Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My HijackThis log [RESOLVED]


  • This topic is locked This topic is locked

#1
violin

violin

    Member

  • Member
  • PipPip
  • 22 posts
I still have problem about my wallpaper. My desktop have a black&yellow texts is showing. messaging is below

WARNING! YOU'RE IN DANGER!

ALL YOU DO WITH COMPUTER IS STORED FOREVER IN YOUR HARD DISK. WHEN YOU VISIT SITES, SEND EMAILS... ALL YOUR ACTIONS ARE LOGGED. AND IT IS IMPOSSIBLE TO REMOVE THEM WITH STANDARD TOOLS. YOUR DATA IS STILL AVAILABLE FOR FORENSICS. AND IN SOME CASES FOR YOUR BOSS, YOUR FRIENDS, YOUR WIFE, YOUR CHILDREN.

Every site you or somebody or even something, like spyware, opened in your browser, with all images, and all downloaded and maybe later removed movies or mp3 songs - ARE STILL THERE and could broke your life!

SECURE YOURSELF RIGHT NOW!
REMOVE ALL SPYWARE FROM YOUR PC!

Removal instructions
**

...I had to done everything is I can do but Ad-aware still found some thing wrong like a infected files in the unknow location.

This is my HijackThis log.



Logfile of HijackThis v1.99.1
Scan saved at 20:19:20, on 2005/06/27
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
D:\BACKUP C\Program\Kill trojan\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\ja\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
O4 - HKLM\..\RunServices: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
O4 - HKCU\..\Run: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co....Public/nxpm.cab
O16 - DPF: {33E7E377-FA07-4228-93A6-8A340B768140} (Nexon Package Manager Control (Jp)) - http://www.nexon.co....blic/nxpmjp.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...JP.2005.2.2.cab
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.co...utoPatchOCX.cab
O16 - DPF: {B4666D11-4E55-44F6-BB69-B5D69C9DF05E} (X2Run2 Control) - http://www.fortress....udes/X2Run2.Cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://gameguard.nef...crypt/npkcx.cab
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

please help me Thank you very much
  • 0

Advertisements


#2
Guest_usetobe_*

Guest_usetobe_*
  • Guest
We can definitely help you, but first you need to help us. The first step in this process is to apply Service Pack 1a for Windows XP, or Service Pack 4 if you are running Win2k. Without this update, you're wide open to re-infection, and we're both just wasting our time.
Click here
Apply the update, reboot, and post a fresh Hijack This log.
  • 0

#3
violin

violin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
My Lord,Thank you very much for your reply in my problem topic.
and this is my HijackThis log, after install sp1a and removed internet temp files with cookies


Logfile of HijackThis v1.99.1
Scan saved at 5:30:51, on 2005/06/28
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\msiexec.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\System32\ctfmon.exe
C:\WINDOWS\System32\wuauclt.exe
D:\BACKUP C\Program\Kill trojan\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\ja\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co....Public/nxpm.cab
O16 - DPF: {33E7E377-FA07-4228-93A6-8A340B768140} (Nexon Package Manager Control (Jp)) - http://www.nexon.co....blic/nxpmjp.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119888241025
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...JP.2005.2.2.cab
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.co...utoPatchOCX.cab
O16 - DPF: {B4666D11-4E55-44F6-BB69-B5D69C9DF05E} (X2Run2 Control) - http://www.fortress....udes/X2Run2.Cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://gameguard.nef...crypt/npkcx.cab
O18 - Protocol hijack: file - FILE>{79
C
-
9-
1 - 82
00
0

}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

Thank you very much huandred times for your kindness
  • 0

#4
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi violin,

Instructions will follow shortly

Edited by usetobe, 28 June 2005 - 03:41 AM.

  • 0

#5
Guest_usetobe_*

Guest_usetobe_*
  • Guest
OK here we go.

Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Download, install, and update Ewido Security Suite
  • Install ewido security suite
  • Launch ewido, there should be a big E icon on your desktop, double-click it.
  • The program will prompt you to update click the OK button
  • The program will now go to the main screen
You will need to update ewido to the latest definition files.
  • On the left hand side of the main screen click update
  • Click on Start
The update will start and a progress bar will show the updates being installed.
After the updates are installed, exit Ewido

Please download Cleanup from here:
Cleanup. Do not run it yet.

Set up PC to show hidden files.(Click link if you do not know how)
Show hidden files

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.

Once in Safe Mode, Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu). Set the program up as follows:
*Click "Options..."
*Move the arrow down to "Custom CleanUp!"
*Put a check next to the following:
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Scan local drives for temporary files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

After Cleanup! is finished:
  • Run Ewido.
  • Click on scanner
  • Make sure the following boxes are checked before scanning:
    • Binder
    • Crypter
    • Archives
  • Click on Start Scan
  • Let the program scan the machine
While the scan is in progress you will be prompted to clean the first infected file it finds. Choose "clean", then put a check next to "Perform action on all infections" in the left corner of the box so you don't have to sit and watch Ewido the whole time. Click OK.

Once the scan has completed, there will be a button located on the bottom of the screen named Save report[list]
[*]Click Save report
[*]Save the report to your desktop
[*]Exit Ewido

Now scan with HJT and check the following entries if they still exist:

O4 - HKCU\..\Run: [updatelavasoft] C:\WINDOWS\System32\updatelavasoft.exe
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.r...ip/RdxIE601.cab
O16 - DPF: {79419762-2D03-48F8-A63E-0544D95143DE} (AutoPatchOCX Control) - http://www.x2game.co...utoPatchOCX.cab
O16 - DPF: {B4666D11-4E55-44F6-BB69-B5D69C9DF05E} (X2Run2 Control) - http://www.fortress....udes/X2Run2.Cab
O16 - DPF: {D6FCA8ED-4715-43DE-9BD2-2789778A5B09} (NPKCX Control) - http://gameguard.nef...crypt/npkcx.cab
O18 - Protocol hijack: file - FILE>{79PHCNMH-IHW9-H1MG-IT82H00MH0IHW{PHT}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}


Ensure no windows open except HJT and click fix checked

Using windows explorer locate and delete the following file if found

C:\WINDOWS\System32\updatelavasoft.exe

Now reboot pc normally.

Run this online virus scan: ActiveScan - Save the results from the scan!

Rescan with HJT and post the log back, with the ewido and panda logs.
  • 0

#6
violin

violin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you very much Lord usetobe for your assistance!

but my wallpaper still can not show on desktop, just a white&gray screen flashing showing and hide my wallpaper behide, seeming something bad it's trying to make my pc get no good

This is my newest ewido, ActiveScan and HijackThis logs

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 3:48:59, 2005/06/29
+ Report-Checksum: 944AD94F

+ Date of database: 2005/06/28
+ Version of scan engine: v3.0

+ Duration: 135 min
+ Scanned Files: 201677
+ Speed: 24.73 Files/Second
+ Infected files: 0
+ Removed files: 0
+ Files put in quarantine: 0
+ Files that could not be opened: 0
+ Files that could not be cleaned: 0

+ Binder: Yes
+ Crypter: Yes
+ Archives: Yes

+ Scanned items:
C:\Documents and Settings\loveromancing\Desktop
C:\
D:\
E:\
F:\
G:\

+ Scan result:
No infected files found!


::Report End




Incident Status Location

Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\spoolsrv32.exe
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\srpcsrv32.dll
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\txfdb32.dll
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\spoolsrv32.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Spyware:Spyware/Hyperbar No disinfected C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
Adware:Adware/PopCapLoader No disinfected D:\BACKUP C\Program\Kill trojan\backups\backup-20050403-020802-117.inf
Adware:Adware/PopCapLoader No disinfected D:\BACKUP C\Program\Kill trojan\backups\backup-20050627-180205-641.inf



Logfile of HijackThis v1.99.1
Scan saved at 5:39:23, on 2005/06/29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
D:\BACKUP C\Program\Kill trojan\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\ja\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co....Public/nxpm.cab
O16 - DPF: {33E7E377-FA07-4228-93A6-8A340B768140} (Nexon Package Manager Control (Jp)) - http://www.nexon.co....blic/nxpmjp.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119888241025
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...JP.2005.2.2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol hijack: file - FILE>{79
C
-
9-
1 - 82
00
0

}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


Thank you very much again and agian
  • 0

#7
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Please read these instructions carefully and print them out! Be sure to follow ALL instructions!

Please right-click: HERE and go to Save As (in Internet Explorer it's "Save Target As") in order to download Grinler's reg file. Save it to your desktop.

Locate "smitfraud.reg" on your desktop and double-click it. When asked if you want to merge with the registry, click YES. Wait for the "merged successfully" prompt then follow the rest of the instructions below.

Go to Start > Control Panel > Add or Remove Programs and remove the following programs, if found:

Security IGuard
Virtual Maid
Search Maid


Exit Add/Remove Programs.

*IMPORTANT*CLICK THIS LINK TO LEARN HOW TO VIEW HIDDEN FILES

I need you to copy all of the Killbox file paths below and paste them into Notepad.

C:\wp.exe
C:\wp.bmp
C:\bsw.exe
C:\Windows\sites.ini
C:\Windows\popuper.exe
C:\Windows\system32\hhk.dll
C:\Windows\System32\wldr.dll
C:\Windows\system32\perfcii.ini
C:\Windows\System32\helper.exe
C:\Windows\System32\shnlog.exe
C:\Windows\System32\intmon.exe
C:\Windows\System32\intmonp.exe
C:\Windows\System32\msmsgs.exe
C:\Windows\system32\msole32.exe
C:\Windows\System32\ole32vbs.exe



* Please download the http://www.bleepingc...es/killbox.php]Killbox by Option^Explicit[/url]. *In the event you already have Killbox, this is a new version that I need you to download.

* Save it to your desktop.

* Please double-click Killbox.exe to run it.

* Select "Delete on Reboot".

* Open the Notepad file where you saved the file paths earlier and copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C

* Return to Killbox, go to the File menu, and choose "Paste from Clipboard".

* Click the red-and-white "Delete File" button. Click "Yes" at the Delete on Reboot prompt. Click "No" at the Pending Operations prompt.

If your computer does not restart automatically, please restart it manually.

While your computer is restarting, tap the F8 key continually until a menu appears. Use your up arrow key to highlight Safe Mode, then hit enter.

Make sure you can view hidden files.

Using Windows Explorer, delete the following, if found, (please do NOT try to find them by "search" because they will not show up that way)

FOLDERS to delete (in bold) if found:

C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard

While still in Safe Mode, do the following:

Make sure all programs and windows are closed. Run HiJackThis and place a check next to all of the following entries that start with this O18 - Protocol hijack and click FIX CHECKED

Close HiJackThis.

Reboot into normal mode.

1.) Download The Hoster Press "Restore Original Hosts" and press "OK". Exit Program.

2.) Right-Click HERE and Save As to download DelDomains.inf to your desktop.
To use: RIGHT-CLICK DelDomains.inf on your desktop and select: Install (no need to restart)
Note: This will remove all entries in the "Trusted Zone" and "Ranges" also.

3.) Download, install, and run CleanUp!

4.) Run this online virus scan: ActiveScan - Save the results from the scan!

Post a new HiJackThis log along with the results from ActiveScan.
  • 0

#8
violin

violin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you very much Lord usetobe

but now I have some problem about killbox. I cant paste all of them by paste from clipboard...I had to paste them file by file and restart at the lastfile...If this is not work please teach me. and I cant find
C:\Program Files\Search Maid
C:\Program Files\Virtual Maid
C:\Windows\System32\Log Files
C:\Program Files\Security IGuard
(Hidden files are showed)

for now, my desktop still can not show my wallpaper and can not use right-click to go to window display menu by shortcut.

This is my lastest ActiveScan and HijackThis logs



Incident Status Location

Adware:Adware/MediaTickets No disinfected Windows Registry
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/Twain-Tech No disinfected C:\WINDOWS\satmat.ini
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\spoolsrv32.exe
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\srpcsrv32.dll
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\txfdb32.dll
Adware:Adware/TopSpyware No disinfected C:\WINDOWS\system32\spoolsrv32.exe
Adware:Adware/IPInsight No disinfected C:\WINDOWS\farmmext.ini
Adware:Adware/IPInsight No disinfected C:\WINDOWS\satmat.ini
Spyware:Spyware/Hyperbar No disinfected C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll
Adware:Adware/PopCapLoader No disinfected D:\BACKUP C\Program\Kill trojan\backups\backup-20050403-020802-117.inf
Adware:Adware/PopCapLoader No disinfected D:\BACKUP C\Program\Kill trojan\backups\backup-20050627-180205-641.inf



Logfile of HijackThis v1.99.1
Scan saved at 23:17:59, on 2005/06/29
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wscntfy.exe
D:\BACKUP C\Program\Kill trojan\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\ja\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co....Public/nxpm.cab
O16 - DPF: {33E7E377-FA07-4228-93A6-8A340B768140} (Nexon Package Manager Control (Jp)) - http://www.nexon.co....blic/nxpmjp.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119888241025
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...JP.2005.2.2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol hijack: file - FILE>{79
C
-
9-
1 - 82
00
0

}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe


Thank you very much tousand times for you spend your time for me

Edited by violin, 29 June 2005 - 11:11 AM.

  • 0

#9
violin

violin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
a bad screen on my desktop has gone...I found a close button at top-right of that bad screen(window?) after I closed it, I have no see it again. but I'm not sure they are still hidding in my pc or not

now I get better,Thank you very much for everything you try to help me

Thank you very much again
violin
  • 0

#10
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Hi Violin,

My next instructions to you were going to be to click and drag your desk top down to left to click on the X button....well done.

This is what you need to do need to do next...

Boot into SAFE MODE again run HJT and check all of the O18 entries that look like this

O18 - Protocol hijack:

Ensure no windows open and click fix checked.

Ensure PC setup to show hidden files

using windows explorer locate and delete the following files/folders:

C:\WINDOWS\farmmext.ini
C:\WINDOWS\satmat.ini
C:\WINDOWS\system32\spoolsrv32.exe
C:\WINDOWS\system32\srpcsrv32.dll
C:\WINDOWS\system32\txfdb32.dll
C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll


Reboot pc normally,

Rescan with HJT and post the log back
  • 0

Advertisements


#11
violin

violin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
This is lastest HijackThis log after delete them and reboot in normal mode

Logfile of HijackThis v1.99.1
Scan saved at 3:17:59, on 2005/07/01
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\slserv.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\system32\wscntfy.exe
D:\BACKUP C\Program\Kill trojan\HijackThis.exe

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O2 - BHO: PopupBlockerBHO.CPopupBlockerBHO - {0D929918-C804-4756-B0AC-640EF3F061E9} - C:\Program Files\SmartPopupBlocker\PopupBlockerBHO.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: MSN ツールバー - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.1601.0\ja\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_5_0.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2931566C-B8A6-46C5-BF4D-E6AB9251E953} (Nexon Package Manager Control) - http://www.nexon.co....Public/nxpm.cab
O16 - DPF: {33E7E377-FA07-4228-93A6-8A340B768140} (Nexon Package Manager Control (Jp)) - http://www.nexon.co....blic/nxpmjp.cab
O16 - DPF: {48884C41-EFAC-433D-958A-9FADAC41408E} (EGamesPlugin Class) - https://www.e-games....GamesPlugin.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by14fd.bay14....es/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1119888241025
O16 - DPF: {7623BE59-D4CF-4379-ABC4-B39E11854D66} (MabinogiWebAvatarRenderer Class) - http://avatar.mabino...JP.2005.2.2.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoft.../as5/asinst.cab
O18 - Protocol hijack: file - FILE>{79
C
-
9-
1 - 82
00
0

}
O18 - Protocol hijack: ftp - >IT{PH9NMHBIH9-1HTMG8I82-H0NMH0IHW90H}
O18 - Protocol hijack: http - {7PHANMH5-HW{PH11GE-8{PH-00HAIH4{PH0M}
O18 - Protocol hijack: its - >IT14H2N1HBIH8-1HT0GAIT{-H000H8IH49PH}
O18 - Protocol hijack: lid - >IT13H1N0H9IH3-4HTMGAIT4-H4NMH7IHW8PH}
O18 - Protocol hijack: mk - {7IT{PHEN-HAIH-11HT-GCI2-0HAN0H4IH90P}
O18 - Protocol hijack: res - >I050H3NMH9IH5-1HTMGBI82-H0NMH0IHW{0H}
O18 - Protocol hijack: tv - {HBIH08PH-MG4I-11H2-MHDIH00PH4MGBIT6P}
O18 - Protocol hijack: wia - >I3{3HANMH9IH7-4H0MGAI76-H2NMHAIHW{PH}
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe



I forgot to close all programs what is autorun when window startup

Thank you very much Lord usetobe
  • 0

#12
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Download Silent Runners
Unzip it to a permanent folder.
Start SilentRunners.vbs
When your antivirus is giving an alert, do not block this. Allow the script.
Copy and paste the content of the txtfile you get afterwards in your next reply.


Also try this Please download the free MWAV antivirus tool from here:
ftp://ftp.microworldsystems.com/download/tools/mwav.exe

This scan might take around 3+ hours to finish when set to scan everything. I need you to run MWav, put a check next to below items before scanning:

*Memory
*Startup Folders
*Drive - All Local Drives
*Folder - then click "browse" to change the directory to C: (default is C:\Windows)
*Registry
*System Folders
*Services
*Include Sub-Directory
*Scan All Files

Please make sure ALL of these are checked, then press the scan button. This typically will take hours to complete.

**NOTE*** Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.

Highlight the portion of the scan that lists infected items and hold CTRL + C to Copy then paste it here. The whole log will be extremely BIG so there is no way to copy the whole thing. I just need the infected items list.
  • 0

#13
violin

violin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you very much Lord usetobe

I trying to scan my pc by MWAV. but it stop while scanning many times, after I get the completed log I'll post it here immediately!
  • 0

#14
Guest_usetobe_*

Guest_usetobe_*
  • Guest
Sometimes MWav will pause and it appears to be finished, but it isn't done. Just let it run until it says it's complete.
  • 0

#15
violin

violin

    Member

  • Topic Starter
  • Member
  • PipPip
  • 22 posts
Thank you very much Lord usetobe

This is my lastest MWAV log


***** Scanning Registry and File system for Adware/Spyware *****
Offending Folder C:\WINDOWS\drtemp present...
Object "BetterInternet Adware" found in File System! Action Taken: No Action Taken.

Offending value found in HKLM\Software\microsoft\downloadmanager !!!
Object "AltNet Spyware/Adware" found in File System! Action Taken: No Action Taken.

Offending value found in HKCU\Software\igor v. gunko !!!
Object "HyperBar Spyware/Adware" found in File System! Action Taken: No Action Take

***** Scanning Registry for errors created because of Adware/Spyware *****
Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\AutoPatchOCX.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\NMStarter15.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\NMTransX.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\npx.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\PowerFTP.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\X2Run2.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\ModuleUsage" refers to invalid object
"C:\WINDOWS\System32\npkcx.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\X2Run2.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\System32\pxwma.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\NMTransX.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\NMStarter15.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\npx.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\PowerFTP.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\AutoPatchOCX.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\System32\npkcx.ocx". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\popcaploader.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\Program Files\Ahead\CoverDesigner\covered-deu.nls". Action Taken: No Action Taken.

Entry "HKLM\Software\Microsoft\Windows\CurrentVersion\SharedDlls" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\RdxIE.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{0B6DC6EE-C4FD-11d1-819A-00C04FB69B4D}" refers to invalid object "C:\Program
Files\Common Files\Adobe\Shell\psicon.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{1B53F360-9A1B-1069-930C-00AA0030EBC8}" refers to invalid object
"C:\WINDOWS\System32\hypertrm.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{29FF67FF-8050-480f-9F30-CC41635F2F9D}" refers to invalid object
"ADMWPROX.DLL". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{2AF05E9F-604C-42E5-AD7E-55F2E50733C1}" refers to invalid object
"C:\WINDOWS\System32\hmlo.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{2F6F5329-6B57-4D2D-B6AB-662793AEB986}" refers to invalid object
"C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{3910C366-78E9-11D4-8C24-00104BF6CAF3}" refers to invalid object
"C:\Program Files\Common Files\Macromedia\SCS DLLs\VBaddin.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{39CDE95F-7466-463A-81DE-CA0CDD7F6687}" refers to invalid object
"C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{4BC02DC2-3B39-4A98-BAB3-79C2FF247051}" refers to invalid object
"C:\Program Files\Common Files\ACD Systems\Video\ACDFX.ax". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{4EB37360-49E8-11D3-95B5-004033382980}" refers to invalid object
"D:\GIGA\ALZip\AZCTM.DLL". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{56336BCA-3D8A-11d6-A00B-0050DA18DE71}" refers to invalid object "C:\DOCUME~1\LOVERO~1\LOCALS~1\Temp\InfoWindow.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{5B153A12-D1BD-4F3D-A5C7-EE16D5A1186C}" refers to invalid object
"C:\WINDOWS\System32\ntpad.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{70B51430-B6CA-11D0-B9B9-00A0C922E750}" refers to invalid object
"ADMWPROX.DLL". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{80DA7FD6-47AF-4260-B1A4-0F76254B767B}" refers to invalid object
"C:\WINDOWS\System32\oigf.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{8298d101-f992-43b7-8eca-5052d885b995}" refers to invalid object
"ADMWPROX.DLL". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{83D4679F-B6D7-11D2-BF36-00C04FB90A03}" refers to invalid object
"C:\PROGRA~1\MESSEN~1\rtcimsp.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{8742ADC3-4B6D-4690-8407-7D87D482AADA}" refers to invalid object
"C:\WINDOWS\System32\oigf.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{88895560-9AA2-1069-930E-00AA0030EBC8}" refers to invalid object
"C:\WINDOWS\System32\hticons.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{889EC266-A298-4154-B002-3E8A0A37CAA6}" refers to invalid object
"C:\WINDOWS\System32\oigf.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{8A38DB67-52D2-1D7C-DA24-28AED1DF5A37}" refers to invalid object
"C:\WINDOWS\Downloaded Program Files\NMStarter15.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{8C99DE11-66B3-4EAD-93B4-16EA1014FCA2}" refers to invalid object
"C:\WINDOWS\System32\oigf.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{912DD550-3354-4ED7-A473-2D243362BA1B}" refers to invalid object
"C:\WINDOWS\System32\hmlo.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{91DA6287-52F0-4CCF-9D67-72842C9BB367}" refers to invalid object
"D:\INSANI~1\ui\SwDRM.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{A9E69612-B80D-11D0-B9B9-00A0C922E750}" refers to invalid object
"ADMWPROX.DLL". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{C11FD3C9-F2A5-44DC-860F-49B01A09495E}" refers to invalid object
"C:\Program Files\Common Files\ACD Systems\Video\ACDFX.ax". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{CD31BDFF-BAF0-4FB7-B5F3-0D266AE33C26}" refers to invalid object
"C:\WINDOWS\System32\oigf.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{E895F3C1-632E-4AFF-8DED-3FFCB2A3D096}" refers to invalid object
"C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{EF27E1B6-1C0A-BD2E-C76E-A486D45B9519}" refers to invalid object
"c:\progra~1\mcafee.com\vso\mcvsscrp.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{F376F132-5641-448D-A6CC-7DB363998454}" refers to invalid object
"C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{f612954d-3b0b-4c56-9563-227b7be624b4}" refers to invalid object
"ADMWPROX.DLL". Action Taken: No Action Taken.

Entry "HKCR\CLSID\{FB3A747D-A8BA-45FB-8196-1D442668796C}" refers to invalid object
"C:\Program Files\Common Files\Hyperbar\HyperbarSS3.dll". Action Taken: No Action Taken.

Entry "HKCR\Adobe.Illustrator.dwg" refers to invalid object
"{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}". Action Taken: No Action Taken.

Entry "HKCR\Adobe.Illustrator.dxf" refers to invalid object
"{C0ED15F0-61BB-11d3-B6CA-00C04F6A0D06}". Action Taken: No Action Taken.

Entry "HKCR\Alg.AlgSetup" refers to invalid object
"{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Entry "HKCR\Alg.AlgSetup.1" refers to invalid object
"{27D0BCCC-344D-4287-AF37-0C72C161C14C}". Action Taken: No Action Taken.

Entry "HKCR\ComPlusMetaData.MsCorHost" refers to invalid object
"{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Entry "HKCR\ComPlusMetaData.MsCorHost.2" refers to invalid object
"{727CDF4F-3BA0-11D3-8738-00C04F79ED0D}". Action Taken: No Action Taken.

Entry "HKCR\KDX.Install" refers to invalid object
"{F54C1137-5E34-4B95-95A5-BA56D4D8D743}". Action Taken: No Action Taken.

Entry "HKCR\KDX.Install.1" refers to invalid object
"{F54C1137-5E34-4B95-95A5-BA56D4D8D743}". Action Taken: No Action Taken.

Entry "HKCR\LiquidMotion.Config.1" refers to invalid object
"{BB357E70-511E-4B09-724C-97408FE85626}". Action Taken: No Action Taken.

Entry "HKCR\Plenoptic.Plenoptic" refers to invalid object
"{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Entry "HKCR\Plenoptic.Plenoptic.1" refers to invalid object
"{607C27E9-AB27-11d3-A116-A0EA50C10801}". Action Taken: No Action Taken.

Entry "HKCR\RTCCore.RTCClient" refers to invalid object
"{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Entry "HKCR\RTCCore.RTCClient.1" refers to invalid object
"{7a42ea29-a2b7-40c4-b091-f6f024aa89be}". Action Taken: No Action Taken.

Entry "HKCR\SymWriter.pdb" refers to invalid object
"{520DC67A-752E-11D3-8D56-00C04F680B2B}". Action Taken: No Action Taken.

Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr" refers to invalid object
"{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Entry "HKCR\WMPPublsihCntr.WMPPublsihCntr.1" refers to invalid object
"{939438A9-CF0F-44d8-9140-599736F0D3A2}". Action Taken: No Action Taken.

Entry "HKCR\WMPShell.HWEventHandler" refers to invalid object
"{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

Entry "HKCR\WMPShell.HWEventHandler.1" refers to invalid object
"{9B186A8F-F520-4eeb-B553-118304AC46C5}". Action Taken: No Action Taken.

File C:\WINDOWS\system32\in10b6.dll
infected by "TrojanDropper.Win32.Small.xm" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\in10b6.dll
infected by "Trojan-Dropper.Win32.Small.xm" Virus! Action Taken: No Action Taken

File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\Yahoo!\YPSR\Unwise32.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\Lavasoft\Ad-Aware SE Personal\UNWISE.EXE tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\ACD Systems\ACDSee\UNWISE.EXE tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\Musicmatch\Musicmatch Jukebox\UNWISE.EXE tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\Musicmatch\Musicmatch Update\MMJB\TDM\TDMInstall.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Program Files\Musicmatch\Musicmatch Update\TDM\TDMInstall.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\BACKUP C\Downloads\Program\FlashGet\UNWISE.EXE tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File C:\Downloads\mirc63-thai.exe tagged as
not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.

File C:\Downloads\mirc.exe tagged as
not-a-virus:Client-IRC.Win32.mIRC.03. No Action Taken.

File D:\BACKUP C\Downloads\fmemproen.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Downloads\Program\flashget.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Downloads\Program\stardown.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Downloads\Program\DivXPro.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Downloads\Program\Howies Quick Screen Capture.zip tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Downloads\Program\Howies Quick Screen Capture\Unwise.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Downloads\Program\FlashGet\UNWISE.EXE tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Downloads\Program\Plugins\FlashGet\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\adawaresetup.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\McAfeeVirusScan.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\setupscreenhunterfree.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\fgf160a.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\npfg11.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\mmsetup_9000122_CNET.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\ypsr_setup_cnetf_ppd.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\Kill trojan\ADWAREsepersonal.exe tagged as
not-a-virus:Tool.Win32.Reboot. No Action Taken.

File D:\BACKUP C\Program\Kill trojan\backups\backup-20050403-023022-216.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.

File D:\BACKUP C\Program\Kill trojan\backups\backup-20050403-023153-877.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.

File D:\BACKUP C\Program\Kill trojan\backups\backup-20050403-023731-856.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.

File D:\BACKUP C\Program\Kill trojan\backups\backup-20050403-023821-797.dll infected by "Trojan.Win32.StartPage.qr" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\in10b6.dll
infected by "Trojan-Dropper.Win32.Small.xm" Virus! Action Taken: No Action Taken.

File C:\WINDOWS\system32\Macromed\Shockwave 10\UNWISE.EXE tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.


Thank you very much
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP