Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Malware and viruses killing my pc [RESOLVED]

Started by Brego , Sep 03 2005 04:52 PM

This topic is locked

#1
Brego

Posted 03 September 2005 - 04:52 PM

New Member

Member
6 posts

Hello all ive got a problem i would love someone to help me with.
Whilest browseing the internet today one of my windows crashed, after spamming left click/close and the "end task" pop up the window closed, but it apears viruses might of been downloaded whilest this window was not responding.
Ive spent most of today batteling with my homepage/popups/explorer not responding it im getting annoyed.
Ive ran ALOT of programs today, Avast Antivirus, Xoftspy, Adaware, cwshredder and Aboutbuster. All of these have picked up files and claimed to get rid of them, only to get a windows message some time later warning me of suspicious network activity and malicious software is trying to steal my private information, and to have my firewall asking me if i want programs ive never heard of to acsess the net (i always click no)
A few file names i remember off hand are a couple cws ones and as ive typed this atlqg32.
Does anyone know what these programs are missing thats corseing this to re-install itself everytime ive got rid of it?
im useing firefox at moment as the pop ups dont apear with it, although i do get the malicious software windows warning which scares the pants off me.

Heres my hijack this log.

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
E:\Program Files\Alwil Software\Avast4\ashServ.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
E:\Program Files\Alwil Software\Avast4\ashWebSv.exe
E:\WINDOWS\system32\atlqg32.exe
E:\WINDOWS\system32\ieoq.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\ALCWZRD.EXE
E:\WINDOWS\ALCMTR.EXE
E:\Program Files\ASUS\Probe\AsusProb.exe
E:\ZoneAlarm\zlclient.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\WINDOWS\system32\GSICON.EXE
E:\WINDOWS\system32\dslagent.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\GetRight\getright.exe
E:\Program Files\GetRight\getright.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Documents and Settings\kwitt\Desktop\hijackthis1991-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\kmpcd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\kmpcd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\kmpcd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\kmpcd.dll/sp.html#37049
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\kmpcd.dll/sp.html#37049
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\kmpcd.dll/sp.html#37049
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\kmpcd.dll/sp.html#37049
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Class - {F5432620-8C5D-E85E-7F03-D49E69AA6B34} - E:\WINDOWS\appoe.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ASUS Probe] e:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] E:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [appzh32.exe] E:\WINDOWS\appzh32.exe
O4 - HKLM\..\Run: [atlqg32.exe] E:\WINDOWS\system32\atlqg32.exe
O4 - HKLM\..\RunOnce: [netvo32.exe] E:\WINDOWS\netvo32.exe
O4 - HKLM\..\RunOnce: [msfm32.exe] E:\WINDOWS\system32\msfm32.exe
O4 - HKLM\..\RunOnce: [d3jp.exe] E:\WINDOWS\d3jp.exe
O4 - HKLM\..\RunOnce: [winoo.exe] E:\WINDOWS\winoo.exe
O4 - HKLM\..\RunOnce: [mfcnk.exe] E:\WINDOWS\mfcnk.exe
O4 - HKLM\..\RunOnce: [netzv.exe] E:\WINDOWS\system32\netzv.exe
O4 - HKLM\..\RunOnce: [ieoq.exe] E:\WINDOWS\system32\ieoq.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = E:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FAEBA40-6389-45AF-9E42-A5CA95F0A368}: NameServer = 212.50.160.100 213.249.130.100
O23 - Service: Network Security Service ( 11Fßä#·ºÄÖ`I) - Unknown owner - E:\WINDOWS\netvo32.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - E:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - E:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

Please help!

#2
Buckeye_Sam

Posted 05 September 2005 - 07:23 AM

Malware Expert

Member
10,019 posts

Hi and welcome to GeeksToGo! My name is Sam and I will be helping you. :tazz:

I see you are running Hijackthis from your desktop. Please create a directory on your c: drive called c:\hijackthis and move hijackthis into that directory. Run the program from that directory from now on. It is essential that you follow these steps or certain important features of the program will not function correctly.

Once you have Hijackthis running from a within a folder please reboot and post a new hijackthis log. You must include the header information that is at the very top of the log.

#3
Brego

Posted 05 September 2005 - 11:32 AM

New Member

Topic Starter
Member
6 posts

Thank you very much for taking the time to reply

sorry about the whole desktop thing, i overlooked it.

Ive just had AVG warn me about a trojan in almost all my .exe files in windows :S i think ive cleaned that up, man this malware thing is a joke, who makes this stuff and why?

anyway heres a new hackthis log

Do you know if using my IPOD to transfer some songs would endangour it whilest i have this virus thing?

Also, as a side note, i think i adentified the malware i have, "coolwwwsearch.homesearch" and 2 other coolwww names i cant recall, 2 of them i can delete with "search and destroy" (only for the to return later), but the other one it wont delete/fix due to it running, ive tryed the reboot mode where it runs a search before most of windows has booted, says the same thing, even ryed safe mode with as much as i could closed in background :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 17:59:52, on 05/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\wuauclt.exe
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\ALCWZRD.EXE
E:\Program Files\ASUS\Probe\AsusProb.exe
E:\ZoneAlarm\zlclient.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\WINDOWS\system32\GSICON.EXE
E:\WINDOWS\system32\dslagent.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\ALCMTR.EXE
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\GetRight\getright.exe
E:\Program Files\GetRight\getright.exe
E:\Hijak this\hijackthis1991-1.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R3 - Default URLSearchHook is missing
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O2 - BHO: Class - {3EE97F31-5E94-78B0-8A51-18BEDACA18C9} - E:\WINDOWS\addzc32.dll
O2 - BHO: Class - {C2D8452E-2FEC-F517-A5AF-A552035DE43F} - E:\WINDOWS\mfcxk.dll
O2 - BHO: Class - {DE3BE214-07C2-427C-4913-9AD131736B37} - E:\WINDOWS\system32\ipto.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ASUS Probe] e:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [netqe.exe] E:\WINDOWS\system32\netqe.exe
O4 - HKLM\..\Run: [mswf32.exe] E:\WINDOWS\mswf32.exe
O4 - HKLM\..\RunOnce: [apikx32.exe] E:\WINDOWS\apikx32.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = E:\Program Files\GetRight\getright.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - E:\WINDOWS\javaiv.exe" /s (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

#4
Buckeye_Sam

Posted 05 September 2005 - 04:54 PM

Malware Expert

Member
10,019 posts

Your songs and your ipod should be just fine. Nothing to worry about from this. You have a CoolWebSearch infection called Home Search Assistant or HSA. There's a lot of different variations of it, but this fix has been pretty good.

We are going to need some tools to remove this infection. Please download, install, and update any of these programs that you don't already have. Do not run any of them yet.

Next I want you to make sure that you can VIEW ALL HIDDEN FILES.

If you have problems with any of these steps make a note of the problem and then continue on to the next step. Let me know of any problems in your next reply. Much of this fix has to be performed in Safe Mode where you won't be able to access the Internet.

Please print out these instructions.

Please reboot your computer in SafeMode by doing the following:

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
Instead of Windows loading as normal, a menu should appear
Select the first option, to run Windows in Safe Mode.

* if you have trouble getting into Safe mode go here for more info.

=============

Once in Safe mode follow these steps:

Run Hijackthis again, click scan, and Put a checkmark next to each of these. Then close all other windows--you should only see HijackThis on your Desktop--and click the Fix Checked button.

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = res://E:\WINDOWS\system32\kbtka.dll/sp.html#58582
R3 - Default URLSearchHook is missing
O2 - BHO: Class - {3EE97F31-5E94-78B0-8A51-18BEDACA18C9} - E:\WINDOWS\addzc32.dll
O2 - BHO: Class - {C2D8452E-2FEC-F517-A5AF-A552035DE43F} - E:\WINDOWS\mfcxk.dll
O2 - BHO: Class - {DE3BE214-07C2-427C-4913-9AD131736B37} - E:\WINDOWS\system32\ipto.dll
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [netqe.exe] E:\WINDOWS\system32\netqe.exe
O4 - HKLM\..\Run: [mswf32.exe] E:\WINDOWS\mswf32.exe
O4 - HKLM\..\RunOnce: [apikx32.exe] E:\WINDOWS\apikx32.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O23 - Service: Network Security Service (NSS) ( 11Fßä#·ºÄÖ`I) - Unknown owner - E:\WINDOWS\javaiv.exe" /s (file missing)
Next run CWShredder, making sure to click "Fix".
Double click AboutBuster.exe that you downloaded earlier. Click OK, click Start, then click OK. This will scan your computer for the bad files and delete them. Save the report(copy and paste into notepad or wordpad and save as a .txt file) and post a copy back here when you are done with all the steps.
Run Ewido:
- Click on scanner
- Click Complete System Scan and the scan will begin.
- During the scan it will prompt you to clean files, click OK
- When it asks if you want to clean the first file, put a check in the lower left corner of the box that says "Perform action on all infections" then choose clean and click OK.
- When the scan is finished, click the Save report button at the bottom of the screen.
- Save the report to your desktop
Close Ewido
Finally run a full scan with Adaware.

Reboot your computer to go back to normal mode and post a new hijackthis log, the Ewido log, and the log from About Buster.
* If the Ewido log is too large to post please attach it to your next reply so that I can still review it.

#5
Brego

Posted 06 September 2005 - 12:58 PM

New Member

Topic Starter
Member
6 posts

hello again

thanks for the reply once more.

Ive followed your instuctions (rather hard actually, as i dont own a printer and theres ALOT to write down :tazz:

) and i have the relivant logs.
i DONT have the AboutBuster log as i got a error message at end, somthing about "comctl32.ocx", ive since read the readme and saw that i should of downloaded an editional file. But that aside ive ran the rest (wow that ewido is a long scan, it just a virus/trojan check or what? took over an hour).

Logfile of HijackThis v1.99.1
Scan saved at 19:52:44, on 06/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\ewido\security suite\ewidoguard.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\ALCWZRD.EXE
E:\Program Files\ASUS\Probe\AsusProb.exe
E:\ZoneAlarm\zlclient.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\WINDOWS\system32\GSICON.EXE
E:\WINDOWS\system32\dslagent.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\GetRight\getright.exe
E:\Program Files\GetRight\getright.exe
E:\WINDOWS\system32\wuauclt.exe
E:\Hijak this\hijackthis1991-1.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ASUS Probe] e:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = E:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------

+ Created on: 19:42:10, 06/09/2005
+ Report-Checksum: 5F6E12D9

+ Scan result:

HKLM\SOFTWARE\Classes\CLSID\{1674BCBE-46DE-7BAB-FBFA-CA15D9FEB632} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{67654C62-B847-D47B-7386-202E338F4761} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A8703447-9782-72D3-AA41-606A7E155CE5} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{A94D3AA0-A235-876E-2DCD-617E08BD8301} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{B4F697AE-7E58-DC0D-D012-24F83EAB9F25} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D223F02D-058E-2CFE-D02D-81826009252B} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{D6063F46-66EC-A24F-FC65-2CF52E8C6A80} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{F3267BA7-14CC-4368-6BFC-E59341D01507} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FA112FA2-B6C7-CE6A-DE50-FEAF22C15154} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{FC955BB2-DAA2-E394-1DD3-E8A207B823A6} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-854245398-616249376-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75A46C7E-D7AB-55F3-8DF2-D9A7FFD913E6} -> Spyware.CoolWebSearch : Cleaned with backup
HKU\S-1-5-21-854245398-616249376-1801674531-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C559105-9ECF-42B8-B3F7-832E75EDD959} -> Spyware.ISTBar : Cleaned with backup
C:\Downloads\D2ProphecySetup-dm.exe -> Spyware.Trymedia : Cleaned with backup
E:\aof\Act of War Demo\actofwardemo.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup
:mozilla.7:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Tribalfusion : Cleaned with backup
:mozilla.36:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.37:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.38:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.39:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.42:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.49:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Serving-sys : Cleaned with backup
:mozilla.65:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
:mozilla.66:E:\Documents and Settings\kwitt\Application Data\Mozilla\Firefox\Profiles\odyxb17k.default\cookies.txt -> Spyware.Cookie.Googleadservices : Cleaned with backup
E:\Hijak this\backups\backup-20050906-182056-933.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\ALCFDRTM.VER:ntyxf -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\apigm.exe -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\apikx32.exe -> Trojan.Agent.bi : Cleaned with backup
E:\WINDOWS\Ascd_tmp.ini:uzhna -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\bcm.ini:mlgbu -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\bcm.ini:qxirr -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Blue Lace 16.bmp:fmmre -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Blue Lace 16.bmp:ibubg -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Blue Lace 16.bmp:qaxdm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Blue Lace 16.bmp:wpclt -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\bootstat.dat:bbcgp -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\bootstat.dat:ichia -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\chipset.log:eezoo -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\clock.avi:hnyzx -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\clock.avi:qncpc -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\clock.avi:svtyov -> Trojan.Agent.bi : Cleaned with backup
E:\WINDOWS\Coffee Bean.bmp:bztkn -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Coffee Bean.bmp:weruq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\comsetup.log:bfomt -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\control.ini:gcteu -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\control.ini:hrgwq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\control.ini:tzzau -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\desktop.ini:augru -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\desktop.ini:pfczk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\dijeg.txt:phcvp -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\dijeg.txt:shkru -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\DirectX.log:dmeaj -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\DirectX.log:lwhke -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\DirectX.log:yjqmc -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\DtcInstall.log:dxwrli -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\DtcInstall.log:kvtjxt -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\DtcInstall.log:yaixu -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\euuiz.dat:mwjla -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\explorer.scf:ebclr -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\explorer.scf:tjdtr -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\FaxSetup.log:egrfq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\FaxSetup.log:rvexq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\FeatherTexture.bmp:mxdyn -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\fvjdq.txt:ajnom -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\fvjdq.txt:dmpwc -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\fvjdq.txt:wxkca -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\GEARInstall.log:iluwy -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\GEARInstall.log:ubpsy -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\gkqtb.txt:xpmeo -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Gone Fishing.bmp:cjdjv -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Gone Fishing.bmp:elglf -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Gone Fishing.bmp:nlxpe -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Greenstone.bmp:frzcz -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Greenstone.bmp:vwwtu -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\hjqxy.txt:buevk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\hjqxy.txt:qkuqz -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\hjqxy.txt:xygqk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\hrspb.dat:aeock -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\hrspb.dat:ooapy -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\iepd.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\iis6.log:cbrjp -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\imsins.log:fcslv -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\imsins.log:metkys -> Trojan.Agent.bi : Cleaned with backup
E:\WINDOWS\KB835221.log:jzzkj -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB835221.log:nlhcr -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB835221.log:yycee -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB873333.log:skloiw -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB873333.log:vdviq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB873333.log:yebhb -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB873339.log:blfbw -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB873339.log:gtsla -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB885835.log:lyavh -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB885836.log:dvewin -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB885836.log:gwrax -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB886185.log:bznwb -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB887472.log:gvwtgs -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB887472.log:jajec -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB887472.log:uakvg -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB887472.log:xadmq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB887472.log:yfgan -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB887742.log:rueex -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB887742.log:sioft -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB888302.log:ynoyac -> Trojan.Agent.bi : Cleaned with backup
E:\WINDOWS\KB890046.log:cowqq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB890046.log:qvkng -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB890046.log:ryctl -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB890046.log:zokqq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB890859.log:ddzqen -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB890859.log:tmjsp -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB891781.log:itpwm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB893066.log:dcaxq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB893066.log:zwsfo -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB893803v2.log:bpnyd -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB893803v2.log:kpojn -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB893803v2.log:lewsp -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB893803v2Uninst.log:ennll -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB893803v2Uninst.log:gphyc -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB894391.log:lbsbn -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB894391.log:qgftt -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB894391.log:udqzw -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB896358.log:giofd -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB896358.log:kywxk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB896358.log:mewha -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB896422.log:fqsop -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB896428.log:wfzkm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB898461.log:jqsrz -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB898461.log:tvalf -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB899587.log:biiep -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB899587.log:bvpct -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB899587.log:ocvmk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB899587.log:xebjt -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB899588.log:qbrqa -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB899588.log:xyhso -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\KB901214.log:lmgxl -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\KB901214.log:vbruu -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\MedCtrOC.log:bopju -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\msdfmap.ini:eplwb -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\msdfmap.ini:nvccm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\msdfmap.ini:wtvfq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\msdfmap.ini:ysxhh -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\msgsocm.log:mxsmp -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\msgsocm.log:pgrjd -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\msmqinst.log:ogshi -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\msmqinst.log:twijk -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\netfxocm.log:bsykij -> Trojan.Agent.bi : Cleaned with backup
E:\WINDOWS\netfxocm.log:plniv -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\nkrop.txt:guumr -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\nsreg.dat:aqfmg -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\nsreg.dat:mqstq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\nsreg.dat:omfuo -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\ntdtcsetup.log:btbse -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\ntdtcsetup.log:hvypm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\ocmsn.log:aacbz -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\ODBCINST.INI:amqbr -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\OEWABLog.txt:exltg -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\OEWABLog.txt:roinl -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Prairie Wind.bmp:euuizg -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\qbkir.txt:iydqc -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\qbkir.txt:qhggs -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\regopt.log:pbiik -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\River Sumida.bmp:dxxyk -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\River Sumida.bmp:femqr -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Santa Fe Stucco.bmp:xbwjb -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Santa Fe Stucco.bmp:zqeoa -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\sessmgr.setup.log:bajrp -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\sessmgr.setup.log:tzoby -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\setupact.log:aulbh -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\setupact.log:vgkhh -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\setupapi.log:hvzcx -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\setupapi.log:lowsi -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\setuperr.log:dguat -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\setuplog.txt:ozjrg -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\setuplog.txt:rxpjb -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Soap Bubbles.bmp:cidhs -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Soap Bubbles.bmp:muyel -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Sti_Trace.log:fverx -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Sti_Trace.log:kovvn -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Sti_Trace.log:niggh -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\system.ini:fwprn -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\system.ini:iwuyws -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\system.ini:yivzd -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\system32\atlqg32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\system32\ipqz32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\system32\msuz.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\system32\mswi.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\system32\mszs32.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\system32\netqe.dll -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\teggh.txt:ohxlq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\teggh.txt:uzsux -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\vb.ini:nkgao -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\vb.ini:qkjzd -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\vbaddin.ini:malzet -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\vbaddin.ini:qwhcl -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\wiadebug.log:kbpsl -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\wiadebug.log:xwjoh -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\wiaservc.log:ixajk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\win.ini:efjye -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\win.ini:znkwo -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\WindowsUpdate.log:fqyrg -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\WindowsUpdate.log:srfro -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\winnt256.bmp:mvdpi -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\winnt256.bmp:polnl -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\winop.exe -> Trojan.Agent.bi : Cleaned with backup
E:\WINDOWS\wmsetup.log:bhnho -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\wmsetup.log:vcsdi -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\wmsetup.log:yxecw -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\WMSysPr9.prx:khngk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\WMSysPr9.prx:unhoqn -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\wwdslcfg.ini:bawwt -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\wwdslcfg.ini:blmjw -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\wwdslcfg.ini:pccvy -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\wwdslcfg.log:qsbkc -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\wwdslcfg.log:yqbdgy -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\ydi.log:ahdku -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\ydi.log:dswgy -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Zapotec.bmp:bcogw -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\Zapotec.bmp:jyhmt -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Zapotec.bmp:mjqzk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Zapotec.bmp:pwpae -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\Zapotec.bmp:sqwyi -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:adxfv -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:agjxc -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:aksjol -> Trojan.Agent.bi : Cleaned with backup
E:\WINDOWS\_default.pif:akvtk -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:apose -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:arqqv -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:attqp -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:bgkfd -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:biivm -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:bjizw -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:bobim -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:bqtvl -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:bvmkl -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:cbjcy -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:cjvmq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:ckgcc -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:clbqw -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:coece -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:cqaoh -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:dagdq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:dcbbz -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:dckeb -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:defts -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:degqx -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:dexrq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:djzxl -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:dklom -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:dnlds -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:eaxzw -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:ekgas -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:enqzj -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:fdytc -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:fgdzn -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:fggqk -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:fkyfm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:fvtuz -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:fwcvd -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:gdobo -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:gfacm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:gggsu -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:glohi -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:glusd -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:gnaxn -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:gzkrr -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:gzutq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:haizd -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:hcass -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:hilde -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:hiuhz -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:hztyo -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:ictuv -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:iflew -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:iiadt -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:iidaz -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:ilyre -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:ilzfn -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:inied -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:iqvlm -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:iuioy -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:jepch -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:jfvde -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:jhrlq -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:jpdqk -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:jpdsu -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:jtkmq -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:jwddl -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:kbhql -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:kqrlb -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:lfjyr -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:lmylg -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:lrjmm -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:lrvbr -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:luhzp -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:lvtgv -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:lvwil -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:mcfhe -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:mjfni -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:mjloi -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:mppvh -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:mulpx -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:mvrzt -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:ncsah -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:ncuuv -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:nijyp -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:nkrop -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:nmjmr -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:novjx -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:nrctj -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:nytab -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:odvxx -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:ofjbt -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:olcii -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:omfuk -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:ovflv -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:perlp -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:ppnyy -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:pvoit -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_default.pif:qegfg -> TrojanDownloader.Agent.bc : Cleaned with backup
E:\WINDOWS\_default.pif:qirjg -> TrojanDownloader.Agent.bq : Cleaned with backup
E:\WINDOWS\_ds45.tmp:qpqwfu -> TrojanDownloader.Agent.bc : Cleaned with backup

::Report End

Thanks again!

#6
Brego

Posted 06 September 2005 - 01:03 PM

New Member

Topic Starter
Member
6 posts

I seem to be having a problem with somthing called "Trojanhorse agent.db" or some such, now and again avg pops up saying its found a file with it in, but a scan with avg of the file reveals nothing, and i dont get a "heal" option on the file.
I ran a ewido scan on a file avg found the virus in "E:\Windows\_defauly.pif:qkmal and it picked up 60 infections and cleared em..... i hate pc's....
On the plus side, i scedhule a Search and Destroy scan and it picked up nothing :tazz:

#7
Buckeye_Sam

Posted 06 September 2005 - 03:52 PM

Malware Expert

Member
10,019 posts

It was deeply imbedded so there's probably some leftover files that AVG is picking up.

Please download and install Cleanup 4.0

Now run CleanUp
IMPORTANT!
CleanUp deletes EVERYTHING out of your temp/temporary folders, it does not make backups.
If you have any documents or programs that are saved in any Temporary Folders, please make a backup of these before running CleanUp

Running CleanUp

Start CleanUp by double-clicking the icon on your desktop (or from the Start > All Programs menu).
When CleanUp starts go to the Options button (right side of CleanUp screen)
Move the arrow down to "Custom CleanUp!"
Now place a checkmark next to the following (Make sure nothing else is checked!):
- Delete Cookies
  This is optional, if you leave the box checked it will remove all of your cookies, at this point removing cookies is a good idea
- Empty Recycle Bins
- Delete Prefetch files
- Cleanup! All Users
Click OK
Then click on the CleanUp button. This will take a short while, let it do its thing.
When asked to reboot system select No
Close CleanUp

Run a full scan with Ewido once again and save the log.

Reboot and post a new hijackthis log and the log from Ewido.

#8
Brego

Posted 07 September 2005 - 11:54 AM

New Member

Topic Starter
Member
6 posts

you the MAN!!!

Ive done another ewodo scan and it found nothing, and below is my Hijak this log. Well thats one virus delt with (hopefully), is it a coincidence that my pc gets a Virus same day i come down with one myself ([bleep] cold), who knows, dont suppose you know any cures for that too? :tazz:

Logfile of HijackThis v1.99.1
Scan saved at 18:50:41, on 07/09/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
E:\Program Files\ewido\security suite\ewidoctrl.exe
E:\Program Files\ewido\security suite\ewidoguard.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\SOUNDMAN.EXE
E:\WINDOWS\ALCWZRD.EXE
E:\Program Files\ASUS\Probe\AsusProb.exe
E:\ZoneAlarm\zlclient.exe
E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
E:\WINDOWS\system32\GSICON.EXE
E:\WINDOWS\system32\dslagent.exe
E:\Program Files\QuickTime\qttask.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Program Files\GetRight\getright.exe
E:\Program Files\GetRight\getright.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\ZoneLabs\vsmon.exe
E:\Program Files\Mozilla Firefox\firefox.exe
E:\Hijak this\hijackthis1991-1.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - E:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAudPropShortcut.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [ASUS Probe] e:\Program Files\ASUS\Probe\AsusProb.exe
O4 - HKLM\..\Run: [Zone Labs Client] E:\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE E:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] E:\Program Files\Java\jre1.5.0_02\bin\jusched.exe
O4 - HKLM\..\Run: [GSICONEXE] GSICON.EXE
O4 - HKLM\..\Run: [DSLAGENTEXE] dslagent.exe USB
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] E:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: GetRight - Tray Icon.lnk = E:\Program Files\GetRight\getright.exe
O8 - Extra context menu item: Download with GetRight - E:\Program Files\GetRight\GRdownload.htm
O8 - Extra context menu item: Open with GetRight Browser - E:\Program Files\GetRight\GRbrowse.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_02\bin\npjpi150_02.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pdownloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6FAEBA40-6389-45AF-9E42-A5CA95F0A368}: NameServer = 212.50.160.100 213.249.130.100
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - E:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - E:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: iPod Service (iPodService) - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - E:\WINDOWS\system32\ZoneLabs\vsmon.exe

Thanks alot for all ya help so far

#9
Buckeye_Sam

Posted 07 September 2005 - 03:53 PM

Malware Expert

Member
10,019 posts

Your log looks clean to me! :tazz:

Now that you are clean, please follow these simple steps in order to keep your computer clean and secure:

Disable and Enable System Restore. - If you are using Windows ME or XP then you should disable and reenable system restore to make sure there are no infected files found in a restore point left over from what we have just cleaned.

You can find instructions on how to enable and reenable system restore here:

Managing Windows Millenium System Restore

or

Windows XP System Restore Guide

Renable system restore with instructions from tutorial above
Make your Internet Explorer more secure - This can be done by following these simple instructions:
- From within Internet Explorer click on the Tools menu and then click on Options.
- Click once on the Security tab
- Click once on the Internet icon so it becomes highlighted.
- Click once on the Custom Level button.
  - Change the Download signed ActiveX controls to Prompt
  - Change the Download unsigned ActiveX controls to Disable
  - Change the Initialize and script ActiveX controls not marked as safe to Disable
  - Change the Installation of desktop items to Prompt
  - Change the Launching programs and files in an IFRAME to Prompt
  - Change the Navigate sub-frames across different domains to Prompt
  - When all these settings have been made, click on the OK button.
  - If it prompts you as to whether or not you want to save the settings, press the Yes button.
- Next press the Apply button and then the OK to exit the Internet Properties page.
Use an AntiVirus Software - It is very important that your computer has an anti-virus software running on your machine. This alone can save you a lot of trouble with malware in the future.

See this link for a listing of some online & their stand-alone antivirus programs:

Virus, Spyware, and Malware Protection and Removal Resources
Update your AntiVirus Software - It is imperitive that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
Use a Firewall - I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is succeptible to being hacked and taken over. I am very serious about this and see it happen almost every day with my clients. Simply using a Firewall in its default configuration can lower your risk greatly.

For a tutorial on Firewalls and a listing of some available ones see the link below:

Understanding and Using Firewalls
Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Spybot - Search and Destroy - Install and download Spybot - Search and Destroy with its TeaTimer option. This will provide realtime spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an antivirus software.

A tutorial on installing & using this product can be found here:

Using Spybot - Search & Destroy to remove Spyware , Malware, and Hijackers
Install Ad-Aware - Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot.

A tutorial on installing & using this product can be found here:

Using Ad-aware to remove Spyware, Malware, & Hijackers from Your Computer
Install SpywareBlaster - SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

A tutorial on installing & using this product can be found here:

Using SpywareBlaster to protect your computer from Spyware and Malware
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

Follow this list and your potential for being infected again will reduce dramatically.

I can't help you with your other virus, but I do hope you feel better soon.

#10
Brego

Posted 08 September 2005 - 11:24 AM

New Member

Topic Starter
Member
6 posts

Thank you! realy, i was getting depressed at the thought of having to re-install everything on my pc.
Im planning on useing firefox from now on, ive had to much trouble with IE in the past
Well all the best in your future virus busting adventures :tazz:

Thanks again!

#11
Buckeye_Sam

Posted 08 September 2005 - 06:39 PM

Malware Expert

Member
10,019 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :tazz:

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.