Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

help me!

Started by mistaguy1 , Oct 15 2005 12:25 PM

  • Please log in to reply

#16
mistaguy1
Posted 23 October 2005 - 07:21 PM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
wow.... :tazz:


well I don't understand what you mean run bfu fix cause doesn't bfu delete files?
  • 0

Advertisements

#17
Wizard
Posted 24 October 2005 - 12:18 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
BFU ,may not be deleting files that are in use in normal mode!

So going to Safe Mode and running BFU may yield better results!
  • 0

#18
mistaguy1
Posted 24 October 2005 - 04:27 PM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
uh...wut do I use bfu to delete?
  • 0

#19
Wizard
Posted 25 October 2005 - 04:14 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Lets do this,look in the BFU folder and tell me everything thats there?
  • 0

#20
mistaguy1
Posted 25 October 2005 - 06:26 PM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ok um theres a:

BFU.exe
mistaguy1.bfu
Mytob-Z.bfu
  • 0

#21
Wizard
Posted 26 October 2005 - 03:16 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
OK,restart in Safe Mode and Open BFU!

Click the little folder beside the Script to Execute field!

Select mistaguy1.bfu and then click execute,this will allow the Script to run in Safe Mode which is what I want to see happen!

BFU has a much better chance of removing everything in Safe Mode as oppeosed to normal!

Once completed,restart normal and post a fresh HijackThis log!
  • 0

#22
mistaguy1
Posted 28 October 2005 - 12:22 AM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
Logfile of HijackThis v1.99.1
Scan saved at 11:22:18 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
C:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MSKSrvr.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\dominic\Local Settings\Temp\Temporary Directory 13 for hijackthis1982.zip\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe /autorun
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [VirusScan Online] "c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe"
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe /startup
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
  • 0

#23
mistaguy1
Posted 28 October 2005 - 12:31 AM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
oops sry.. that one got cut off






Logfile of HijackThis v1.99.1
Scan saved at 11:30:40 PM, on 10/27/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\PROGRA~1\McAfee.com\Agent\mcregwiz.exe
c:\progra~1\mcafee.com\vso\mcvsescn.exe
C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe
C:\WINDOWS\System32\svchost.exe
c:\progra~1\mcafee.com\vso\mcvsftsn.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\System32\msiexec.exe
C:\Documents and Settings\dominic\Local Settings\Temp\Temporary Directory 1 for hijackthis.zip\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723300_mcinfo.exe /insfin
O4 - HKLM\..\Run: [Cleanup] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723301_mcappins.exe /v=3 /cleanup
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
O20 - Winlogon Notify: winstart - winstart.dll (file missing)
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#24
Wizard
Posted 28 October 2005 - 06:30 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
This has been a real bugger to nail down for sure!

Have Hijackthis fix this entry

O20 - Winlogon Notify: winstart - winstart.dll (file missing)

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

  • 0

#25
mistaguy1
Posted 29 October 2005 - 01:50 PM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ok here ya go:




-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, October 29, 2005 12:49:29
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/10/2005
Kaspersky Anti-Virus database records: 157091
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 58651
Number of viruses found: 9
Number of infected objects: 95
Number of suspicious objects: 0
Duration of the scan process: 3995 sec

Infected Object Name - Virus Name
C:\!KillBox\AIMInvader.exe Infected: Flooder.Win32.VB.n
C:\!KillBox\bingoo.exe Infected: Net-Worm.Win32.Mytob.y
C:\!KillBox\in10b6s.dll Infected: Trojan-Dropper.Win32.Mudrop.v
C:\!KillBox\k404SearchSetup_MS28.exe Infected: not-a-virus:AdWare.Win32.404Search.a
C:\!KillBox\SplWbr.dll/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\!KillBox\SplWbr.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\!KillBox\tct2opse.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe/data0002 Infected: Flooder.Win32.VB.n
C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe Infected: Flooder.Win32.VB.n
C:\Documents and Settings\dominic\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\IMG0557[1].com Infected: Backdoor.Win32.Aimbot.at
C:\Program Files\Common Files\Download\mc-110-12-0000080.exe Infected: not-a-virus:AdWare.Win32.Maxifiles.l
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265535.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265536.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265537.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265538.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265539.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265543.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265545.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265546.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265549.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP359\A0265553.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265700.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265701.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0265702.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266714.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266718.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266743.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266745.dll Infected: Trojan-Dropper.Win32.Mudrop.v
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266746.exe Infected: not-a-virus:AdWare.Win32.404Search.a
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266749.dll/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266749.dll Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266791.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266792.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266793.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266794.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266796.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266805.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266806.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266808.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP363\A0266809.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266818.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266819.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266820.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266822.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266824.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266841.exe Infected: Flooder.Win32.VB.n
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0266842.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267893.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267894.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267895.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267896.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267905.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267907.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267908.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267909.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP364\A0267910.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267954.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267955.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267956.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267957.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267958.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0267960.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268043.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268045.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268046.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268047.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268048.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP366\A0268049.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268075.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268078.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268079.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268080.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268081.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268083.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268085.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268086.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268087.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268088.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268089.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268106.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268107.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268108.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268109.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268110.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268112.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268118.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268119.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268120.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP367\A0268122.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268207.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268208.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268209.scr Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268210.exe Infected: Net-Worm.Win32.Mytob.y
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP376\A0268233.exe Infected: Net-Worm.Win32.Mytob.f
C:\System Volume Information\_restore{D8A0AF1A-C02E-4F5D-ABBA-7BC974D03761}\RP379\A0268257.exe Infected: Net-Worm.Win32.Mytob.y

Scan process completed.



thanks again =)
  • 0

Advertisements

#26
Wizard
Posted 29 October 2005 - 02:45 PM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Have Killbox fix these

C:\Documents and Settings\dominic\Desktop\aim\AIpro1.1.891.exe
C:\Documents and Settings\dominic\Local Settings\Temporary Internet Files\Content.IE5\GHIJKLMN\IMG0557[1].com
C:\Program Files\Common Files\Download\mc-110-12-0000080.exe


Download and Run CCleaner:
http://www.filehippo...d_ccleaner.html
All you will want to use on this is the Opening Page(Windows Tab)Just Click Run Cleaner and let it do its thing!


As soon as you getdone running CCleaner,Open Internet Explorer and Click Tools and then Windows Update!

Get Windows fully patched!


Once completed,Post a fresh HijackThis log please!
  • 0

#27
mistaguy1
Posted 29 October 2005 - 05:40 PM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
ok here ya go:




Logfile of HijackThis v1.99.1
Scan saved at 4:39:46 PM, on 10/29/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\hijackthis\HijackThis.exe

O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [ShowIcon_The Company_MP3 Flash Drive Driver v2.08r022] "C:\Program Files\MP3 Flash Drive Driver v2.08r022\shwicon.exe" -t"The Company\MP3 Flash Drive Driver v2.08r022"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [Zone Labs Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
O4 - HKLM\..\Run: [DeadAIM] rundll32.exe "C:\Program Files\AIM\\DeadAIM.ocm",ExportedCheckODLs
O4 - HKLM\..\Run: [msci] C:\DOCUME~1\dominic\LOCALS~1\Temp\2005102723300_mcinfo.exe /insfin
O4 - HKCU\..\Run: [MSKAGENTEXE] C:\PROGRA~1\McAfee\SPAMKI~1\MSKAgent.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &AIM Search - res://C:\Program Files\AIM Toolbar\AIMBar.dll/aimsearch.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_04\bin\npjpi150_04.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky...can_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupd...b?1095306013952
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1128272199578
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {8EB3FF4E-86A1-4717-884D-7BA2D38272CB} (F-Secure Online Scanner) - http://support.f-sec...m/ols/fscax.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {BB21F850-63F4-4EC9-BF9D-565BD30C9AE9} (ASquaredScanForm Element) - http://www.windowsec...scan/axscan.cab
O16 - DPF: {D719897A-B07A-4C0C-AEA9-9B663A28DFCB} (iTunesDetector Class) - http://ax.phobos.app.../ITDetector.cab
O16 - DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} (McFreeScan Class) - http://download.mcaf...413/mcfscan.cab
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  • 0

#28
Wizard
Posted 30 October 2005 - 05:27 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
So hows the PC acting now??
  • 0

#29
mistaguy1
Posted 30 October 2005 - 10:58 AM

mistaguy1

    Member

  • Topic Starter
  • Member
  • PipPip
  • 65 posts
its actually fine

I got no more problems. :tazz:
  • 0

#30
Wizard
Posted 30 October 2005 - 11:21 AM

Wizard

    Retired Staff

  • Retired Staff
  • 5,661 posts
Good Deal!

Please Install these 2 to add to the Security of the PC!

SpywareBlaster:
http://www.javacools...areblaster.html
Update Immediatly!

WinHelp2002 Hosts File
http://www.mvps.org/...2002/hosts2.htm

Disable System Restore
http://service1.syma...src=sec_doc_nam

Go ahead and Reconfigure Msconfig the way you like the PC to Startup!

Go ahead and remove any of the tools downloaded that are of no use anymore!

Post back and let me know how things are?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP