|
| Computing.Net: Over 1,000,000 posts about all things technology related! Over 90% answered within 24 hours! Click here to sign up now, it's free! |
Win32/Virut.Q - cannot disinfect!!!
|
Original Message
|
Name: N0F4T3
Date: May 17, 2008 at 08:23:43 Pacific
Subject: Win32/Virut.Q - cannot disinfect!!!OS: Windows XP Pro SP2CPU/Ram: Intel Pentium 4 @ 3GModel/Manufacturer: Custom |
Comment: Hello,
It seems lately that I have managed to get Win32/Virut.Q to my computer. It has infected all my executables and I cannot disinfect it.
Tools I used:
- Avast AntiVirus
- Kaspersky Internet Security
- Panda Internet Security
- Norton 360
- AVG AntiVirus
- NOD32 AntiVirus
- Spybot S&D
- Spyware Doctor
- Ad-Aware 2007 None of them did anything. They just say: "Cannot be disinfected." I would appreciate some help.
Thank You.
Report Offensive Message For Removal
|
|
Response Number 1
|
Name: Adii
Date: May 17, 2008 at 10:52:32 Pacific
|
Reply: (edit)Hi N0F4T3, So do you still have installed all these antiviruses on your system? Lets have a look on this infection. Download the "HijackThis" Installer from this link: http://www.trendsecure.com/portal/e...
1. Save " HJTInstall.exe" to your desktop.
2. Double click on HJTInstall.exe to run the program.
3. By default it will install to C:\Program Files\Trend Micro\HijackThis.
4. Accept the license agreement by clicking the "I Accept" button.
5.Click on the "Do a system scan and save a log file" button. It will scan and then ask you to save the log.
6. Click "Save log" to save the log file and then the log will open in Notepad.
7. Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
8. Paste the log in your next reply.
9. Do NOT have HijackThis fix anything yet! Most of what it finds will be harmless or even required.
Post Hijackthis Log in your next reply. -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
 Report Offensive Follow Up For Removal
|
|
Response Number 2
|
Name: N0F4T3
Date: May 17, 2008 at 11:18:33 Pacific
|
Reply: (edit)My Hijackthis log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:17:45 ??, on 18/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\csrss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\WINDOWS.0\system32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\VistaDrive\VistaDrive.exe
D:\Program Files\LClock\LClock.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS.0\SOUNDMAN.EXE
D:\WINDOWS.0\ALCWZRD.EXE
F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
F:\Program Files\VMware\VMware Workstation\hqtray.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\No-IP\DUC20.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\Spam Monitor\SpamMonitor.Exe
D:\WINDOWS.0\system32\svchost.exe
D:\Program Files\Spyware Doctor\pctsAuxs.exe
D:\Program Files\Spyware Doctor\pctsSvc.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS.0\system32\vmnat.exe
D:\WINDOWS.0\system32\vmnetdhcp.exe
D:\WINDOWS.0\explorer.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\DAEMON Tools\daemon.exe
D:\Program Files\Xfire\Xfire.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS.0\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [TopDesk] %systemdrive%\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vmware-tray] F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "F:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] D:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [RAC Server] D:\Program Files\PCNetSoftware\RAC Server\RACs.ENG.lng
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spam Monitor] D:\Program Files\Spam Monitor\SpamMonitor.Exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\daemon.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-789336058-682003330-725345543-1003\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-21-789336058-682003330-725345543-1003\..\Run: [DAEMON Tools Lite] "D:\Program Files\DAEMON Tools\daemon.exe" -autorun (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Styler.lnk = ? (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe
O4 - Startup: Styler.lnk = ?
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: d:\windows.0\system32\nwprovau.dll
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnl...
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RACServerLogon - D:\WINDOWS.0\SYSTEM32\RACServerLogon2.dll
O20 - Winlogon Notify: ujchyncx - D:\WINDOWS.0\SYSTEM32\ujchyncx.dll
O23 - Service: Microsoft DDE+ server (a05304ad) - Unknown owner - D:\WINDOWS.0\system32\.a05304ad\a05304ad.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - D:\WINDOWS.0\b2new.exe (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: PCNetSoftware RAC Server - Miloslav Novotny N+P - D:\Program Files\PCNetSoftware\RAC Server\RACs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS.0\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS.0\system32\vmnat.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing) --
End of file - 10862 bytes
Report Offensive Follow Up For Removal
|
|
Response Number 3
|
Name: N0F4T3
Date: May 17, 2008 at 11:50:01 Pacific
|
Reply: (edit)Oh! By the way I now have:
- NOD32 AntiVirus (turned on)
- Ad-Aware 2007 (shut down)
- Spyware Doctor (shut down)
- Spybot S&D (shut down)
Report Offensive Follow Up For Removal
|
|
Response Number 4
|
Name: Adii
Date: May 18, 2008 at 11:38:19 Pacific
|
Reply: (edit)Please Disable all real time monitoring programs to avoid conflicts, you can enable them after this. click here to see how to disable: http://spywaredetail.com/forum/show... These should be:
NOD32 AntiVirus
Ad-Aware 2007
Spyware Doctor
Spybot S&D
Please download ATF Cleaner by Atribune. (This program is for XP and Windows 2000 only) Download: http://www.atribune.org/ccount/clic... Double-click ATF-Cleaner.exe to run the program.
Under Main "Select Files to Delete" choose: Select All.
Click the Empty Selected button. If you use Firefox browser: Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt. If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
THEN:
Please do an online scan with Kaspersky WebScanner. online scanner: http://www.kaspersky.com/virusscanner
1.Click on "Kaspersky Online Scanner".
2.You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
3.The program will launch and then begin downloading the latest definition files.
4.Once the files have been downloaded click on "NEXT".
5.Now click on "Scan Settings".
6.In the scan settings make that the following are selected:
7.Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
8.Scan Options:
Scan Archives
Scan Mail Bases
9.Click OK.
10.Under select a target to scan, select "My Computer".
This will program will start and scan your system.
The scan will take a while so be patient and let it run.
Once the scan is complete it will display if your system has been infected.
Upon completion, click on the "Save as Text" button.
Save the file to your desktop.
Copy and paste that information in your next reply. -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 5
|
Name: Adii
Date: May 18, 2008 at 22:23:26 Pacific
|
Reply: (edit)Please run HijackThis again! and click "Scan." Place checks next to the following entries:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: ujchyncx - D:\WINDOWS.0\SYSTEM32\ujchyncx.dll
O23 - Service: Microsoft DDE+ server (a05304ad) - Unknown owner - D:\WINDOWS.0\system32\.a05304ad\a05304ad.exe (file missing)
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - D:\WINDOWS.0\b2new.exe (file missing)
Close all browsers and other windows except for HijackThis!, and click "Fix checked". Restart your computer into Safe Mode: Show all hidden files and folders to remove following file. Remove this file:
D:\WINDOWS.0\SYSTEM32\ujchyncx.dll
THEN:
Download and scan with SUPERAntiSpyware free for home users.
http://www.superantispyware.com/dow... Double-click SUPERAntiSpyware.exe and use the default settings for installation.
An icon will be created on your desktop. Double-click that icon to launch the program.
If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates".
Under "Configuration and Preferences", click the Preferences button.
Click the Scanning Control tab.
Under Scanner Options make sure the following are checked (leave all others unchecked):
Close browsers before scanning.
Scan for tracking cookies.
Terminate memory threats before quarantining.
Click the "Close" button to leave the control center screen.
Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
On the left, make sure you check C:\Fixed Drive.
On the right, under "Complete Scan", choose Perform Complete Scan.
Click "Next" to start the scan. Please be patient while it scans your computer.
After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
Make sure everything has a checkmark next to it and click "Next".
A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
If asked if you want to reboot, click "Yes". To retrieve the removal information after reboot, launch SUPERAntispyware again.
Click Preferences, then click the Statistics/Logs tab.
Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
Please copy and paste the Scan Log results in your next reply.
Click Close to exit the program. -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 6
|
Name: N0F4T3
Date: May 18, 2008 at 23:33:01 Pacific
|
Reply: (edit)Hello Adii,
Thank you for your reply. I'm now scanning my pc.
Because it might take hours (thats why I have 3 HDDs and all of them are full:P),
do you want any help with your site?
I see it's in HTML.
Why don't you use a PHP Script like Joomla?
If you have MSN add me: zzzorfneozzz@hotmail.com.
I can help you make your site even better!!
Thank You.
Report Offensive Follow Up For Removal
|
|
Response Number 7
|
Name: Adii
Date: May 19, 2008 at 00:26:00 Pacific
|
Reply: (edit)Ok! Waiting for your logs... -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 8
|
Name: Adii
Date: May 19, 2008 at 04:07:39 Pacific
|
Reply: (edit)Did you done the logs? Please post them we do not finished yet.... -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 10
|
Name: N0F4T3
Date: May 19, 2008 at 04:47:36 Pacific
|
Reply: (edit)Well i have bad news...
It was stuck at 18% and then it straightly went to 89%, but then, when it finished, my computer COLLAPSED!!!!!!!!!
SHOW MERCY!!!!!!
I will scan again but only some critical areas that I want to be fixed and I will post my log...
Report Offensive Follow Up For Removal
|
|
Response Number 11
|
Name: Adii
Date: May 19, 2008 at 04:57:36 Pacific
|
Reply: (edit)Ok..! You can scan only your System Drive (C:) usually. But do scan with Superantispyware and HJT and post these logs as i stated in above post. Thanks! -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 12
|
Name: N0F4T3
Date: May 19, 2008 at 06:01:47 Pacific
|
Reply: (edit)My Kaspersky log: Tuesday, May 20, 2008 3:58:10 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 19/05/2008
Kaspersky Anti-Virus database records: 784370
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target Folders
D:\WINDOWS.0\
F:\Teh Games Folder\
Scan Statistics
Total number of scanned objects 94516
Number of viruses found 7
Number of infected objects 210
Number of suspicious objects 0
Duration of the scan process 00:47:27 Infected Object Name Virus Name Last Action
D:\WINDOWS.0\$NtUninstallKB887472$\msmsgs.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\$NtUninstallKB947864$\iedw.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\$NtUninstallWMFDist11$\wdfmgr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\$NtUninstallWMFDist11$\wpdshextautoplay.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\$NtUninstallwmp11$\unregmp2.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\ALCFDRTM.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\ALCMTR.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\ALCWZRD.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Debug\PASSWD.LOG Object is locked skipped
D:\WINDOWS.0\explorer.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\hh.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Installer\{90110409-6000-11D3-8CFE-0150048383C9}\wordicon.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Installer\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}\IconCDDCBBF1.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\Icon0E6AB9FC1.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Installer\{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}\IconDED53B0B.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\lfn.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
D:\WINDOWS.0\MicCal.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\modifyPE.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\NOTEPAD.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\regedit.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\RTHDCPL.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\RTLCPL.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\RtlUpd.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\SchedLgU.Txt Object is locked skipped
D:\WINDOWS.0\SoftwareDistribution\ReportingEvents.log Object is locked skipped
D:\WINDOWS.0\SOUNDMAN.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Sti_Trace.log Object is locked skipped
D:\WINDOWS.0\system32\accwiz.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\actmovie.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ad-shutdown.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ahui.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\alg.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\arp.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\asr_fmt.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\asr_ldm.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\asr_pfu.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\at.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\Ati2mdxx.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ati2sgag.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ATIODCLI.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ATIODE.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\atmadm.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\attrib.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\auditusr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\blastcln.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\bootcfg.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\bootok.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\BootSafe.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\bootvrfy.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cabarc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cacls.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\CatRoot2\edb.log Object is locked skipped
D:\WINDOWS.0\system32\CatRoot2\tmp.edb Object is locked skipped
D:\WINDOWS.0\system32\charmap.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\chkdsk.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\chkntfs.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cidaemon.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cipher.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cisvc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ckcnv.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cleanmgr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cliconfg.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\clipbrd.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\clipsrv.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cmd.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cmdl32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cmmon32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cmstp.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\comp.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\compact.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\config\AppEvent.Evt Object is locked skipped
D:\WINDOWS.0\system32\config\default Object is locked skipped
D:\WINDOWS.0\system32\config\default.LOG Object is locked skipped
D:\WINDOWS.0\system32\config\Internet.evt Object is locked skipped
D:\WINDOWS.0\system32\config\SAM Object is locked skipped
D:\WINDOWS.0\system32\config\SAM.LOG Object is locked skipped
D:\WINDOWS.0\system32\config\SecEvent.Evt Object is locked skipped
D:\WINDOWS.0\system32\config\SECURITY Object is locked skipped
D:\WINDOWS.0\system32\config\SECURITY.LOG Object is locked skipped
D:\WINDOWS.0\system32\config\software Object is locked skipped
D:\WINDOWS.0\system32\config\software.LOG Object is locked skipped
D:\WINDOWS.0\system32\config\SysEvent.Evt Object is locked skipped
D:\WINDOWS.0\system32\config\system Object is locked skipped
D:\WINDOWS.0\system32\config\system.LOG Object is locked skipped
D:\WINDOWS.0\system32\conime.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\control.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\convert.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cpuz.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\cscript.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ctfmon.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\defrag.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\dfrgntfs.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\dFrnx06\dFrnx061083.exe Infected: Trojan-Downloader.Win32.VB.ehl skipped
D:\WINDOWS.0\system32\DFX.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\drivers\etc\hosts.20010127-205644.backup Infected: Trojan.Win32.Qhost.akg skipped
D:\WINDOWS.0\system32\drivers\sptd.sys Object is locked skipped
D:\WINDOWS.0\system32\drwtsn32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\dwwin.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\grpconv.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\h323log.txt Object is locked skipped
D:\WINDOWS.0\system32\ie4uinit.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ieudinit.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\imapi.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\label.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\latency.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\lights.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\locator.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\logon.scr Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\lpq.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\lpr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\magnify.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\makecab.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\MemTest.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mmc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mnmsrvc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mplay32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mpnotify.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mqbkup.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mrinfo.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\MRT.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\msdtc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\msg.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mshearts.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mshta.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\msicuu.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\msiexec.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\mspaint.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\narrator.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\net.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\net1.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\netdde.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\notepad.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ntbackup.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ntsd.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ntvdm.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\progman.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\proquota.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\proxycfg.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\pserv2.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\qappsrv.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\rcimlby.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\reg.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\regsvr32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\relog.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\replace.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\reset.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\Restore\rstrui.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\rexec.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\route.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\routemon.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\rsvp.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\rundll32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\runonce.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\sc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\scardsvr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\sessmgr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\shmgrate.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\smbinst.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\smlogsvc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\sndrec32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\sndvol32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\sol.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\sort.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\spider.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\spiisupd.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\systeminfo.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\systray.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\taskkill.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\tasklist.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\taskman.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\taskmgr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\tcmsetup.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\tlntsvr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\ups.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\userinit.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\usmt\migwiz.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\verclsid.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\vssvc.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wbem\wmiapsrv.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wdfmgr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wextract.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wiaacmgr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\WISPTIS.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wmsdkns.exe Infected: not-virus:Hoax.Win32.Renos.cda skipped
D:\WINDOWS.0\system32\wpabaln.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wpnpinst.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\write.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wscntfy.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wscript.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wudfhost.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wul.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\wupdmgr.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\system32\xcopy.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\TASKMAN.EXE Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\Temp\DIL245.tmp Infected: Trojan-Downloader.Win32.Agent.ojx skipped
D:\WINDOWS.0\Temp\DIL246.tmp Infected: Trojan.Win32.Iframer.e skipped
D:\WINDOWS.0\Temp\vmware-vmount.log Object is locked skipped
D:\WINDOWS.0\Temp\VRR244.tmp Infected: Trojan-Dropper.Win32.Small.bkz skipped
D:\WINDOWS.0\twunk_32.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\upx.exe Infected: Virus.Win32.Virut.n skipped
D:\WINDOWS.0\wiadebug.log Object is locked skipped
D:\WINDOWS.0\wiaservc.log Object is locked skipped
D:\WINDOWS.0\WindowsUpdate.log Object is locked skipped
D:\WINDOWS.0\winhlp32.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\Steam.log Object is locked skipped
F:\Teh Games Folder\Steam\SteamPatcher.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\common\audiosurf\Audiosurf.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\common\audiosurf\testapp.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\jasonixxx5\tf\CreateVDF.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\jasonixxx5\source 2007 dedicated server\tf\CreateVDF.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\jasonixxx5\source 2007 dedicated server\tf\addons\CreateVDF.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\jasonixxx5\source 2007 dedicated server\tf\addons\sourcemod\scripting\compile.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\jasonixxx5\source 2007 dedicated server\tf\addons\sourcemod\scripting\spcomp.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\jasonixxx5\portal\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\team fortress 2\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\sourcesdk\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\source sdk base\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\source dedicated server\srcds.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\source 2007 dedicated server\tf\CreateVDF.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\source 2007 dedicated server\tf\addons\CreateVDF.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\source 2007 dedicated server\tf\addons\sourcemod\scripting\compile.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\source 2007 dedicated server\tf\addons\sourcemod\scripting\spcomp.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\portal\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life source\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life 3\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life 2 episode two\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life 2 episode one\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life 2 deathmatch\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life 2\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life\hl.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\half-life\hlds.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\z3r0z\garrysmod2\hl2.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Steam\SteamApps\winui.gcf Object is locked skipped
F:\Teh Games Folder\Steam\SteamApps\source materials.gcf Object is locked skipped
F:\Teh Games Folder\Steam\SteamApps\source models.gcf Object is locked skipped
F:\Teh Games Folder\Steam\SteamApps\source sounds.gcf Object is locked skipped
F:\Teh Games Folder\Steam\SteamApps\source engine.gcf Object is locked skipped
F:\Teh Games Folder\Steam\SteamApps\half-life 2 content.gcf Object is locked skipped
F:\Teh Games Folder\Steam\SteamApps\half-life 2 game dialog.gcf Object is locked skipped
F:\Teh Games Folder\Steam\logs\connection_log.txt Object is locked skipped
F:\Teh Games Folder\Assassins Creed\AssassinsCreed_Dx9.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Halo 2\Loader.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Halo 2\loaderplus.exe Infected: Virus.Win32.Virut.n skipped
F:\Teh Games Folder\Worms3D\Launcher.exe Infected: Virus.Win32.Virut.n skipped
Scan process completed.
Report Offensive Follow Up For Removal
|
|
Response Number 13
|
Name: N0F4T3
Date: May 19, 2008 at 06:53:20 Pacific
|
Reply: (edit)SUPERAntiSpyware Scan Log
http://www.superantispyware.com Generated 05/20/2008 at 04:52 AM Application Version : 4.0.1154 Core Rules Database Version : 3463
Trace Rules Database Version: 1454 Scan type : Custom Scan
Total Scan Time : 00:15:03 Memory items scanned : 455
Memory threats detected : 0
Registry items scanned : 5300
Registry threats detected : 0
File items scanned : 15315
File threats detected : 4 Adware.JavaCore/NoDNS
D:\Program Files\JavaCore\UnInstall.exe
D:\Program Files\JavaCore Rogue.Multi-Dropper/Installer
D:\WINDOWS.0\LFN.EXE
D:\WINDOWS.0\SYSTEM32\WMSDKNS.EXE
Report Offensive Follow Up For Removal
|
|
Response Number 14
|
Name: Adii
Date: May 19, 2008 at 08:40:08 Pacific
|
Reply: (edit)Download Avenger from the link below: http://swandog46.geekstogo.com/aven... Unzip/extract it to your desktop. Start up Avenger.
Check the "Input script manually" option.
Click the Magnifying Glass icon.
In the box that opens,copy and paste following bold text below:
D:\WINDOWS.0\SYSTEM32\ujchyncx.dll
In the avenger window, click the Paste Script from Clipboard, button.
Click the Execute button.
You will be asked Are you sure you want to execute the current script?.
Click Yes.
You will now be asked First step completed --- The Avenger has been successfully set up to run on next boot. Reboot now?.
Click Yes.
Your PC will now be rebooted.
Note: the above code was created specifically for this user. If you are not this user, do NOT follow these directions as they could damage the workings of your system.
Post the Avenger output.txt, which you can find at C:\Avenger\.txt along with fresh hijackthis log into your next reply.
-- Lot of Virus infection found with Kaspersky. Please do Bitdefender online scan again to remove these viruses. Please run a BitDefender Online Scan: http://www.bitdefender.com/scan8/ie... * Click I Agree.
* Allow the ActiveX control to install when prompted.
* Click Click here to scan to begin the scan.
* Please refrain from using the computer until the scan is finished. This might take a while to run, but it is important that nothing else is running while you scan.
* When the scan is finished, click on Click here to export the scan results.
* Save the report to your desktop and post it in your next reply. -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 15
|
Name: N0F4T3
Date: May 19, 2008 at 23:27:07 Pacific
|
Reply: (edit)Avenger log:
Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com Platform: Windows XP ******************* Script file opened successfully.
Script file read successfully. Backups directory opened successfully at D:\Avenger ******************* Beginning to process script file: Rootkit scan active.
No rootkits found! File "D:\WINDOWS.0\SYSTEM32\ujchyncx.dll" deleted successfully. Completed script processing. ******************* Finished! Terminate. ____________________________________
HijackThis log: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:25:37 ??, on 20/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\No-IP\DUC20.exe
D:\WINDOWS.0\VistaDrive\VistaDrive.exe
D:\Program Files\LClock\LClock.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe
D:\WINDOWS.0\SOUNDMAN.EXE
D:\WINDOWS.0\ALCWZRD.EXE
F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
F:\Program Files\VMware\VMware Workstation\hqtray.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\WINDOWS.0\system32\vmnat.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\WINDOWS.0\system32\vmnetdhcp.exe
D:\Program Files\Styler\Styler.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\WINDOWS.0\system32\wuauclt.exe
D:\Program Files\Xfire\Xfire.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
D:\WINDOWS.0\system32\wuauclt.exe
D:\WINDOWS.0\SYSTEM32\NOTEPAD.EXE
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS.0\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [TopDesk] %systemdrive%\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vmware-tray] F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "F:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [NodLogin] D:\Program Files\ESET\ESET NOD32 Antivirus\nodlogin.exe
O4 - HKLM\..\Run: [RAC Server] D:\Program Files\PCNetSoftware\RAC Server\RACs.ENG.lng
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Spam Monitor] D:\Program Files\Spam Monitor\SpamMonitor.Exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-789336058-682003330-725345543-1003\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Styler.lnk = ? (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe
O4 - Startup: Styler.lnk = ?
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: d:\windows.0\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnl...
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RACServerLogon - D:\WINDOWS.0\SYSTEM32\RACServerLogon2.dll
O20 - Winlogon Notify: ujchyncx - ujchyncx.dll (file missing)
O23 - Service: Microsoft DDE+ server (a05304ad) - Unknown owner - D:\WINDOWS.0\system32\.a05304ad\a05304ad.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - D:\WINDOWS.0\b2new.exe (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: PCNetSoftware RAC Server - Miloslav Novotny N+P - D:\Program Files\PCNetSoftware\RAC Server\RACs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS.0\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS.0\system32\vmnat.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing) --
End of file - 10661 bytes
Report Offensive Follow Up For Removal
|
|
Response Number 16
|
Name: Adii
Date: May 19, 2008 at 23:38:12 Pacific
|
Reply: (edit)Good work...
Please run HijackThis again! and click "Scan." Place checks next to the following entries
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O20 - Winlogon Notify: ujchyncx - ujchyncx.dll (file missing)
O23 - Service: Microsoft DDE+ server (a05304ad) - Unknown owner - D:\WINDOWS.0\system32\.a05304ad\a05304ad.exe (file missing)
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - D:\WINDOWS.0\b2new.exe (file missing)
Close all browsers and other windows except for HijackThis!, and click "Fix checked".
Remove this folder:
D:\WINDOWS.0\system32\.a05304ad Waiting for BitDefender Online Scan log...... -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 19
|
Name: Adii
Date: May 20, 2008 at 02:15:51 Pacific
|
Reply: (edit)Log looking much better.. First Fix HJT entries which i stated in the previous post then finally post HJT log to see remaining infection. -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 21
|
Name: N0F4T3
Date: May 20, 2008 at 02:52:57 Pacific
|
Reply: (edit)s--- s--- s---: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:52:24 ??, on 21/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\VistaDrive\VistaDrive.exe
D:\Program Files\LClock\LClock.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS.0\SOUNDMAN.EXE
D:\WINDOWS.0\ALCWZRD.EXE
F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
F:\Program Files\VMware\VMware Workstation\hqtray.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\No-IP\DUC20.exe
D:\Program Files\Styler\Styler.exe
D:\Program Files\Xfire\xfire.exe
D:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS.0\system32\vmnat.exe
D:\WINDOWS.0\system32\vmnetdhcp.exe
D:\WINDOWS.0\system32\wuauclt.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
D:\WINDOWS.0\System32\svchost.exe
D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS.0\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [TopDesk] %systemdrive%\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vmware-tray] F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "F:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RAC Server] D:\Program Files\PCNetSoftware\RAC Server\RACs.ENG.lng
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-789336058-682003330-725345543-1003\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Styler.lnk = ? (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe
O4 - Startup: Styler.lnk = ?
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS.0\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS.0\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: d:\windows.0\system32\nwprovau.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/pa...
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://downloads.ewido.net/ewidoOnl...
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/res...
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RACServerLogon - D:\WINDOWS.0\SYSTEM32\RACServerLogon2.dll
O20 - Winlogon Notify: ujchyncx - D:\WINDOWS.0\
O23 - Service: Microsoft DDE+ server (a05304ad) - Unknown owner - D:\WINDOWS.0\system32\.a05304ad\a05304ad.exe (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: MsSecurity Updated (MsSecurity1.209.4) - Unknown owner - D:\WINDOWS.0\b2new.exe (file missing)
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: PCNetSoftware RAC Server - Miloslav Novotny N+P - D:\Program Files\PCNetSoftware\RAC Server\RACs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS.0\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS.0\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - D:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe --
End of file - 11433 bytes
Report Offensive Follow Up For Removal
|
|
Response Number 22
|
Name: Adii
Date: May 20, 2008 at 03:33:33 Pacific
|
Reply: (edit)Go to Start->Run and type in notepad and hit OK. Then copy and paste the following bold text into Notepad:
sc stop mssecurity1.209.4
sc delete mssecurity1.209.4
sc stop a05304ad
sc delete a05304ad
del delete.bat
Save the file as delete.bat, select Save as type "All files". Double click on it.
Now you can fix HJT entries. -----------
::If i have helped you, please Donate to help me continue my fight against spyware and malware. Thanks
Report Offensive Follow Up For Removal
|
|
Response Number 23
|
Name: N0F4T3
Date: May 20, 2008 at 04:40:51 Pacific
|
Reply: (edit)Ok they are gone: Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 2:40:13 ??, on 21/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal Running processes:
D:\WINDOWS.0\System32\smss.exe
D:\WINDOWS.0\system32\winlogon.exe
D:\WINDOWS.0\system32\services.exe
D:\WINDOWS.0\system32\lsass.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\svchost.exe
D:\WINDOWS.0\System32\svchost.exe
D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
D:\WINDOWS.0\system32\Ati2evxx.exe
D:\WINDOWS.0\system32\spoolsv.exe
D:\WINDOWS.0\Explorer.EXE
D:\WINDOWS.0\VistaDrive\VistaDrive.exe
D:\Program Files\LClock\LClock.exe
D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
D:\WINDOWS.0\SOUNDMAN.EXE
D:\WINDOWS.0\ALCWZRD.EXE
F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
F:\Program Files\VMware\VMware Workstation\hqtray.exe
D:\Program Files\PowerISO\PWRISOVM.EXE
D:\Program Files\Spyware Doctor\pctsTray.exe
D:\WINDOWS.0\system32\ctfmon.exe
D:\Program Files\Windows Sidebar\sidebar.exe
D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
D:\Program Files\No-IP\DUC20.exe
D:\Program Files\Styler\Styler.exe
D:\Program Files\Xfire\xfire.exe
D:\WINDOWS.0\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
D:\WINDOWS.0\system32\vmnat.exe
D:\WINDOWS.0\system32\vmnetdhcp.exe
D:\WINDOWS.0\system32\wuauclt.exe
D:\Program Files\Internet Download Manager\IDMan.exe
D:\Program Files\Internet Download Manager\IEMonitor.exe
D:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe
D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe
D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
D:\WINDOWS.0\System32\svchost.exe
D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
D:\Program Files\Windows Live\Contacts\wlcomm.exe
F:\Teh Games Folder\Steam\Steam.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: StylerToolBar - {D2F8F919-690B-4EA2-9FA7-A203D1E04F75} - D:\Program Files\Styler\TB\StylerTB.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
O4 - HKLM\..\Run: [VistaDrive] D:\WINDOWS.0\VistaDrive\VistaDrive.exe
O4 - HKLM\..\Run: [UnlockerAssistant] D:\Program Files\Unlocker\UnlockerAssistant.exe -H
O4 - HKLM\..\Run: [LClock] D:\Program Files\LClock\LClock.exe
O4 - HKLM\..\Run: [TopDesk] %systemdrive%\Program Files\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [vmware-tray] F:\Program Files\VMware\VMware Workstation\vmware-tray.exe
O4 - HKLM\..\Run: [VMware hqtray] "F:\Program Files\VMware\VMware Workstation\hqtray.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] D:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [RAC Server] D:\Program Files\PCNetSoftware\RAC Server\RACs.ENG.lng
O4 - HKLM\..\Run: [ISTray] "D:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "D:\Program Files\BitDefender\BitDefender 2008\IEShow.exe"
O4 - HKLM\..\Run: [BDAgent] "D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [MsnMsgr] "D:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [IDMan] D:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\S-1-5-21-789336058-682003330-725345543-1003\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS.0\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N (User 'Default user')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Styler.lnk = ? (User '?')
O4 - S-1-5-21-789336058-682003330-725345543-1003 Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe (User '?')
O4 - Startup: No-IP DUC.lnk = D:\Program Files\No-IP\DUC20.exe
O4 - Startup: Styler.lnk = ?
O4 - Startup: Xfire.lnk = D:\Program Files\Xfire\xfire.exe
O8 - Extra context menu item: Download all links with IDM - D:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - D:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - D:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - D:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS.0\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - D:\WINDOWS.0\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - D:\WINDOWS.0\Network Diagnostic\xpnetdiag.exe
O10 - Unknown file in Winsock LSP: d:\windows.0\system32\nwprovau.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: RACServerLogon - D:\WINDOWS.0\SYSTEM32\RACServerLogon2.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - D:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - D:\WINDOWS.0\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - D:\WINDOWS.0\system32\ati2sgag.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - D:\Program Files\Common Files\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: NoIPDUCService - Vitalwerks LLC - D:\Program Files\No-IP\DUC20.exe
O23 - Service: PCNetSoftware RAC Server - Miloslav Novotny N+P - D:\Program Files\PCNetSoftware\RAC Server\RACs.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - D:\Program Files\WinPcap\rpcapd.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - D:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - D:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: VMware Agent Service (ufad-ws60) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - F:\Program Files\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - D:\WINDOWS.0\system32\vmnetdhcp.exe
O23 - Service: VMware Virtual Mount Manager Extended (vmount2) - VMware, Inc. - D:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
O23 - Service: VMware NAT Service - VMware, Inc. - D:\WINDOWS.0\system32\vmnat.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe
O23 - Service: Windows Driver Foundation - User-mode Driver Framework (WudfSvc) - Unknown owner - hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,57,00,75,00,64,00,66,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,47,00,72,00,6f,00,75,00,70,00,00,00 (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - BitDefender - D:\Program Files\Common Files\BitDefender\BitDefender Communicator\xcommsvr.exe --
End of file - 10731 bytes
Report Offensive Follow Up For Removal
|
|
Response Number 24
|
Name: Adii
Date: May 20, 2008 at 11:49:17 Pacific
|
Reply: (edit)Good Work..!! Now tell hows your computer running hope your issue is resolved?? Further help which you want with your post??
--- Make your Internet Explorer More Secure: This can be done by following these simple instructions:
From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt Change the Download unsigned ActiveX controls to Disable Change the Initialize and script ActiveX controls not marked as safe to Disable Change the Installation of desktop items to Prompt Change the Launching programs and files in an IFRAME to Prompt Change the Navigate sub-frames across different domains to Prompt When all these settings have been made, click on the OK button. If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page. FEW THINGS TO DO FOR YOUR FURTHER PC PROTECTION.
In order to protect yourself against spyware, you should consider installing and running the following free programs:
How to prevent further spyware/virus infection:
read here:
http://spywaredetail.com/malware_pr...
Visit Microsoft's Windows Update Site Frequently:
It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
Install Ad-Aware 2007:
Install and download Ad-Aware. ou should also scan your computer with program on a regular basis just as you would an antivirus software in conjunction with Spybot. Download: http://www.lavasoftusa.com/products... Install Spybot Search and Destroy:
Install and download Spybot - Search and Destroy with its TeaTimer option.
This will provide real-time spyware & hijacker protection on your computer alongside your virus protection. You should also scan your computer with program on a regular basis just as you would an anti virus software. Download: http://www.safer-networking.org/en/... Install SpywareBlaster:
SpywareBlaster will added a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs. Download: http://www.javacoolsoftware.com/spy...
Install IE/Spyad:
It places over 5000 malicious websites and domains in your IE's restricted zone.
Download: http://www.spywarewarrior.com/uiuc/...
Update all these programs regularly - Make sure you update all the programs I have listed regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.
NOTE:Please
| |
