Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

computer & internet are slow


  • Please log in to reply

#1
Nukkuvakoala

Nukkuvakoala

    New Member

  • Member
  • Pip
  • 3 posts
I have Spywares, Adwares and a dialer... how do i get rid of them?
Heres the logs

Logfile of HijackThis v1.99.1
Scan saved at 20:23:48, on 3.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Janice Teiniranta\Työpöytä\HijackThis.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)

Uninstall list

Adobe Download Manager 2.0 (Poista ainoastaan)
Adobe Reader 7.0.5 Language Support
Adobe Reader 7.0.8
ADSL Router Utility
ATI - Software Uninstall Utility
ATI Control Panel
ATI Display Driver
AVG Anti-Spyware 7.5
BatClient
BeWAN ADSL modem
Canon MultiPASS Desktop Manager 3.01
C-Media WDM Audio Driver
Color LaserJet 1600
Creative WebCam Vista Plus Driver (1.02.02.0414)
Download.NetAnttila
Fujitsu Siemens Wireless Keyboard
Get Yahoo! Messenger
Gilbert Goodmate
Gilbert Goodmate
High Definition Audio Driver Package - KB888111
HijackThis 1.99.1
Hotfix for Windows XP (KB915865)
Hotfix-päivitys Windows XP:lle (KB914440)
InterVideo WinDVD
Java™ SE Development Kit 6
Java™ SE Runtime Environment 6
LiveReg (Symantec Corporation)
LiveUpdate 1.6 (Symantec Corporation)
MapleStory
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB886903)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 -tuotteen Security Update (KB917283)
Microsoft AutoRoute v11.0
Microsoft Data Access Components KB870669
Microsoft Encarta Encyclopedia Standard - WE 2004
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Laskin +
Microsoft National Language Support Downlevel APIs
Microsoft Office FrontPage 2003
Microsoft Office Standard Edition 2003
Microsoft Picture It! Photo Standard 9
Microsoft Works
Microsoft Works 2004 Osien valitseminen
Microsoft Works Suiten Microsoft Word -lisäosan
Mozilla Firefox (1.0.7)
MSXML 4.0 SP2 (KB927978)
Musicmatch® Jukebox
My Search Bar
Nero OEM
Nero Suite
NeroVision Express 2 SE
Norman Internet Control
NVIDIA Drivers
Panda ActiveScan
Python 2.4.2
Päivitys Windows XP:lle (KB904942)
QuickTime
RealPlayer
Realtek AC'97 Audio
Sampo Linkki
Security Update for Microsoft .NET Framework 2.0 (KB922770)
Shockwave
Skype 2.5
Suojauspäivitys ohjelmistolle Windows XP (KB904706)
Suojauspäivitys ohjelmistolle Windows XP (KB923689)
Suojauspäivitys Windows Media Player 6.4:lle (KB925398)
Suojauspäivitys Windows XP:lle (KB920213)
Suojauspäivitys Windows XP:lle (KB922760)
Suojauspäivitys Windows XP:lle (KB923694)
Suojauspäivitys Windows XP:lle (KB923980)
Suojauspäivitys Windows XP:lle (KB924270)
Suojauspäivitys Windows XP:lle (KB925454)
Suojauspäivitys Windows XP:lle (KB926255)
Ulead Photo Express 4.0 My Custom Edition
WA Update v3.50 beta2
Viewpoint Manager (Remove Only)
Winamp (remove only)
Windows Internet Explorer 7
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Sign-in Assistant
Windows Media Format Runtime
Windows Media Player 10
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB885884
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB891781
Windows XP Service Pack 2

Activescan

Incident Status Location

Spyware:spyware/betterinet Not disinfected c:\windows\inf\banner.inf
Adware:adware/ipinsight Not disinfected c:\windows\inf\farmmext.inf
Adware:adware/transponder Not disinfected c:\windows\inf\Pynix.inf
Adware:adware/gator Not disinfected c:\windows\GatorGainInstaller.log
Potentially unwanted tool:application/bestoffer Not disinfected c:\windows\smdat32a.sys
Potentially unwanted tool:application/myway Not disinfected hkey_local_machine\software\microsoft\windows\currentversion\uninstall\My Way Speedbar Uninstall
Adware:adware/aurora Not disinfected Windows Registry
Potentially unwanted tool:application/altnet Not disinfected hkey_classes_root\clsid\{3646C2BD-3554-49CA-8125-44DEEFB881DE}
Adware:adware/instafinder Not disinfected Windows Registry
Dialer:dialer.cn Not disinfected HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{511F9316-771B-4953-A268-1C36DA667FE9}
Spyware:Cookie/Com.com Not disinfected C:\Documents and Settings\Janice Teiniranta\Application Data\Mozilla\Firefox\Profiles\x79zmkhu.default\cookies-1.txt[ad.sensismediasmart.com.au/]
Spyware:Cookie/RealMedia Not disinfected C:\Documents and Settings\Janice Teiniranta\Application Data\Mozilla\Firefox\Profiles\x79zmkhu.default\cookies-1.txt[.realmedia.com/]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Janice Teiniranta\Omat tiedostot\Vastaanotetut tiedostot\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Janice Teiniranta\Omat tiedostot\Vastaanotetut tiedostot\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Janice Teiniranta\Työpöytä\SmitfraudFix\Process.exe
Spyware:Cookie/RealMedia

--------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 18:44:05 3.1.2007

+ Scan result:



:mozilla.6:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\aevzm60c.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.30:C:\Documents and Settings\Lea\Application Data\Mozilla\Firefox\Profiles\aevzm60c.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
C:\Norman\Download\NVCF0001.ZIP/Data/Bin/Nipsvc.exe -> Trojan.Wow : Cleaned with backup (quarantined).


::Report end

Please :whistling: and thanks
  • 0

Advertisements


#2
Technical_1

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts
Hello Nukkuvakoala and welcome to G2G's Malware Forum.

My name is Technical_1 and I will be analyzing your log.

I see several nasties floating around in there but I think there are some that are hiding from Hijack This as well. Let's rename Hijack This to see if they show up.
  • Rename Hijack This.
    • Right Click on Hijack This and select rename.
    • Change the name to AnalyseThat.exe
      From now on, when I refer to Hijack This, you will be using the icon labeled Analyse That.
  • Please re-open HiJackThis and scan and save a new log file.
  • Post Logs
    • New Hijack This Log

  • 0

#3
Nukkuvakoala

Nukkuvakoala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello Technical_1

Thank you for helping me :whistling: Heres the the new log

Logfile of HijackThis v1.99.1
Scan saved at 14:37:01, on 5.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Documents and Settings\Janice Teiniranta\Työpöytä\AnalyseThat.exe.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)
  • 0

#4
Technical_1

Technical_1

    Visiting Staff

  • Member
  • PipPipPip
  • 735 posts

Sorry for the delay, Nukkuvakoala. The server switch over does appear to be the problem. I've posted this reply in as a quote as that appears to allow it to work, just incase you have trouble replying. If you still have trouble, fell free to PM me about it.

Let's get rid of a few things and get a scan in.

  • Remove Bad Services
    • Go to Start->Run and type in notepad and hit OK.
    • Then copy and paste the contents of the following Quote box into Notepad:

      sc stop SXServ
      sc delete SXServ
      del delete.bat

    • Save the file as "delete.bat". <== Make sure to save it with the quotes.
    • Double click delete.bat.
  • Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below being careful to get only these:

    O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
    O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
    O23 - Service: SX Service (SXServ) - Unknown owner - C:\WINDOWS\system32\sxserv101.exe (file missing)

    Now close all windows other than HiJackThis, then click Fix Checked. Exit Hijack This.
  • Reboot into safe mode.
    Restart your computer and as soon as it starts booting up again continuously tap F8. A menu should come up where you will be given the option to enter Safe Mode.
  • Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

    Viewpoint Manager

    Please note any other programs that you dont recognize in that list in your next response
  • Delete Files/Folders
    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these folders (if present):

    C:\Program Files\Viewpoint[/b]

    Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these files (if present):

    C:\WINDOWS\system32\sxserv101.exe

  • After that, Reboot.
  • Please download ATF Cleaner by Atribune.
    This program is for XP and Windows 2000 onlyDouble-click ATF-Cleaner.exe to run the program.
    Under Main choose: Select All
    Click the Empty Selected button.
    If you use Firefox browserClick Firefox at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    If you use Opera browserClick Opera at the top and choose: Select All
    Click the Empty Selected button.
    NOTE: If you would like to keep your saved passwords, please click No at the prompt.
    Click Exit on the Main menu to close the program.
    For Technical Support, double-click the e-mail address located at the bottom of each menu.
  • Please run Bit Defender
    Note: This Scan requires Internet Explorer to run.
    • read the EULA and click 'I agree' if you wish to proceed with scan
    • Allow the ActiveX control to install, if prompted.
    • The Scanning Engine and Virus Definitions will now update.
      You may receive a message about the scanning engine being updated and that you need to close Internet Explorer and reopen. If you recieve this message, close IE and reopen. Then navigate back to the Scanner.
    • Now click on Click Here to Scan
    • Your entire computer will now be scanned.
    • When BitDefender completes the scan, select the "Detected Problems" tab.
    • Click on "Click here to export scan".
    • Save the file as an HTML to your Desktop.
    • Then click on the saved file and allow it to open with your browser.
    • Go to Edit>Select All then copy/paste that log back here.

      This could be a long scan so do it when you have at least two or three hours free.
  • Please re-open HiJackThis and scan and save a new log file.
  • [color="blue"]Post Logs
    • BitDefender Results
    • New Hijack This Log


Edited by Technical_1, 06 January 2007 - 05:20 PM.

  • 0

#5
Nukkuvakoala

Nukkuvakoala

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hello Technical_1,
The sxserv101.exe came off but The extra buttons seem to be on still (even though I checked their boxes)
Here are the BitDefender results and the Hijack This log.



BitDefender Online Scanner


Scan report generated at: Sun, Jan 07, 2007 - 12:08:12


Scan path: A:\;C:\;D:\;E:\;F:\;G:\;H:\;I:\;J:\;


Statistics

Time


01:24:35

Files


677857

Folders


6538

Boot Sectors


2

Archives


11081

Packed Files


69327







Results

Identified Viruses


2

Infected Files


8

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


8







Engines Info

Virus Definitions


368363

Engine build


AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)

Scan plugins


14

Archive plugins


38

Unpack plugins


6

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\Documents and Settings\Janice Teiniranta\Työpöytä\backups\backup-20070102-155525-302.dll


Infected with: Trojan.Busky.2.Gen

C:\Documents and Settings\Janice Teiniranta\Työpöytä\backups\backup-20070102-155525-302.dll


Disinfection failed

C:\Documents and Settings\Janice Teiniranta\Työpöytä\backups\backup-20070102-155525-302.dll


Deleted

C:\Documents and Settings\Janice Teiniranta\Työpöytä\backups\backup-20070102-155525-914.dll


Infected with: Trojan.Busky.2.Gen

C:\Documents and Settings\Janice Teiniranta\Työpöytä\backups\backup-20070102-155525-914.dll


Disinfection failed

C:\Documents and Settings\Janice Teiniranta\Työpöytä\backups\backup-20070102-155525-914.dll


Deleted

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 0)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 1)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 2)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 2)=>(Embedded EXE o)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 3)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 4)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 5)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 6)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 7)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.cab=>(IShield Module 8)


Clean

C:\Documents and Settings\Matti\Omat tiedostot\Maple\MSSetup.exe=>(CAB Sfx o)=>\Disk1\data1.hdr


Clean

C:\System Volume Information\_restore{2518D2AC-FB67-43AB-A050-190E51719AF7}\RP4\A0000337.dll


Infected with: Trojan.Busky.2.Gen

C:\System Volume Information\_restore{2518D2AC-FB67-43AB-A050-190E51719AF7}\RP4\A0000337.dll


Disinfection failed

C:\System Volume Information\_restore{2518D2AC-FB67-43AB-A050-190E51719AF7}\RP4\A0000337.dll


Deleted

C:\System Volume Information\_restore{2518D2AC-FB67-43AB-A050-190E51719AF7}\RP4\A0000338.dll


Infected with: Trojan.Busky.2.Gen

C:\System Volume Information\_restore{2518D2AC-FB67-43AB-A050-190E51719AF7}\RP4\A0000338.dll


Disinfection failed

C:\System Volume Information\_restore{2518D2AC-FB67-43AB-A050-190E51719AF7}\RP4\A0000338.dll


Deleted

C:\WINDOWS\system32\jpptiyl.dll


Infected with: Trojan.Busky.1.Gen

C:\WINDOWS\system32\jpptiyl.dll


Disinfection failed

C:\WINDOWS\system32\jpptiyl.dll


Deleted

C:\WINDOWS\system32\ncwkiqd.dll


Infected with: Trojan.Busky.2.Gen

C:\WINDOWS\system32\ncwkiqd.dll


Disinfection failed

C:\WINDOWS\system32\ncwkiqd.dll


Deleted

C:\WINDOWS\system32\qdyggpl.dll


Infected with: Trojan.Busky.2.Gen

C:\WINDOWS\system32\qdyggpl.dll


Disinfection failed

C:\WINDOWS\system32\qdyggpl.dll


Deleted

C:\WINDOWS\system32\whprcaj.dll


Infected with: Trojan.Busky.1.Gen

C:\WINDOWS\system32\whprcaj.dll


Disinfection failed

C:\WINDOWS\system32\whprcaj.dll


Deleted

And the hijack this log

Logfile of HijackThis v1.99.1
Scan saved at 12:10:58, on 7.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Norman\Npf\Bin\Npfmsg2.exe
C:\Documents and Settings\Janice Teiniranta\Työpöytä\AnalyseThat.exe.exe

O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: ShopperReports - Compare travel rates - {946B3E9E-E21A-49c8-9F63-900533FAFE14} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O9 - Extra button: ShopperReports - Compare product prices - {E77EDA01-3C56-4a96-8D08-02B42891C169} - C:\Program Files\ShopperReports\Bin\1.0.5.0\ShprRprt.dll (file missing)
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Unknown owner - C:\Program Files\Norton AntiVirus\navapsvc.exe (file missing)
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Program Files\Netropa\Multimedia Keyboard\nhksrv.exe
O23 - Service: Norman API-hooking helper (NipSvc) - Unknown owner - C:\Norman\Nvc\BIN\nipsvc.exe
O23 - Service: Norman Virus Control on-access component (nvcoas) - Norman ASA - C:\Norman\Nvc\bin\nvcoas.exe
O23 - Service: Norman Virus Control Scheduler (NVCScheduler) - Norman Data Defense Systems - C:\Norman\Nvc\BIN\NVCSCHED.EXE
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe

Edited by Nukkuvakoala, 07 January 2007 - 04:25 AM.

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP