Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

TR/Dldr.ConHook.K [CLOSED]


  • This topic is locked This topic is locked

#1
Devon Rathie-Wright

Devon Rathie-Wright

    New Member

  • Member
  • Pip
  • 4 posts
Hello.

I'm having a problem where I get an infinite number of RUNDLL errors stating that it cannot find Windows\DLL~1. This will only happen if I use explorer (example: if I open a folder). I am still able to browse my system using Run...but that's just silly.

I've done everything that the "Click here before posting a Hijack This Log" has said to do and I have also run drweb-cureit and l2mfix.

The Trojan that AntiVir picks up is TR/Dldr.ConHook.K. Filename:
C:\WINDOWS\SYSTEM32\JKHFG.DLL

Any attempts to delete this file in normal more or safe mode results in "This file is being used and cannot be deleted"

Attempts to do anything to JKHFG.DLL using AntiVir or HijackThis results in it doing nothing to the file, even though it says it does.

For fun I even opened up the file in Safe mode, deleted some of the data, and tried to save it, it wouldn't let me :tazz: (heh)

Help would be GREATLY appreciated.

Here's my HijackThis file.


Logfile of HijackThis v1.99.1
Scan saved at 10:12:38 AM, on 9/7/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\system32\ntvdm.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Yahoo!\Messenger\ypager.exe
C:\Program Files\Sony Handheld\HOTSYNC.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Devon Wright\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\.dll
O2 - BHO: (no name) - {8E13DDE1-E013-47ec-9C4C-27C2F78BDD26} - C:\WINDOWS\system32\jkhfg.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted IP range: 64.62.171.156
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124382298296
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard..../wowbeta/si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/t...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CE15BF9-A4F5-4544-93A4-B89CCC360B91}: NameServer = 24.66.94.195,24.66.94.212
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: jkhfg - C:\WINDOWS\SYSTEM32\jkhfg.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dynu Basic Dynamic DNS Service v2.6 (DynuBasic) - Unknown owner - C:\Program Files\Dynu Systems\Basic\basicsvc.exe (file missing)
O23 - Service: Dynu Premium Dynamic DNS Service v3.9 (DynuPremium) - Unknown owner - C:\Program Files\Dynu Systems\Premium\premisvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

Advertisements


#2
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome!

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk
    Please seek assistance at one of the following forums:
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\jkhfg.dll.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\jkhfg.dll
    O20 - Winlogon Notify: jkhfg - C:\WINDOWS\SYSTEM32\jkhfg.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic. :tazz:
  • 0

#3
Devon Rathie-Wright

Devon Rathie-Wright

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts

# At this point please type the following file path (make sure to enter it exactly as below!):

      C:\WINDOWS\jkhfg.dll.dll

# Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
# The fix will run then HijackThis will open.


After I press Enter, F6, Enter it requests another file name.
  • 0

#4
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Sorry for the late reply!! :tazz:

Please download cureit;
ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe

Run drweb - cureit
Double-click the "drweb-cureit.exe" and click "ok" in the prompt window that will open, asking "start the express scan now".
It will first make a quick scan of your system, let it clean what it finds, and when it says "done" in the lower left corner click on all your drive's.
A red dot will mark the selected drive(s) . Then hit the pedestrian who now has turned green.
Click on the green man in the right corner, it will scan ALL your drive's, hit yes to all.

Reboot.

Post a fresh HiJackThis log once finished.
  • 0

#5
Devon Rathie-Wright

Devon Rathie-Wright

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Problem appears to be corrected.

System is running normally again for me. Thank you so so much.


Logfile of HijackThis v1.99.1
Scan saved at 11:58:25 AM, on 9/10/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Caere\OmniPagePro90\opware32.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\AVPersonal\AVGNT.EXE
C:\WINDOWS\system32\ntvdm.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\AVPersonal\AVGUARD.EXE
C:\Program Files\Intel\ASF Agent\ASFAgent.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.40607\aspnet_admin.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Program Files\AVPersonal\AVWUPSRV.EXE
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Dell\OpenManage\Client\Iap.exe
C:\WINDOWS\System32\inetsrv\inetinfo.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\mysql\bin\mysqld-nt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\Devon Wright\My Documents\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = C:\WINDOWS\blank.htm
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapp...://my.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://red.clientapp...//www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://red.clientapp...//www.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: WsftpBrowserHelper Class - {601ED020-FB6C-11D3-87D8-0050DA59922B} - C:\Program Files\WS_FTP Pro\wsbho2k0.dll (file missing)
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\$NtUninstallQ328310$\msvcras.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Common\ycomp5_2_3_0.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [OmniPage] C:\Program Files\Caere\OmniPagePro90\opware32.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [AVG7_EMC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O4 - HKLM\..\Run: [AVGCtrl] "C:\Program Files\AVPersonal\AVGNT.EXE" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HotSync Manager.lnk = C:\Program Files\Sony Handheld\HOTSYNC.EXE
O8 - Extra context menu item: Yahoo! Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\Yahoo!\MESSEN~1\YPager.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.horse-active.net
O15 - Trusted Zone: *.horse-active.net (HKLM)
O15 - Trusted IP range: 64.62.171.156
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...ry/msgrchkr.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplane...DC_1_0_0_44.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1124382298296
O16 - DPF: {68BCE50A-DC9B-4519-A118-6FDA19DB450D} (Info Class) - http://www.blizzard..../wowbeta/si.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/t...nfo/webscan.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...StatsClient.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.c.../ymmapi_416.dll
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real...ArcadeRdxIE.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Java Runtime Environment 1.4.1_01) -
O16 - DPF: {CFCB7308-782F-11D4-BE27-000102598CE4} (NPX Control) - http://kr.pristontal...protect/npx.cab
O16 - DPF: {E855A2D4-987E-4F3B-A51C-64D10A7E2479} (EPSImageControl Class) - http://tools.ebayimg...ol_v1-0-3-0.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zon...ireShowdown.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{6CE15BF9-A4F5-4544-93A4-B89CCC360B91}: NameServer = 24.66.94.195,24.66.94.212
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: msvcras - C:\WINDOWS\$NtUninstallQ328310$\msvcras.dll
O23 - Service: AntiVir Service (AntiVirService) - H+BEDV Datentechnik GmbH - C:\Program Files\AVPersonal\AVGUARD.EXE
O23 - Service: ASF Agent (ASFAgent) - Intel Corporation - C:\Program Files\Intel\ASF Agent\ASFAgent.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AntiVir Update (AVWUpSrv) - H+BEDV Datentechnik GmbH, Germany - C:\Program Files\AVPersonal\AVWUPSRV.EXE
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Dynu Basic Dynamic DNS Service v2.6 (DynuBasic) - Unknown owner - C:\Program Files\Dynu Systems\Basic\basicsvc.exe (file missing)
O23 - Service: Dynu Premium Dynamic DNS Service v3.9 (DynuPremium) - Unknown owner - C:\Program Files\Dynu Systems\Premium\premisvc.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: Iap - Dell Computer Corporation - C:\Program Files\Dell\OpenManage\Client\Iap.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: MySql - Unknown owner - C:/mysql/bin/mysqld-nt.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\WINDOWS\System32\NMSSvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
  • 0

#6
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Nope, it's not cleaned yet.

Please print these instructions out for use in Safe Mode.

Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to extract the files
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning and a list of forums to seek help at.
    it should look like this

    VundoFix V2.1 by Atri
    By pressing enter you agree that you are using this at your own risk
    Please seek assistance at one of the following forums:
    http://www.atribune.org/forums
    http://www.247fixes.com/forums
    http://www.geekstogo.com/forum
    http://forums.net-integration.net

  • At this point press enter one time.
  • Next you will see:

    Type in the filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\$NtUninstallQ328310$\msvcras.dll
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • Next you will see:

    Please type in the second filepath as instructed by the forum staff
    Then Press Enter, Then F6, Then Enter Again to continue with the fix.

  • At this point please type the following file path (make sure to enter it exactly as below!):C:\WINDOWS\$NtUninstallQ328310$\sarcwsm.* This will be the vundo filename spelt backwards. for example if the vundo dll was vundo.dll you would have the user enter odnuv.*
  • Press Enter, then press the F6 key, then press Enter one more time to continue with the fix.
  • The fix will run then HijackThis will open.
  • In HiJackThis, please place a check next to the following items and click FIX CHECKED:O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\$NtUninstallQ328310$\msvcras.dll
    O20 - Winlogon Notify: msvcras - C:\WINDOWS\$NtUninstallQ328310$\msvcras.dll
  • After you have fixed these items, close Hijackthis and Press any key to Force a reboot of your computer.
  • Pressing any key will cause a "Blue Screen of Death" this is normal, do not worry!
  • Once your machine reboots please continue with the instructions below.
Download and install CleanUp!

Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
  • Empty Recycle Bins
  • Delete Cookies
  • Delete Prefetch files
  • Cleanup! All Users
Click OK
Press the CleanUp! button to start the program.

It may ask you to reboot at the end, click NO.

Then, please run this online virus scan: ActiveScan

Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic. :tazz:
  • 0

#7
Devon Rathie-Wright

Devon Rathie-Wright

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Active Scan:

Incident Status Location

Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[first_part.zip]
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000007.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000010.txt][Important.zip][Important.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000013.txt][Notice.zip][Notice.txt
Virus:W32/Netsky.Q.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[message11100.zip]
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Notice.zip][Notice.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000023.txt][Details.zip][Details.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000026.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000029.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000032.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000035.txt][Important.zip][Important.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000038.txt][Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000043.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000048.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000051.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000054.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000057.txt][Textfile.zip][Textfile.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000061.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000064.txt][Important.zip][Important.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000067.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Details.zip][Details.txt
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000088.txt][Readme.zip]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000110.txt][You_will_answer_to_me.zip]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000113.txt][msg.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[data.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[details.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000123.txt][data02.zip][data.rtf .scr
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[document05.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000129.txt][details_devon.zip][details.txt
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[message.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000134.txt][letter.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000143.txt][document_devon.zip][data.rtf
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[letter_devon.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000148.txt][story_devon.zip][document.txt .ex
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[details.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000158.txt][www.myx4free.zip][document.txt .e
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[msg.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000163.txt][document.zip][data.rtf .s
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000166.txt][data.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[readme_devon.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[data.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000178.txt][message.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000195.txt][abuse_list_devon.zip][document.txt
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000198.txt][document01.zip][data.rtf
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[msg.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000209.txt][message.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000212.txt][message.zip][data.rtf .sc
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000219.txt][message.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[document_all.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[msg.zip][document.txt .exe]
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000256.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000260.txt][Textfile.zip][Textfile.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000264.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000302.txt][Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000310.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000313.txt][Notice.zip][Notice.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000320.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000326.txt][Details.zip][Details.txt
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Inbox[~000044.txt][MoreInfo.zip]
Virus:Trj/Pakes.AV Disinfected C:\Documents and Settings\Devon Wright\My Documents\hijackthis\backups\backup-20050906-195212-884.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\.dll
Adware:Adware/BrowsePal No disinfected C:\WINDOWS\SYSTEM32\ctbv2.dll
Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:Adware/SBSoft No disinfected C:\WINDOWS\webdlg32.inf
Adware:Adware/Popup.pop No disinfected C:\WINDOWS\winsx.inf

HiJackThis log

Incident Status Location

Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[first_part.zip]
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000007.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000010.txt][Important.zip][Important.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000013.txt][Notice.zip][Notice.txt
Virus:W32/Netsky.Q.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[message11100.zip]
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Notice.zip][Notice.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000023.txt][Details.zip][Details.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000026.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000029.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000032.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000035.txt][Important.zip][Important.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000038.txt][Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000043.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000048.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000051.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000054.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000057.txt][Textfile.zip][Textfile.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000061.txt][Part-2.zip][Part-2.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000064.txt][Important.zip][Important.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000067.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Details.zip][Details.txt
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000088.txt][Readme.zip]
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000110.txt][You_will_answer_to_me.zip]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000113.txt][msg.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[data.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[details.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000123.txt][data02.zip][data.rtf .scr
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[document05.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000129.txt][details_devon.zip][details.txt
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[message.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000134.txt][letter.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000143.txt][document_devon.zip][data.rtf
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[letter_devon.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000148.txt][story_devon.zip][document.txt .ex
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[details.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000158.txt][www.myx4free.zip][document.txt .e
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[msg.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000163.txt][document.zip][data.rtf .s
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000166.txt][data.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[readme_devon.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[data.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000178.txt][message.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000195.txt][abuse_list_devon.zip][document.txt
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000198.txt][document01.zip][data.rtf
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[msg.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000209.txt][message.zip][document.txt .exe]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000212.txt][message.zip][data.rtf .sc
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000219.txt][message.zip][details.txt .pif]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[document_all.zip][data.rtf .scr]
Virus:W32/Netsky.P.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[msg.zip][document.txt .exe]
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000256.txt][Informations.zip][Informations.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000260.txt][Textfile.zip][Textfile.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000264.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000302.txt][Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[Bill.zip][Bill.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000310.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000313.txt][Notice.zip][Notice.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000320.txt][Data.zip][Data.txt
Virus:W32/Netsky.Z.worm Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items[~000326.txt][Details.zip][Details.txt
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Inbox[~000044.txt][MoreInfo.zip]
Virus:Trj/Pakes.AV Disinfected C:\Documents and Settings\Devon Wright\My Documents\hijackthis\backups\backup-20050906-195212-884.dll
Virus:Trj/Pakes.AV Disinfected C:\WINDOWS\.dll
Adware:Adware/BrowsePal No disinfected C:\WINDOWS\SYSTEM32\ctbv2.dll
Spyware:spyware/whazit No disinfected C:\WINDOWS\SYSTEM32\fiz1
Adware:Adware/SBSoft No disinfected C:\WINDOWS\webdlg32.inf
Adware:Adware/Popup.pop No disinfected C:\WINDOWS\winsx.inf

Vundofix.txt

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Suspending PID 180 'smss.exe'
Threads [184][188][192]

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 748 'explorer.exe'

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Error, Cannot find a process with an image name of rundll32.exe

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright© 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 252 'winlogon.exe'
File Deleted sucessfully.
Files Deleted sucessfully.
  • 0

#8
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Can you first empty this folder:

C:\Documents and Settings\Devon Wright\Application Data\Thunderbird\Profiles\default.jy9\Mail\Local Folders\Outlook Express Mail.sbd\Deleted Items\

When done, please do the following..
  • Clean out temporary files:
  • Click Start -> Run and type in: cleanmgr
  • Click "Ok".
  • Let it scan your system.
  • Make sure Temporary Files, Temporary Internet Files, and Recycle Bin are the only ones checked.
  • Click "OK" to remove them.
  • Click "Yes" to confirm the deletion.
Then post a fresh HiJackThis log. :tazz:
  • 0

#9
Rawe

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP