Worm.Glowa.AA

C:\WINDOWS\system32\se.exe.exe


Disinfection failed

C:\WINDOWS\system32\se.exe.exe


Deleted

C:\WINDOWS\system32\vxga4me1.exe


Infected with: Trojan.Dropper.Inject.A

C:\WINDOWS\system32\vxga4me1.exe


Disinfection failed

C:\WINDOWS\system32\vxga4me1.exe


Deleted

C:\WINDOWS\system32\w.exe


Infected with: Worm.Glowa.AE

C:\WINDOWS\system32\w.exe


Disinfection failed

C:\WINDOWS\system32\w.exe


Deleted

C:\WINDOWS\system32\w.exe.exe


Infected with: Worm.Glowa.AE

C:\WINDOWS\system32\w.exe.exe


Disinfection failed

C:\WINDOWS\system32\w.exe.exe


Deleted
  • 0

#8
Flrman1

Flrman1

    Malware Assassin

  • Retired Staff
  • 6,596 posts
* Run Hijack This again and put a check by these. Close ALL windows except HijackThis and click "Fix checked"

O4 - HKCU\..\Run: [Nord] C:\WINDOWS\System32\nordsys.exe

O4 - HKCU\..\Run: [con] C:\WINDOWS\System32\dlh9jkd1q2.exe



* Close Hijack This.


* Double-click on Killbox.exe to run it.
  • Put a tick by Delete on Reboot.
  • Copy the following list of files to clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):

    C:\WINDOWS\System32\nordsys.exe
    C:\WINDOWS\System32\dlh9jkd1q2.exe

  • Next in Killbox go to File > Paste from clipboard
  • Click on the All Files button.
  • Next click on the button that has the red circle with the white X in the middle.
  • It will ask for confimation to delete the files on next reboot and ask you if you want to reboot now.
  • Click Yes and let the computer reboot.
* After it reboots, run Kaspersky online virus scan here.

After the updates have downloaded, click on the "Scan Settings" button.
Choose the "Extended database" for the scan.
Under "Please select a target to scan", click "My Computer".
When the scan is finished, Save the results from the scan!

Note: You have to use Internet Explorer to do the online scan.

Post a new HiJackThis log along with the results from Kaspersky scan
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP