well I don't understand what you mean run bfu fix cause doesn't bfu delete files?
help me!
Started by
mistaguy1
, Oct 15 2005 12:25 PM
#16
Posted 23 October 2005 - 07:21 PM
well I don't understand what you mean run bfu fix cause doesn't bfu delete files?
#17
Posted 24 October 2005 - 12:18 PM
BFU ,may not be deleting files that are in use in normal mode!
So going to Safe Mode and running BFU may yield better results!
So going to Safe Mode and running BFU may yield better results!
#18
Posted 24 October 2005 - 04:27 PM
uh...wut do I use bfu to delete?
#19
Posted 25 October 2005 - 04:14 PM
Lets do this,look in the BFU folder and tell me everything thats there?
#20
Posted 25 October 2005 - 06:26 PM
ok um theres a:
BFU.exe
mistaguy1.bfu
Mytob-Z.bfu
BFU.exe
mistaguy1.bfu
Mytob-Z.bfu
#21
Posted 26 October 2005 - 03:16 AM
OK,restart in Safe Mode and Open BFU!
Click the little folder beside the Script to Execute field!
Select mistaguy1.bfu and then click execute,this will allow the Script to run in Safe Mode which is what I want to see happen!
BFU has a much better chance of removing everything in Safe Mode as oppeosed to normal!
Once completed,restart normal and post a fresh HijackThis log!
Click the little folder beside the Script to Execute field!
Select mistaguy1.bfu and then click execute,this will allow the Script to run in Safe Mode which is what I want to see happen!
BFU has a much better chance of removing everything in Safe Mode as oppeosed to normal!
Once completed,restart normal and post a fresh HijackThis log!
#22
Posted 28 October 2005 - 12:22 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:22:18 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dominic\Local Settings\Temp\Temporary Directory 13 for hijackthis1982.zip\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
Scan saved at 11:22:18 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dominic\Local Settings\Temp\Temporary Directory 13 for hijackthis1982.zip\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
#23
Posted 28 October 2005 - 12:31 AM
oops sry.. that one got cut off
Logfile of HijackThis v1.99.1
Scan saved at 11:30:40 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\dominic\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723300_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723301_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
O20 - Winlogon Notify: winstart - winstart.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 11:30:40 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\dominic\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723300_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723301_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
O20 - Winlogon Notify: winstart - winstart.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
#24
Posted 28 October 2005 - 06:30 PM
This has been a real bugger to nail down for sure!
Have Hijackthis fix this entry
O20 - Winlogon Notify: winstart - winstart.dll (file missing)
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
Have Hijackthis fix this entry
O20 - Winlogon Notify: winstart - winstart.dll (file missing)
Please do an online scan with Kaspersky WebScanner
Click on Kaspersky Online Scanner
You will be promted to install an ActiveX component from Kaspersky, Click Yes.
- The program will launch and then begin downloading the latest definition files:
- Once the files have been downloaded click on NEXT
- Now click on Scan Settings
- In the scan settings make that the following are selected:
- Scan using the following Anti-Virus database:
- Scan Options:
Scan Mail Bases - Click OK
- Now under select a target to scan:Select My Computer
- This will program will start and scan your system.
- The scan will take a while so be patient and let it run.
- Once the scan is complete it will display if your system has been infected.
- Now click on the Save as Text button:
- Save the file to your desktop.
- Copy and paste that information in your next post.
#25
Posted 29 October 2005 - 01:50 PM
ok here ya go:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, October 29, 2005 12:49:29
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/10/2005
Kaspersky Anti-Virus database records: 157091
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 58651
Number of viruses found: 9
Number of infected objects: 95
Number of suspicious objects: 0
Duration of the scan process: 3995 sec
Infected Object Name - Virus Name
C:\!KillBox\AIMInvader.exe Infected: Flooder.Win32.VB.n
C:\!KillBox\bingoo.exe Infected: Net-Worm.Win32.Mytob.y
C:\!KillBox\in10b6s.dll Infected: Trojan-Dropper.Win32.Mudrop.v
C:\!KillBox\k404SearchSetup_MS28.exe Infected: not-a-virus:AdWare.Win32.404Search.a
C:\!KillBox\SplWbr.dll/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\!KillBox\SplWbr.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\!KillBox\tct2opse.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe/data0002 Infected: Flooder.Win32.VB.n
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe Infected: Flooder.Win32.VB.n
C:\Documents and Settings\dominic\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\IMG0557[1].com Infected: Backdoor.Win32.Aimbot.at
C:\Program Files\Common Files\Download\mc-110-12-0000080.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265535.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265536.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265537.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265538.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265539.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265543.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265545.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265546.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265549.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265553.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265700.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265701.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265702.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266714.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266718.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266743.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266745.dll Infected: Trojan-Dropper.Win32.Mudrop.v
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266746.exe Infected: not-a-virus:AdWare.Win32.404Search.a
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266749.dll/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266749.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266791.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266792.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266793.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266794.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266796.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266805.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266806.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266808.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266809.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266818.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266819.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266820.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266822.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266824.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266841.exe Infected: Flooder.Win32.VB.n
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266842.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267893.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267894.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267895.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267896.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267905.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267907.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267908.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267909.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267910.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267954.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267955.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267956.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267957.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267958.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267960.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268043.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268045.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268046.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268047.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268048.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268049.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268075.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268078.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268079.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268080.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268081.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268083.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268085.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268086.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268087.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268088.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268089.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268106.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268107.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268108.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268109.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268110.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268112.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268118.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268119.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268120.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268122.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268207.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268208.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268209.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268210.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268233.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP379\A0268257.exe Infected: Net-Worm.Win32.Mytob.y
Scan process completed.
thanks again =)
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, October 29, 2005 12:49:29
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/10/2005
Kaspersky Anti-Virus database records: 157091
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
A:\
C:\
D:\
E:\
Scan Statistics:
Total number of scanned objects: 58651
Number of viruses found: 9
Number of infected objects: 95
Number of suspicious objects: 0
Duration of the scan process: 3995 sec
Infected Object Name - Virus Name
C:\!KillBox\AIMInvader.exe Infected: Flooder.Win32.VB.n
C:\!KillBox\bingoo.exe Infected: Net-Worm.Win32.Mytob.y
C:\!KillBox\in10b6s.dll Infected: Trojan-Dropper.Win32.Mudrop.v
C:\!KillBox\k404SearchSetup_MS28.exe Infected: not-a-virus:AdWare.Win32.404Search.a
C:\!KillBox\SplWbr.dll/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\!KillBox\SplWbr.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\!KillBox\tct2opse.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe/data0002 Infected: Flooder.Win32.VB.n
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe Infected: Flooder.Win32.VB.n
C:\Documents and Settings\dominic\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\IMG0557[1].com Infected: Backdoor.Win32.Aimbot.at
C:\Program Files\Common Files\Download\mc-110-12-0000080.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265535.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265536.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265537.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265538.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265539.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265543.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265545.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265546.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265549.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265553.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265700.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265701.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265702.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266714.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266718.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266743.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266745.dll Infected: Trojan-Dropper.Win32.Mudrop.v
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266746.exe Infected: not-a-virus:AdWare.Win32.404Search.a
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266749.dll/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266749.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266791.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266792.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266793.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266794.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266796.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266805.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266806.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266808.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266809.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266818.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266819.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266820.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266822.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266824.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266841.exe Infected: Flooder.Win32.VB.n
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266842.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267893.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267894.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267895.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267896.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267905.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267907.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267908.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267909.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267910.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267954.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267955.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267956.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267957.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267958.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267960.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268043.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268045.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268046.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268047.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268048.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268049.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268075.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268078.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268079.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268080.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268081.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268083.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268085.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268086.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268087.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268088.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268089.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268106.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268107.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268108.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268109.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268110.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268112.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268118.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268119.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268120.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268122.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268207.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268208.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268209.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268210.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268233.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP379\A0268257.exe Infected: Net-Worm.Win32.Mytob.y
Scan process completed.
thanks again =)
#26
Posted 29 October 2005 - 02:45 PM
Have Killbox fix these
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe
C:\Documents and Settings\dominic\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\IMG0557[1].com
C:\Program Files\Common Files\Download\mc-110-12-0000080.exe
Download and Run CCleaner:
http://www.filehippo...d_ccleaner.html
All you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing!
As soon as you getdone running CCleaner,Open Internet Explorer and Click Tools and then Windows Update!
Get Windows fully patched!
Once completed,Post a fresh HijackThis log please!
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe
C:\Documents and Settings\dominic\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\IMG0557[1].com
C:\Program Files\Common Files\Download\mc-110-12-0000080.exe
Download and Run CCleaner:
http://www.filehippo...d_ccleaner.html
All you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing!
As soon as you getdone running CCleaner,Open Internet Explorer and Click Tools and then Windows Update!
Get Windows fully patched!
Once completed,Post a fresh HijackThis log please!
#27
Posted 29 October 2005 - 05:40 PM
ok here ya go:
Logfile of HijackThis v1.99.1
Scan saved at 4:39:46 PM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723300_mcinfo.exe /insfin
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Logfile of HijackThis v1.99.1
Scan saved at 4:39:46 PM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis\HijackThis.exe
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723300_mcinfo.exe /insfin
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
#28
Posted 30 October 2005 - 05:27 AM
So hows the PC acting now??
#29
Posted 30 October 2005 - 10:58 AM
its actually fine
I got no more problems.
I got no more problems.
#30
Posted 30 October 2005 - 11:21 AM
Good Deal!
Please Install these 2 to add to the Security of the PC!
SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!
WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm
Disable System Restore
http://service1.syma...src=sec_doc_nam
Go ahead and Reconfigure Msconfig the way you like the PC to Startup!
Go ahead and remove any of the tools downloaded that are of no use anymore!
Post back and let me know how things are?
Please Install these 2 to add to the Security of the PC!
SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!
WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm
Disable System Restore
http://service1.syma...src=sec_doc_nam
Go ahead and Reconfigure Msconfig the way you like the PC to Startup!
Go ahead and remove any of the tools downloaded that are of no use anymore!
Post back and let me know how things are?
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users