The AVG virus scan also keeps popping up with the following find “Resident Shield reports Trojan horse Clicker.FR on C:\WINNT\system32\bndmod.exe”. The program cannot delete or heal this file.
Below are my HJT log and ewido scan files. I do hope you can help! Thank you!
Logfile of HijackThis v1.99.1
Scan saved at 10:26:24 AM, on 11/22/2005
Platform: Windows 2000 SP3 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\csrss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\System32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\System32\ati2evxx.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\Progra~1\NavNT\defwatch.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\ewido\security suite\ewidoguard.exe
C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\mspmspsv.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\WINNT\System32\Promon.exe
C:\WINNT\System32\Atiptaxx.exe
C:\WINNT\System32\tp4serv.exe
C:\Progra~1\NavNT\vptray.exe
C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Compaq\11Mbps Wireless LAN\Config.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINNT\system32\NOTEPAD.EXE
C:\Program Files\HJT\HijackThis.exe
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [Promon.exe] Promon.exe
O4 - HKLM\..\Run: [AtiPTA] Atiptaxx.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [vptray] C:\Progra~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [LWBMOUSE] C:\Program Files\Belkin Mouse 1.0\MOUSE32A.EXE
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - Startup: CK32UPGD.LNK = C:\WINNT\system32\atiiprxx.exe
O4 - Global Startup: Configuration Utility.lnk = C:\Compaq\11Mbps Wireless LAN\Config.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O12 - Plugin for .mov: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin.dll
O12 - Plugin for .mp3: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O15 - Trusted Zone: http://ie.config.asia.compaq.com
O15 - Trusted Zone: http://ie.config.eur.compaq.com
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com
O15 - Trusted Zone: http://ie.config.jp.compaq.com
O15 - Trusted Zone: http://ie.config.ecom.dec.com
O15 - Trusted Zone: http://ie.config.tandem.com
O15 - Trusted Zone: http://ie.config.asia.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.eur.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.im.hou.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.jp.compaq.com (HKLM)
O15 - Trusted Zone: http://ie.config.ecom.dec.com (HKLM)
O15 - Trusted Zone: http://ie.config.tandem.com (HKLM)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1131873330106
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai...all/xscan53.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = americas.cpqcorp.net
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = AMERICAS.cpqcorp.net,AMERICAS.hpqcorp.net,hpqcorp.net,cpqcorp.net
O20 - Winlogon Notify: NavLogon - C:\WINNT\System32\NavLogon.dll
O20 - Winlogon Notify: nwprovau - C:\WINNT\SYSTEM32\nwprovau.dll
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINNT\System32\ati2evxx.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Progra~1\NavNT\defwatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: ewido security suite guard - ewido networks - C:\Program Files\ewido\security suite\ewidoguard.exe
O23 - Service: Hibernation - Unknown owner - C:\PROGRA~1\Compaq\COMPAQ~1\hibserv.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Progra~1\NavNT\rtvscan.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 8:49:01 PM, 11/21/2005
+ Report-Checksum: CBF638E6
+ Scan result:
[188] VM_00B40000 -> TrojanDownloader.Agent.uj : Error during cleaning
[184] VM_009B0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[416] VM_00B60000 -> TrojanDownloader.Agent.uj : Error during cleaning
[588] VM_009D0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[256] VM_00830000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1240] VM_007C0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1252] VM_007E0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1300] VM_007D0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1308] VM_007D0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1328] VM_00D40000 -> TrojanDownloader.Agent.uj : Error during cleaning
[1344] VM_00CB0000 -> TrojanDownloader.Agent.uj : Error during cleaning
[792] VM_00860000 -> TrojanDownloader.Agent.uj : Error during cleaning
[548] VM_00CC0000 -> TrojanDownloader.Agent.uj : Error during cleaning
C:\WINNT\system32\favme.exe -> Trojan.Favadd.an : Cleaned with backup
C:\WINNT\system32\hlmicro.exe -> Spyware.Msnagent : Cleaned with backup
C:\WINNT\system32\hwiper.exe -> Trojan.Qhost.df : Cleaned with backup
::Report End
Edited by domeyboy, 22 November 2005 - 11:49 AM.