Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I don't know what I have[RESOLVED]


  • This topic is locked This topic is locked

#46
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Ok, so I made it through the first program and the rebooted.

When I download the Brute Force Installer it has be click extract in the program IzArc. I do not have the option to "extract all" from right clicking on the Installer on my desktop. Do I need to follow these steps or can I use it from what I have done. I can open the program from my desktop right now.

Sorry it took me so long to get back on this one.

A few other things I noticed:
There is a red x for my local disk (c:) icon

and also the local connections thing that pops up when I boot up. Do you know how to fix this?

Edited by calgooda1323, 24 March 2008 - 09:02 PM.

  • 0

Advertisements


#47
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Alright so i went back to see if I had unzipped the IceSword. Tell me if I am correct, when you download the file before it is unzipped it has an icon that has a little box witht the word zip? When I extract it using IzArc it creates a little file folder. In the folder I can see 6 files; cooperator, fileReg.icp, IceSword, FileReg, Icesword(HTML help file), and readme. I click on the Icesword from there and then I can see the things you told me to look at.

I'm not sure where to go from here!
  • 0

#48
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, it looks like you were running Icesword properly, so not to worry.


Please download SmitfraudFix (by S!Ri) to your Desktop.

Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please save that report to your desktop as Smitfraud.txt, and copy/paste the content into your next reply.

**If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.


Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlog...processutil.htm
  • 0

#49
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
SmitFraudFix v2.308

Scan done at 11:18:25.37, Tue 03/25/2008
Run from C:\Documents and Settings\Cortney\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\TPSMain.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cortney


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Cortney\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Cortney\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, following keys are not inevitably infected!!!

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Rustock



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Intel® PRO/100 VE Network Connection - Packet Scheduler Miniport
DNS Server Search Order: 68.87.85.98
DNS Server Search Order: 68.87.69.146

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6613F300-8483-491B-A626-E114A0FB6021}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6613F300-8483-491B-A626-E114A0FB6021}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6613F300-8483-491B-A626-E114A0FB6021}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146


»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#50
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, you should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.

And let me know how your computer is running now.

Regards,
RatHat
  • 0

#51
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
SmitFraudFix v2.308

Scan done at 14:21:11.28, Wed 03/26/2008
Run from C:\Documents and Settings\Cortney\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{6613F300-8483-491B-A626-E114A0FB6021}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS2\Services\Tcpip\..\{6613F300-8483-491B-A626-E114A0FB6021}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS3\Services\Tcpip\..\{6613F300-8483-491B-A626-E114A0FB6021}: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.85.98 68.87.69.146


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
  • 0

#52
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, could you post me a fresh HijackThis log, and let me know how your computer is behaving now.

Thanks,
RatHat
  • 0

#53
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:26:29 PM, on 3/26/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\AGRSMMSG.exe
C:\WINDOWS\System32\DVDRAMSV.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
C:\WINDOWS\System32\TPSMain.exe
C:\toshiba\ivp\ism\pinger.exe
C:\Program Files\ltmoh\Ltmoh.exe
C:\WINDOWS\System32\00THotkey.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\WINDOWS\System32\TFNF5.exe
C:\Program Files\TOSHIBA\TOSHIBA Controls\TFncKy.exe
C:\Program Files\Apoint2K\Apntex.exe
C:\WINDOWS\System32\TPSBattM.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe
C:\Program Files\Lexmark 5200 series\lxbtbmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Trend Micro\Tmas\Tmas.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\en-us\msntb.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\system32\msdxm.ocx
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [TouchED] C:\Program Files\TOSHIBA\TouchED\TouchED.Exe
O4 - HKLM\..\Run: [PadTouch] "C:\Program Files\TOSHIBA\PadTouch\PadExe.exe
O4 - HKLM\..\Run: [TPSMain] TPSMain.exe
O4 - HKLM\..\Run: [Pinger] c:\toshiba\ivp\ism\pinger.exe /run
O4 - HKLM\..\Run: [LtMoh] C:\Program Files\ltmoh\Ltmoh.exe
O4 - HKLM\..\Run: [00THotkey] C:\WINDOWS\System32\00THotkey.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [TFNF5] TFNF5.exe
O4 - HKLM\..\Run: [TFncKy] TFncKy.exe
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Lexmark 5200 series] "C:\Program Files\Lexmark 5200 series\lxbtbmgr.exe"
O4 - HKLM\..\Run: [000StTHK] 000StTHK.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LXBTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBTtime.dll,[email protected]
O4 - HKLM\..\Run: [IntelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKCU\..\Run: [TOSCDSPD] C:\Program Files\TOSHIBA\TOSCDSPD\toscdspd.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Microsoft Office\OFFICE11\ONENOTEM.EXE
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Trend Micro Anti-Spyware.lnk = C:\Program Files\Trend Micro\Tmas\Tmas.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O12 - Plugin for .csm: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .csml: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cub: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .cube: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .dx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .emb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .embl: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .gau: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .jdx: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mol: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .mop: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .pdb: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .rxn: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .scr: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .skc: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O12 - Plugin for .spt: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .tgf: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O12 - Plugin for .xyz: C:\Program Files\Internet Explorer\Plugins\npchime.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.toshiba.com
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://photo.walgree...eensActivia.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail....es/MSNPUpld.cab
O16 - DPF: {58FC4C77-71C2-4972-A8CD-78691AD85158} (BJA Control) - http://www.worldwinn...ck/bjattack.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1141762598718
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} (Wwlaunch Control) - http://www.worldwinn...ed/wwlaunch.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {A30FBBDC-FA29-4606-8565-14AADCCA6708} (Rite Aid One Hour Photo Online Control) - https://photos.ritea...PhotoOnline.cab
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} (WoF Control) - http://www.worldwinn...v45/wof/wof.cab
O16 - DPF: {A8683C98-5341-421B-B23C-8514C05354F1} (FujifilmUploader Class) - http://photo.walmart...ploadClient.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} (CGameManagerCtrl Object) - https://disney.go.co...GameManager.cab
O16 - DPF: {E6D23284-0E9B-417D-A782-03E4487FC947} (Pearson MathXL Player) - http://asp.mathxl.co.../MathPlayer.cab
O16 - DPF: {FAE74270-E5EE-49C3-B816-EA8B4D55F38F} (H2hPool Control) - http://www.worldwinn...ool/h2hpool.cab
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\System32\DVDRAMSV.exe
O23 - Service: lxbt_device - Lexmark International, Inc. - C:\WINDOWS\System32\lxbtcoms.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--
End of file - 8996 bytes
  • 0

#54
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
Well it seems better but honestly not back to normal. The desktop is back now. I see a red x by my c: in my computer. Is this normal?

Do you think we got it?

Edited by calgooda1323, 26 March 2008 - 04:30 PM.

  • 0

#55
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
Theres still something not quite right so I would like you to run eScan.

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Step 1:
Download the eScan Antivirus Toolkit Here. Save it to the Desktop, it is roughly 10MB in size.
Before running the program we need to update the signature files first in Step 2.

Step 2:
Updating the eScan Antivirus Toolkit with the latest files:

1.) Double-click on the mwav.exe file saved to the Desktop; it will extract the program files to a new folder called Kaspersky at the root of the C:\drive. (C:\Kaspersky.)

2.) Double-click on My Computer, double-click on the Hard Drive (usually the C:\drive), find and double-click on the Kaspersky folder; inside the Kaspersky folder, find and double-click on the kavupd.exe file. Double-clicking on the kavupd.exe file opens the Windows command prompt (DOS screen) and updates the program with all the latest signature files.

3.) After the update is complete, the bottom of the command prompt will read "Press any key to continue", press any key to close the screen. Close eScan for now. You need to also close all Windows Explorer windows (or "My Computer" windows) to allow a refresh.

4.) *Important* : in order to complete the update process, you must now do the following:

- Using Windows Explorer (or "My Computer"), go to C:\Downloads and "Copy" all files present in that folder
- "Paste" the files in C:\Kaspersky
- Allow the overwriting of existing files, when prompted
- Close Windows Explorer

Please do not run a scan with the eScan Antivirus Toolkit utility yet.

Step 3:
Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.

Step 4:
From Safe Mode, run the eScan Antivirus Toolkit. Please follow these instructions:

1.) To run the eScan Antivirus Toolkit program, look for a file called mwavscan.com inside the C:\Kaspersky folder.

2.) Double-click on the mwavscan.com file; this will open the eScan program.

3.) With the eScan interface on your Desktop, make sure that these boxes under Scan Option are checked : Memory, Registry, Startup Folders, System Folders, Services.

4.) Check the Drive box, this will enable the All Local Drives radio button below it. Make sure it is activated.

5.) Below these boxes, make sure the box Scan All Files is checked, not Program Files.

6.) Click the Scan Clean button and let the utility run until it completes a thorough scan of your hard drive. When the scan has finished it will read Scan Completed. Do not Exit the tool just yet.

7.) Open a new NotePad file (click on "Start" >> "All Programs" >>"Accessories" >> "NotePad"), then Copy/Paste the content of the Virus Log Information window into that file, and save it to your desktop as eScanLog.txt. Reboot your computer into normal Windows.

Please post the content of the log you have saved (eScanLog.txt) in your next reply, once all steps are completed.


Please download Deckard's System Scanner (DSS) and save it to your Desktop.
  • Close all other windows before proceeding.
  • Double-click on dss.exe and follow the prompts.
  • When it has finished, DSS will open two Notepad files: main.txt and extra.txt
  • Use Save As to save both Notepad files to your Desktop and post them in your next reply.
Note: A copy of these files can be found in you root drive, usually C:\Deckard\System Scanner\
  • 0

Advertisements


#56
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
File C:\Documents and Settings\Cortney\Desktop\SmitfraudFix\Reboot.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\Documents and Settings\Cortney\Desktop\SmitfraudFix.exe tagged as not-a-virus:RiskTool.Win32.Reboot.f. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\Common Files\SKS~1\chkdsk.exe.vir infected by "Trojan-Downloader.Win32.PurityScan.fj" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\Program Files\fehy89104.dll.vir tagged as not-a-virus:AdWare.Win32.TTC.d. No Action Taken.
File C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.vir tagged as not-a-virus:AdWare.Win32.ZenoSearch.ad. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\a1\tliamdll2.exe.vir infected by "Trojan-Downloader.Win32.Small.buy" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\aflcxvbq.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\ashgmtmw.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\axatjjhn.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\bgpqhrnc.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\bhyqsara.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\bifetaej.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\bjwik.dll.vir tagged as not-a-virus:AdWare.Win32.PurityScan.gv. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\bqnuljlj.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\cfpdfokx.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\cjhrlxjt.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\dlvquuqi.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\fbktktuc.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\fcccyvu.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\fibdymww.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\fiyhuwpo.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\fomgpneg.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\fuwjktpa.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\ggjehuhr.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\gtssfxgj.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\gwwjsrji.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\hcjgfyda.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\hgaflsxk.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\iDlo01\iDlo011065.exe.vir infected by "Trojan-Downloader.Win32.VB.caw" Virus. Action Taken: File Deleted.
File C:\QooBox\Quarantine\C\WINDOWS\system32\jkkkkli.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\jovjaorn.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\jwbaknuk.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\kegjpurm.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\koeqjkbp.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\kpkqckss.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\kqsusvak.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.ixf. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\ldmktydf.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\ljjkhgd.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\lknbbodh.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\mclrmshp.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\nkpiixwv.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\nksdfhex.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\nlhalllr.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\nvwjmxiw.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\okilponr.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\oubcphhq.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\owsksqtm.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\oxgvdbic.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\p9\liopud89104.exe.vir tagged as not-a-virus:AdWare.Win32.TTC.d. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\qaltupwr.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\qpcyygdn.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\quetpppp.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\rbbhuxdc.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\sekyrpqt.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\sgdbynum.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\skaycfty.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\skqdmvrs.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\svxxckbr.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\tfrerwqo.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\tivwfvkv.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\tqhbdaht.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\ttyawwvn.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\twmroiql.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\urnapyov.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vdgmvckj.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vujsribl.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\vyeqtcyr.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\wctieesm.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\wmjawdvr.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\wshbmtuh.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\xerkbrwe.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\xmvhcjbp.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\ynkehxbn.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\yundcmou.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\C\WINDOWS\system32\ywpnmdcp.dll.vir tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\QooBox\Quarantine\catchme2008-03-20_105642.48.zip tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000510.exe infected by "Trojan.Win32.Small.ev" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000511.exe infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000512.exe infected by "Trojan.Win32.Runner.j" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000513.exe infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000514.exe infected by "Trojan-Downloader.Win32.Small.czw" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000515.exe infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000516.exe infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000517.exe infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000518.exe infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000519.exe infected by "Trojan-Downloader.Win32.Small.cxg" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000520.exe infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000521.exe infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000522.exe infected by "Trojan-Downloader.Win32.Agent.kvv" Virus. Action Taken: File Deleted.
File C:\System Volume Information\_restore{5808F9B6-96B5-4803-A039-47EB1E010CB7}\RP3\A0000523.exe infected by "Trojan-Downloader.Win32.Agent.lbx" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\Documents and Settings\Cortney\Desktop\OTScanIt\MovedFiles\03202008_134456\WINDOWS\MROFINU1000106.0XE infected by "Trojan-Downloader.Win32.Agent.kvv" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\Documents and Settings\Cortney\Desktop\OTScanIt\MovedFiles\03202008_134456\WINDOWS\MROFINU572.0XE infected by "Trojan-Downloader.Win32.Agent.lbx" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\Documents and Settings\Cortney\Desktop\OTScanIt\MovedFiles\03202008_134456\WINDOWS\System32\lejbyagv.dll tagged as not-a-virus:AdWare.Win32.Virtumonde.gen. No Action Taken.
File C:\_OTMoveIt\MovedFiles\03202008_174132\PJ.0XE infected by "Trojan.Win32.Small.ev" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\Program Files\Common Files\YAZZLE1281OINADMIN.0XE infected by "Trojan.Win32.Scapur.k" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\Program Files\Common Files\Yazzle1281OinUninstaller.exe tagged as not-a-virus:AdWare.Win32.PurityScan.gp. No Action Taken.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\CONFLICT.1\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\CONFLICT.2\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Small.cxg" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\CONFLICT.3\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\CONFLICT.4\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\CONFLICT.5\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\CONFLICT.6\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Small.czm" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\CONFLICT.7\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Small.czw" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\GDNUS2335.0XE infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\Downloaded Program Files\UGA6P_0001_N122M0611NetInstaller.exe tagged as not-a-virus:Downloader.Win32.WinFixer.au. No Action Taken.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\system32\4E3807EE.0XE infected by "Trojan-Downloader.Win32.Busky.gen" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\system32\ETMT2.0XE infected by "Trojan.Win32.Runner.j" Virus. Action Taken: File Deleted.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\system32\nsg1E2.dll tagged as not-a-virus:AdWare.Win32.EZula.cc. No Action Taken.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\system32\nwinorai.exe tagged as not-a-virus:AdWare.Win32.ZenoSearch.p. No Action Taken.
File C:\_OTMoveIt\MovedFiles\03202008_174132\WINDOWS\system32\qndsregj.exe tagged as not-a-virus:AdWare.Win32.ZenoSearch.o. No Action Taken.
  • 0

#57
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
The Deckard Scanner keeps timing out. I will try it a little later. I don't know what the problem is.
  • 0

#58
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
The Deckard Scanner keeps timing out. I will try it a little later. I don't know what the problem is.
  • 0

#59
RatHat

RatHat

    Ex Malware Expert

  • Expert
  • 7,829 posts
OK, everything that is shown there is either quarantined or in System Restore. It is safe there unless you restore to a previous date, so the best thing we can do is to clear your restore points, and create a new one:


Turn OFF System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • Check Turn off System Restore.
  • Click Apply, and then click OK.
Restart your computer.

Turn ON System Restore.
  • On the Desktop, right-click My Computer.
  • Click Properties.
  • Click the System Restore tab.
  • UN-Check Turn off System Restore.
  • Click Apply, and then click OK.

System Restore will now be active again.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Seeing as how DSS is hanging, could you post me a HijackThis log.

Regards,
RatHat
  • 0

#60
calgooda1323

calgooda1323

    Member

  • Topic Starter
  • Member
  • PipPip
  • 57 posts
when I did this my system restore was not checked in the first place. I still clicked apply though
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP