Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Mulitple Iexplore.exe In The Task Manager


  • Please log in to reply
5 replies to this topic

#1 rajarathinam

rajarathinam

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bangalore
  • Local time:10:27 PM

Posted 24 December 2007 - 08:02 AM

Hi to All,

i new to this forum. here i attach my log file. as my computer is infected with some malware i think so. when i check the task manager there i find multiple iexplore.exe it sucks my memory usage also. it happens only when i restart my computer after 5 seconds i find multiple instance running iexplore.exe. kindly help me out.

and one more thing i have upload the hijack log also.

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-12-24 18:22:23
Windows 5.2.3790 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwClose
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwCreateSection
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwLoadDriver
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\system32\drivers\sp_rsdrv2.sys ZwWriteFile

---- User code sections - GMER 1.0.13 ----

.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 025BA0D2 C:\WINDOWS\Down(9).dat
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 03B7A076 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 03B7A40A C:\WINDOWS\Down(0).dat
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 03B7A492 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 03B79E7E C:\WINDOWS\Down(0).dat
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 03B79F7A C:\WINDOWS\Down(0).dat
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 03B7A1A2 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe[172] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 03B7A2D6 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\System32\svchost.exe[972] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 0221A0D2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\System32\svchost.exe[972] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 0423A076 C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\System32\svchost.exe[972] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 0423A40A C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\System32\svchost.exe[972] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 0423A492 C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\System32\svchost.exe[972] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 04239E7E C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\System32\svchost.exe[972] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 02219F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\System32\svchost.exe[972] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 0423A1A2 C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\System32\svchost.exe[972] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 0423A2D6 C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 030EA0D2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 030EA076 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 030EA40A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 030EA492 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 030E9E7E C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 030E9F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 030EA1A2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[1488] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 030EA2D6 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 0312A0D2 C:\WINDOWS\Down(7).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 0312A076 C:\WINDOWS\Down(7).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 0312A40A C:\WINDOWS\Down(7).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 0312A492 C:\WINDOWS\Down(7).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 03129E7E C:\WINDOWS\Down(7).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 03129F7A C:\WINDOWS\Down(7).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 0312A1A2 C:\WINDOWS\Down(7).dat
.text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1688] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 0312A2D6 C:\WINDOWS\Down(7).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 06EDA0D2 C:\WINDOWS\Down(6).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 06EDA076 C:\WINDOWS\Down(6).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 06EDA40A C:\WINDOWS\Down(6).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 06EDA492 C:\WINDOWS\Down(6).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 06ED9E7E C:\WINDOWS\Down(6).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 06ED9F7A C:\WINDOWS\Down(6).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 06EDA1A2 C:\WINDOWS\Down(6).dat
.text C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe[1808] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 06EDA2D6 C:\WINDOWS\Down(6).dat
.text C:\WINDOWS\system32\svchost.exe[3364] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 02F4A0D2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\svchost.exe[3364] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 02F4A076 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\svchost.exe[3364] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 02F4A40A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\svchost.exe[3364] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 02F4A492 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\svchost.exe[3364] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 02F49E7E C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\svchost.exe[3364] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 02F49F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\svchost.exe[3364] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 02F4A1A2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\svchost.exe[3364] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 02F4A2D6 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 01A0A0D2 C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 02B8A076 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 02B8A40A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 02B8A492 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 02B89E7E C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 02B89F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 02B8A1A2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\ctfmon.exe[3788] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 02B8A2D6 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 01DDA0D2 C:\WINDOWS\Down(9).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 032FA076 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 032FA40A C:\WINDOWS\Down(0).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 032FA492 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 032F9E7E C:\WINDOWS\Down(0).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 032F9F7A C:\WINDOWS\Down(0).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 032FA1A2 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe[3952] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 032FA2D6 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 01AFA0D2 C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 02C7A076 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 02C7A40A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 02C7A492 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 02C79E7E C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 02C79F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 02C7A1A2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\taskmgr.exe[4432] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 02C7A2D6 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 0255A0D2 C:\WINDOWS\Down(7).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 02FDA076 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 02FDA40A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 02FDA492 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 02FD9E7E C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 02FD9F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 02FDA1A2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\system32\wuauclt.exe[5600] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 02FDA2D6 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\Explorer.EXE[5688] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 0239A0D2 C:\WINDOWS\Down(9).dat
.text C:\WINDOWS\Explorer.EXE[5688] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 035DA076 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\Explorer.EXE[5688] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 035DA40A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\Explorer.EXE[5688] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 035DA492 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\Explorer.EXE[5688] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 035D9E7E C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\Explorer.EXE[5688] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 035D9F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\Explorer.EXE[5688] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 035DA1A2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\Explorer.EXE[5688] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 035DA2D6 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 05DEA0D2 C:\WINDOWS\Down(8).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 06EEA076 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 06EEA40A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 06EEA492 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 06EE9E7E C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 06EE9F7A C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 06EEA1A2 C:\WINDOWS\Down(0).dat
.text C:\WINDOWS\RTHDCPL.EXE[5964] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 06EEA2D6 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 0331A0D2 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 0331A076 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 0331A40A C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 0331A492 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 03319E7E C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 03319F7A C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 0331A1A2 C:\WINDOWS\Down(0).dat
.text C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe[6060] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 0331A2D6 C:\WINDOWS\Down(0).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] ntdll.dll!NtQuerySystemInformation 7C8276BF 5 Bytes JMP 0277A0D2 C:\WINDOWS\Down(7).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] ntdll.dll!NtTerminateProcess 7C827C0F 5 Bytes JMP 0343A076 C:\WINDOWS\Down(0).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] kernel32.dll!FindNextFileA 77E4E031 5 Bytes JMP 0343A40A C:\WINDOWS\Down(0).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] kernel32.dll!FindNextFileW 77E5D7BF 5 Bytes JMP 0343A492 C:\WINDOWS\Down(0).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] ADVAPI32.dll!RegEnumKeyExA 77F5EE83 5 Bytes JMP 03439E7E C:\WINDOWS\Down(0).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] ADVAPI32.dll!RegEnumKeyExW 77F62824 5 Bytes JMP 03439F7A C:\WINDOWS\Down(0).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] ADVAPI32.dll!EnumServicesStatusA 77F828C8 5 Bytes JMP 0343A1A2 C:\WINDOWS\Down(0).dat
.text C:\Program Files\QuickTime\qttask.exe[6108] ADVAPI32.dll!EnumServicesStatusW 77FB7351 5 Bytes JMP 0343A2D6 C:\WINDOWS\Down(0).dat

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [F727C374] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [F727C374] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [F727C5EA] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [F727C374] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [F726EBD6] fltmgr.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [B8C071B0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [B8C074C0] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [B8C07420] SYMEVENT.SYS
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [B8C07420] SYMEVENT.SYS

---- EOF - GMER 1.0.13 ----

Attached Files


Edited by rajarathinam, 24 December 2007 - 11:19 PM.


BC AdBot (Login to Remove)

 


m

#2 rajarathinam

rajarathinam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bangalore
  • Local time:10:27 PM

Posted 24 December 2007 - 11:11 PM

Hi

is there any one to help me out. i need a solution to rectify it

Again thanks to all

#3 rajarathinam

rajarathinam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bangalore
  • Local time:10:27 PM

Posted 25 December 2007 - 11:50 PM

Hi

here is the updated hijackthis log file. kindly check it out.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:59:57 AM, on 12/26/2007
Platform: Windows 2003 SP2 (WinNT 5.02.3790)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\cisvc.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
C:\WINDOWS\system32\Dfssvc.exe
C:\WINDOWS\System32\dns.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\WINDOWS\System32\ismserv.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\lotus\notes\ntmulti.exe
C:\WINDOWS\lserver\I386\Drivers\core\ndis.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
C:\WINDOWS\system32\ntfrs.exe
C:\WINDOWS\lserver\I386\Drivers\core\ndis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\locator.exe
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PUTTY\pageant.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = res://shdoclc.dll/hardAdmin.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://gmail.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [vptray] C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\vptray.exe
O4 - HKLM\..\Run: [SpywareTerminator] "C:\Program Files\Spyware Terminator\SpywareTerminatorShield.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [avpa] C:\WINDOWS\system32\avpo.exe (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Startup: pageant.lnk = C:\PUTTY\pageant.exe
O4 - Global Startup: pageant.lnk
O8 - Extra context menu item: Add Person to NotesBuddy(POP3)... - C:\Program Files\IBM\NotesBuddy\AddPersonP.html
O8 - Extra context menu item: Add Picture to NotesBuddy(POP3)... - C:\Program Files\IBM\NotesBuddy\AddImageP.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
O15 - ESC Trusted Zone: http://trials.adobe.com
O15 - ESC Trusted Zone: http://www.adobe.com
O15 - ESC Trusted Zone: http://wwwimages.adobe.com
O15 - ESC Trusted Zone: http://*.airtel.in
O15 - ESC Trusted Zone: http://www.altova.com
O15 - ESC Trusted Zone: http://www.arunachaleswarar.com
O15 - ESC Trusted Zone: http://www3.ca.com
O15 - ESC Trusted Zone: http://t1d.www-1.cacheibm.com
O15 - ESC Trusted Zone: http://www.cyberlink.com
O15 - ESC Trusted Zone: http://sniffem.exaserve.net
O15 - ESC Trusted Zone: http://www.fropper.com
O15 - ESC Trusted Zone: http://www.google.co.in
O15 - ESC Trusted Zone: http://www.ibm.com
O15 - ESC Trusted Zone: http://www-1.ibm.com
O15 - ESC Trusted Zone: http://www.ieaddons.com
O15 - ESC Trusted Zone: http://login.live.com
O15 - ESC Trusted Zone: http://ads1.msn.com
O15 - ESC Trusted Zone: http://b.rad.msn.com
O15 - ESC Trusted Zone: http://rad.msn.com
O15 - ESC Trusted Zone: http://runonce.msn.com
O15 - ESC Trusted Zone: http://st.msn.com
O15 - ESC Trusted Zone: http://stj.msn.com
O15 - ESC Trusted Zone: http://www.msn.com
O15 - ESC Trusted Zone: http://c.skype.com
O15 - ESC Trusted Zone: http://support.skype.com
O15 - ESC Trusted Zone: http://www.skype.com
O15 - ESC Trusted Zone: http://www.sunnetwork.in
O15 - ESC Trusted Zone: http://us.trendmicro.com
O15 - ESC Trusted Zone: http://www.trendmicro.com
O15 - ESC Trusted Zone: http://chennai.usconsulate.gov
O15 - ESC Trusted Zone: http://statse.webtrendslive.com
O15 - ESC Trusted Zone: http://*.windowsupdate.com
O15 - ESC Trusted Zone: http://www.windowsvistatestdrive.com
O15 - ESC Trusted Zone: http://runonce.msn.com (HKLM)
O15 - ESC Trusted Zone: http://*.windowsupdate.com (HKLM)
O15 - ESC Trusted IP range: http://192.168.3.7
O15 - ESC Trusted IP range: http://192.168.3.14
O15 - ESC Trusted IP range: http://192.168.3.75
O15 - ESC Trusted IP range: http://192.168.3.76
O15 - ESC Trusted IP range: http://192.168.3.4
O15 - ESC Trusted IP range: http://192.168.3.35
O15 - ESC Trusted IP range: http://192.168.3.95
O15 - ESC Trusted IP range: http://192.168.3.49
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1170134319359
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1170141517278
O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = navaindia.com
O17 - HKLM\Software\..\Telephony: DomainName = navaindia.com
O17 - HKLM\System\CCS\Services\Tcpip\..\{00180A52-23EC-49A6-B7CE-9971CFB8FFA8}: NameServer = 192.168.3.4
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = navaindia.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 192.168.3.4
O17 - HKLM\System\CS1\Services\Tcpip\..\{00180A52-23EC-49A6-B7CE-9971CFB8FFA8}: NameServer = 192.168.3.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 192.168.3.4
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: BITS - C:\WINDOWS\System32\winswxn.dll
O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Multi-user Cleanup Service - IBM Corp - C:\Program Files\lotus\notes\ntmulti.exe
O23 - Service: Network DDE Drivers (NetworkDDEDrivers) - Apache Software Foundation - C:\WINDOWS\lserver\I386\Drivers\core\ndis.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe
O23 - Service: VundoFix Service (VundoFixSvc) - Atribune.org - C:\WINDOWS\SYSTEM32\VundoFixSVC.exe

--
End of file - 10102 bytes

Attached Files


Edited by rajarathinam, 25 December 2007 - 11:51 PM.


#4 sjpritch25

sjpritch25

  • Security Colleague
  • 893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:57 AM

Posted 27 December 2007 - 09:05 AM

I don't see anything out of the ordinary in those logs.

We can run an Online scan if you like.

Please perform a scan with Kaspersky Webscan Online Virus Scanner

1. Read the Requirements and Privacy statement, then select "Accept". 2. A new window will appear promting you to install an ActiveX component from Kaspersky - "Do you want to install this software?". 3. Click "Yes" or select "Install" to download the ActiveX controls that allows ActiveScan to run. 4. When the download is complete it will say ready, click "Next". 5. Click "Scan Settings" and check the option to use the Extended Database if available otherwise Standard). 6. Click "Scan Options" and select both "Scan Archives" and "Scan Mail Bases". 7. Click "OK". 8. Under "Select a target to scan", click on "My Computer". 9. When the scan is complete choose to save the results as "Save as Text" named kaspersky.txt to your desktop and post them in your next reply.

Kaspersky does not remove anything but will provide a log of anything it finds. On August 8th, 2006 Kaspersky updated the software used for Free Online Virus Scanner. In order to continue using the online scanner you will need to uninstall the old version (if previously used) from your Add/Remove Programs list and then install the latest version. To do this, follow the steps here and reboot afterwards if your system does not reboot automatically or it will show 'Kaspersky Online Scanner license key was not found!
Microsoft MVP Consumer Security--2007-2010

#5 rajarathinam

rajarathinam
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bangalore
  • Local time:10:27 PM

Posted 28 December 2007 - 04:38 AM

Hi Sjpritch,

thanks for the quick update. i will make a online scan and post the log file. for your kind information i saw in a website that O20 - Winlogon Notify: BITS - C:\WINDOWS\System32\winswxn.dll it is danger.

S.RajaRathinam

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 893 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:11:57 AM

Posted 28 December 2007 - 07:14 AM

That entry is L2me related.

Download Combofix and save it to your desktop.

**Note: It is important that it is saved directly to your desktop**

--------------------------------------------------------------------

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

--------------------------------------------------------------------

Double click on combofix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" along with a new HijackThis log for further review.
Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users