Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virus Problems


  • Please log in to reply
1 reply to this topic

#1 elfruler

elfruler

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:59 PM

Posted 06 January 2008 - 05:13 PM

Been trying for couple days to clear this computer of viruses.
The computer uses a bundled suite from internet provider running F-Secure.
I ran bitdefender and hijackthis as well and have included the log files for all three. any help would be greatful.

The F-secure log file:
Scanning Report
03 January 2008 19:29:52 - 20:25:48
Computer name: QUINTESSENCE
Scanning type: Scan hard drives
Target: C:\


--------------------------------------------------------------------------------

Result: 5 malware found
Backdoor.IRC.Flood.a (virus)
C:\WINDOWS\system32\drivers\etc\cache18\Advisory.nfo Action: renamed
Backdoor.IRC.Zapchast (virus)
C:\WINDOWS\system32\drivers\etc\cache18\NortonPID.0lp Action: FAILED
IRC-Worm.IRC.Froze (virus)
C:\WINDOWS\system32\drivers\etc\cache18\os32.ini Action: renamed
Trojan.BAT.Zapchast (virus)
C:\WINDOWS\system32\drivers\etc\cache18\ret.bat Action: renamed
Backdoor.IRC.Cloner (virus)
C:\WINDOWS\system32\drivers\etc\cache18\WinOS.hlp Action: renamed



--------------------------------------------------------------------------------

Riskware found
RemoteAdmin.Win32.NetCat (riskware)
C:\WINDOWS\system32\drivers\etc\cache18\pnc.exe
RiskTool.Win32.HideWindows (riskware)
C:\WINDOWS\system32\drivers\etc\cache18\smnt.exe
C:\WINDOWS\system32\drivers\etc\cache18\winhelper.exe
RiskTool.Win32.PsExec.13 (riskware)
C:\WINDOWS\system32\drivers\etc\cache18\spsexec.exe
Client-IRC.Win32.mIRC.507 (riskware)
C:\WINDOWS\system32\drivers\etc\cache18\WINClock.exe


--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 103487
Not scanned: 50
Result:
Viruses: 5
Spyware: 0
Suspicious items: 0
Riskware: 5
Actions:
Disinfected: 0
Renamed: 4
Deleted: 0
Quarantined: 0
Failed: 1
Boot Sectors:
Scanned: 1
Infected: 0
Suspicious items: 0
Disinfected: 0
Files not scanned:
Cannot open file (click here for more info) C:\PAGEFILE.SYS
Cannot open file (click here for more info) C:\WINDOWS\TEMP\AVP2A.TMP
Cannot open a file in archive C:\WINDOWS\TEMP\PERFLIB_PERFDATA_1978.DAT
Cannot open file (click here for more info) C:\WINDOWS\TEMP\PERFLIB_PERFDATA_580.DAT
Cannot open a file in archive C:\WINDOWS\TEMP\SPL4F.TMP
Cannot open a file in archive C:\WINDOWS\TEMP\VPYBICLV.TMP
File C:\WINDOWS\Temp\Temporary Internet Files\Content.IE5\QSPOEO80\valert[1].ui\CmnIds.vbs is encrypted
Cannot open a file in archive C:\WINDOWS\SYSTEM32\BIOS1.ROM
Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\SAM
Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CATROOT2\EDB.LOG
Cannot open file (click here for more info) C:\WINDOWS\SYSTEM32\CATROOT2\TMP.EDB
Cannot open file (click here for more info) C:\PROGRAM FILES\CHARTER HIGH-SPEED SECURITY SUITE\COMMON\POLICY.IPF
Cannot open file (click here for more info) C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\NTUSER.DAT
Cannot open file (click here for more info) C:\DOCUMENTS AND SETTINGS\NETWORKSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
Cannot open file (click here for more info) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\NTUSER.DAT
Cannot open file (click here for more info) C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NOVA DEVELOPMENT\PHOTO EXPLOSION STANDARD\1.0\U32BASE.CFG
Cannot open file (click here for more info) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\NTUSER.DAT
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\FDR180.FDR
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\TEMP\FDR2900.FDR
Scanning of C:\Documents and Settings\Administrator\Local Settings\Temp\Temporary Directory 1 for Luxor 3 cracked[caveman].zip\Luxor 3.exe was aborted [F-Secure AVP]
Cannot open file (click here for more info) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\SPEECH\FILES\MSASR\SP_A51AE283DF7C4F90826E680F9E0DB295.DAT
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{69A3E406-7C02-01C4-0300-0000BE85C7FA}\MAIL\FOLDERS ON MSN - BALLOON HQ.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{69A3E406-7C02-01C4-0300-0000BE85C7FA}\MAIL\FOLDERS ON MSN - CATALOG.COM - WEBSITE INFO.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{69A3E406-7C02-01C4-0300-0000BE85C7FA}\MAIL\FOLDERS ON MSN - DUNN AND BRADSTREET.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{69A3E406-7C02-01C4-0300-0000BE85C7FA}\MAIL\FOLDERS ON MSN - MSN STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{69A3E406-7C02-01C4-0300-0000BE85C7FA}\MAIL\FOLDERS ON MSN - PAYPAL.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - BALLOON HQ.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - BOBBYS STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - EBAY CORRESPONDENCE.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - LEFTOVER UNCATORGORIZED STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - MCAFEE CORRESPONDENCE.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - MOMS LETTERS.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - MSN CORRESPONDENCE.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - OLLIES DESKTOP STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - ONLINE ORDERS.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - PAYPAL STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - QUALATEX STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - REBATE INFO.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - RED HAT STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - ROXIO CORRESPONDENCE.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - SCAMS.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - TAX STUFF.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - TRAVEL INFO.MAILDB
Cannot open a file in archive C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MSN6\USERDATA\{67844BDE-7C02-01C4-0200-0000FFBF5451}\MAIL\FOLDERS ON MSN - WEBSITE STUFF-BALLOONS.MAILDB
Cannot open file (click here for more info) C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\ISPNEWS\ISPN.INI


--------------------------------------------------------------------------------

Options
Definitions version:
Viruses: 2008-01-04_01
Spyware: 2008-01-04_01
Scanning Engines:
F-Secure AVP: 7.00.171, 2008-01-04
F-Secure Libra: 2.04.01, 2008-01-04
F-Secure Orion: 1.02.37, 2008-01-04
F-Secure Draco: 1.00.35, 2007-11-28
Scanning options:
Scan all files
Scan inside archives
Actions:
Viruses: Ask after scan
Spyware: Ask after scan

--------------------------------------------------------------------------------

Error information
"Cannot open file" error occurred:
The "Cannot open file" error message means that the scanner was unable to open a file and that this file was not scanned. You can normally ignore this error message as there are many reasons for this message that do not imply a security threat, including:
The file was a system file. System files are protected by the operation system by design. You can ignore this message in this case.
You do not have permission to read the file. To scan the file, log in with a user account with sufficient permissions (for example the computer's administrator account) and rescan.
The file was in use by an application when the scan was performed. To scan this file, close all applications and rescan.

The Bitdefender log file:
BitDefender Online Scanner



Scan report generated at: Sat, Jan 05, 2008 - 19:59:52





Scan path: A:\;C:\;D:\;E:\;







Statistics

Time
01:04:57

Files
133111

Folders
3326

Boot Sectors
5

Archives
3825

Packed Files
5681




Results

Identified Viruses
4

Infected Files
4

Suspect Files
0

Warnings
0

Disinfected
0

Deleted Files
4




Engines Info

Virus Definitions
885566

Engine build
AVCORE v1.0 (build 2422) (i386) (Sep 25 2007 08:26:36)

Scan plugins
14

Archive plugins
38

Unpack plugins
7

E-mail plugins
6

System plugins
1




Scan Settings

First Action
Disinfect

Second Action
Delete

Heuristics
Yes

Enable Warnings
Yes

Scanned Extensions
*;

Exclude Extensions


Scan Emails
Yes

Scan Archives
Yes

Scan Packed
Yes

Scan Files
Yes

Scan Boot
Yes




Scanned File
Status

C:\WINDOWS\system32\drivers\etc\cache18\Advisory.0fo
Infected with: Backdoor.Irc.Flood.A

C:\WINDOWS\system32\drivers\etc\cache18\Advisory.0fo
Disinfection failed

C:\WINDOWS\system32\drivers\etc\cache18\Advisory.0fo
Deleted

C:\WINDOWS\system32\drivers\etc\cache18\NortonPID.vir
Infected with: Backdoor.Irc.Zapchast.CX

C:\WINDOWS\system32\drivers\etc\cache18\NortonPID.vir
Disinfection failed

C:\WINDOWS\system32\drivers\etc\cache18\NortonPID.vir
Deleted

C:\WINDOWS\system32\drivers\etc\cache18\os32.0ni
Infected with: IRC-Worm.Bnc.A

C:\WINDOWS\system32\drivers\etc\cache18\os32.0ni
Disinfection failed

C:\WINDOWS\system32\drivers\etc\cache18\os32.0ni
Deleted

C:\WINDOWS\system32\drivers\etc\cache18\ret.0at
Infected with: Trojan.Bat.Zapchast.Z

C:\WINDOWS\system32\drivers\etc\cache18\ret.0at
Disinfection failed

C:\WINDOWS\system32\drivers\etc\cache18\ret.0at
Deleted


HiJackThis log file:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:07:51 PM, on 1/5/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\FSGK32.EXE
C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSMB32.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FCH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fssm32.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FAMEH32.EXE
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsqh.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
C:\Program Files\Charter High-Speed Security Suite\FSPC\fspc.exe
C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsus.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Unload\hpqcmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE
C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe
C:\Program Files\Support.com\bin\tgcmd.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnf.exe
C:\Program Files\Charter High-Speed Security Suite\FSGUI\fsguidll.exe
C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsav32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32Info.exe
E:\virus protection\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.com/0SEENUS/SAOS01
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://shawnee.allegiance.tv/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=127.0.0.1:9022
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = ;127.0.0.1;<local>
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [CamMonitor] C:\Program Files\Hewlett-Packard\Digital Imaging\\Unload\hpqcmon.exe
O4 - HKLM\..\Run: [Share-to-Web Namespace Daemon] C:\Program Files\Hewlett-Packard\HP Share-to-Web\hpgs2wnd.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
O4 - HKLM\..\Run: [MPFTray] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Charter High-Speed Security Suite\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Charter High-Speed Security Suite\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [tgcmd] "C:\Program Files\Support.com\bin\tgcmd.exe" /server /startmonitor /deaf
O4 - HKLM\..\Run: [SSRunScript] "C:\Program Files\Support.com\Charter\bin\SSRunScript.exe" /script "C:\Program Files\Support.com\Charter\vbs\verifyconnection.vbs" /args //b startupdelay
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra 'Tools' menuitem: Parental... - {200DB664-75B5-47c0-8B45-A44ACCF73F01} - C:\Program Files\Charter High-Speed Security Suite\FSPC\fspcmsie.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Administrator\Start Menu\Programs\Games\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://scan.safety.live.com/resource/downl...lscbase5059.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab32846.cab
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} - http://download.mcafee.com/molbin/shared/m...,26/mcgdmgr.cab
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Anti-Virus\fsgk32st.exe
O23 - Service: F-Secure Automatic Update Agent (FSAUA) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FSAUA\program\fsaua.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\FWES\Program\fsdfwd.exe
O23 - Service: FSMA - F-Secure Corporation - C:\Program Files\Charter High-Speed Security Suite\Common\FSMA32.EXE
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8588 bytes


if could help me out it would be great.
thank you.

BC AdBot (Login to Remove)

 


m

#2 Yourhighness

Yourhighness

    The BSG Malware Fighter


  • Malware Response Team
  • 7,943 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Hamburg
  • Local time:03:59 AM

Posted 19 January 2008 - 04:02 AM

Hello elfruler and welcome to BleepingComputer!

Apollogies for the delay. The forum has been very busy lately. If you are still having problems please post a brand new HijackThis log as a reply to this topic. Before posting the log, please make sure you follow all the steps found in this topic:

Preparation Guide For Use Before Posting A Hijackthis Log.

Thanks,

Johannes

Edited by Yourhighness, 19 January 2008 - 04:02 AM.

"How did I get infected?" - "Safe-hex" - Member of UNITE -
Posted Image





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users