Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Some Kind Of Infection


  • Please log in to reply
21 replies to this topic

#1 henabs

henabs

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 31 January 2006 - 06:28 PM

Hey I posted a thread in another forum, here
I followed those instructions which lead me to hijackthis. So here is my log file please help me!
I am operating a p4 2.4 with 512 ram, 40gb hd, and ati radeon 9200 (128mb).
I'll appreciate any help to get my computer working properly again. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 7:19:32 PM, on 1/31/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\winzip81.exe
C:\WINDOWS\System32\winPE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Winzip Application] winzip81.exe
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [Winzip Application] winzip81.exe
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138601701481
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138602790200
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)

herehereforum, here
"Im always off in my own little world, but thats okay, they know me there"

BC AdBot (Login to Remove)

 


#2 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 05 February 2006 - 03:33 PM

You have none of the Service Packs from MS - Get at least SP1 now
================

You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
=============
Download the trial version of Ewido Security Suite http://www.ewido.net/en/download/ (W2K/XP Only)
· Install ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido
· It will prompt you to update click the OK button and it will go to the main screen
· On the left side of the main screen click update
· Click on Start and let it update.
· DO NOT run a scan yet. You will do that later in safe mode.

Restart your computer into safe mode now. Perform the following steps in safe mode:
(Start tapping F8 at the first black screen after power up)

Run Ewido:
· Click on scanner
· Click Complete System Scan and the scan will begin.
· During the scan it will prompt you to clean files, click OK
· When the scan is finished, look at the bottom of the screen and click the Save report button.
· Save the report to your C: Drive
This will take some time to run!
Boot to normal mode
Post that log and a new HiJack log

Edited by MFDnSC, 05 February 2006 - 03:34 PM.

"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#3 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 02 March 2006 - 09:49 PM

hey my computer crashed and is constantly crashing. I've been trying to get the antivirus you tld me to get but every time I try IE just shuts down. I have finally figured out that I can close all the extra pop-ups which I think is causing the constant crashing of the comp. I just crtl+alt+del and close all the processes that fall under the user name that I do not recognize. Anyways I am going to try and d/l ewido and see if maybe I could use another antivirus. I will post my hijack this log tomorrow. Thank you
"Im always off in my own little world, but thats okay, they know me there"

#4 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 02 March 2006 - 10:15 PM

Ok so i just tried to d/l grisoft and after going through the installation it asked me to put in the path to the installation package. Well I donot have one... I simply saved the d/l file onto the desktop and openned it and it isn't the installation packadge when i try to "browse" and find it. So what should I do, I appreciate any help. thnx.
"Im always off in my own little world, but thats okay, they know me there"

#5 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 03 March 2006 - 03:05 PM

What about Ewido
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#6 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 03 March 2006 - 06:29 PM

Alright so I got ewido and followed the steps as you suggested. I will post the ewido log then the Hijackthis log. Thank you.
---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 6:53:11 PM, 3/3/2006
+ Report-Checksum: 9077A2F6

+ Scan result:

C:\Documents and Settings\Henna\Local Settings\Temp\avyhhrlt.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\Documents and Settings\Henna\Local Settings\Temp\vypifjl.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup
C:\Documents and Settings\Henna\Local Settings\Temporary Internet Files\Content.IE5\WLM38DY7\WinFixer2006FreeInstall[1].exe -> Not-A-Virus.Downloader.Win32.WinFixer.d : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDQFSHUJ\drsmartload[1].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\CDQFSHUJ\gimmysmileys[1].exe -> Downloader.VB.xu : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLMB01E3\drsmartload[1].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLMB01E3\drsmartload[2].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLMB01E3\drsmartload[3].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLMB01E3\drsmartload[4].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLMB01E3\drsmartload[5].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLMB01E3\drsmartload[6].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\KLMB01E3\drsmartload[7].exe -> Downloader.Adload.u : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[1].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[2].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[3].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[4].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[5].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[6].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[7].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[8].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload255a[9].exe -> Downloader.Adload.t : Cleaned with backup
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\YVEVWJOT\drsmartload[1].exe -> Downloader.Adload.u : Cleaned with backup
C:\drsmartload1.exe -> Downloader.Adload.u : Cleaned with backup
C:\gimmygames.exe -> Downloader.VB.wd : Cleaned with backup
C:\gimmygames10.exe -> Trojan.VB.ajj : Cleaned with backup
C:\gimmygames11.exe -> Downloader.Adload.u : Cleaned with backup
C:\gimmygames12.exe -> Downloader.Adload.v : Cleaned with backup
C:\gimmygames9.exe -> Downloader.VB.ww : Cleaned with backup
C:\gimmysmileys.exe -> Downloader.VB.xu : Cleaned with backup
C:\installerwebnex.exe -> Downloader.Qoologic.bh : Cleaned with backup
C:\keyboard.exe -> Downloader.VB.xv : Cleaned with backup
C:\mousepad.exe -> Hijacker.VB.li : Cleaned with backup
C:\oosef.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\Program Files\SurfSideKick 3\Ssk.exe -> Adware.SurfSide : Cleaned with backup
C:\smafrtqo.exe -> Downloader.Adload.t : Cleaned with backup
C:\smartcr.exe -> Downloader.Adload.t : Cleaned with backup
C:\smartcrt.exe -> Downloader.Adload.t : Cleaned with backup
C:\smartqo.exe -> Downloader.Adload.t : Cleaned with backup
C:\visfx500.exe -> Dropper.Agent.aie : Cleaned with backup
C:\WINDOWS\gimmygames.exe -> Downloader.VB.wd : Cleaned with backup
C:\WINDOWS\gimmygames10.exe -> Trojan.VB.ajj : Cleaned with backup
C:\WINDOWS\gimmygames10a.exe -> Downloader.VB.xl : Cleaned with backup
C:\WINDOWS\gimmygames11.exe -> Downloader.Adload.u : Cleaned with backup
C:\WINDOWS\gimmygames9.exe -> Downloader.VB.ww : Cleaned with backup
C:\WINDOWS\SYSC00.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\system32\filez.exe -> Backdoor.Rbot : Cleaned with backup
C:\WINDOWS\system32\msnserv.exe -> Heuristic.Win32.Backdoor.IrcBot : Cleaned with backup
C:\WINDOWS\system32\oleext.dll -> Trojan.Small.ev : Cleaned with backup
C:\WINDOWS\unin101.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\uni_eh.exe -> Trojan.VB.tg : Cleaned with backup
C:\WINDOWS\win3208073865719.exe -> Downloader.VB.tw : Cleaned with backup
C:\WINDOWS\winsysban10.exe -> Hijacker.VB.ld : Cleaned with backup
C:\WINDOWS\winsysban11.exe -> Hijacker.VB.li : Cleaned with backup
C:\WINDOWS\winsysban8.exe -> Hijacker.VB.lg : Cleaned with backup
C:\WINDOWS\winsysban9.exe -> Hijacker.VB.ld : Cleaned with backup
C:\WINDOWS\winsysupd10.exe -> Downloader.VB.wg : Cleaned with backup
C:\WINDOWS\winsysupd11.exe -> Trojan.VB.ajo : Cleaned with backup
C:\WINDOWS\winsysupd8.exe -> Hijacker.StartPage.ahg : Cleaned with backup
C:\WINDOWS\winsysupd9.exe -> Downloader.VB.wy : Cleaned with backup
C:\WINDOWS\wmsaumgr.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\wxpdll32.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\WINDOWS\zqzhvkhA.exe -> Hijacker.VB.ij : Cleaned with backup
C:\winq.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\winqp.exe -> Backdoor.SdBot.aad : Cleaned with backup
C:\winsysban11.exe -> Hijacker.VB.li : Cleaned with backup
C:\winsysban12.exe -> Hijacker.VB.li : Cleaned with backup
C:\winsysupd11.exe -> Trojan.VB.ajo : Cleaned with backup
C:\winsysupd12.exe -> Hijacker.StartPage.aib : Cleaned with backup
C:\zpocrt.exe -> Downloader.Adload.q : Cleaned with backup


::Report End

Hijack this report!
Logfile of HijackThis v1.99.1
Scan saved at 6:54:02 PM, on 3/3/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://searchbar.findthewebsiteyouneed.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://searchbar.findthewebsiteyouneed.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://searchbar.findthewebsiteyouneed.com
R3 - URLSearchHook: (no name) - _{02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - C:\Program Files\SurfSideKick 3\SskBho.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: UCmore XP - The Search Accelerator - {44BE0690-5429-47f0-85BB-3FFD8020233E} - C:\Program Files\TheSearchAccelerator\UCMTSAIE.dll
O4 - HKLM\..\Run: [ms ownage] winPE.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AudioDeck] C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
O4 - HKLM\..\Run: [Internet Optimizer] "C:\Program Files\Internet Optimizer\optimize.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [Dyrxvsf] C:\Program Files\Asps\Shmomv.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] winrar311.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\RunServices: [ms ownage] winPE.exe
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] winrar311.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] winrar311.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01877c28a3cb0d...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138601701481
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138602790200
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: H323TSP - C:\WINDOWS\system32\lv6209joe.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aGVubmE\command.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe
O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\zqzhvkh.exe
O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: windowsupdate.microsoft.com - Unknown owner - C:\WINDOWS\wmsaumgr.exe (file missing)
O23 - Service: wxpdll32 - Unknown owner - C:\WINDOWS\wxpdll32.exe (file missing)

Let me know what to do next. thanks!
"Im always off in my own little world, but thats okay, they know me there"

#7 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 04 March 2006 - 09:42 AM

Add remove programs - remove Surf Side kick

* Click here to download smitRem.exe.
  • Save the file to your desktop.
  • It is a self extracting file.
  • Doubleclick the smitRem.exe and it will extract the files to a smitRem folder on your desktop.
  • Do not do anything with it yet. You will run the RunThis.bat file later in safe mode.
* Now copy these instructions to notepad and save them to your desktop. You will need them to refer to in safe mode.


* Restart your computer into safe mode now. Perform the following steps in safe mode:


* Open the smitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.


* Go to Control Panel > Internet Options. Click on the Programs tab then click the "Reset Web Settings" button. Click Apply then OK.


* Next go to Control Panel > Display. Click on the "Desktop" tab then click the "Customize Desktop" button. Click on the "Web" tab. Under "Web Pages" you should see an entry checked called something like "Security info" or similar. If it is there, select that entry and click the "Delete" button. Click OK then Apply and OK.


* Restart back into Windows normally now.


* Run http://www.kaspersky.com/virusscanner - Online scan

When the scan is finished Save the results from the scan!

================
You have no active AntiVirus!

Get the free AVG 7 install it, check for updates and run a full scan

AVG 7 - http://free.grisoft.com/freeweb.php/doc/2/
===============
http://www.atribune.org/ccount/click.php?id=7 to download Look2Me-Destroyer.exe and save it to your desktop.
· Close all windows before continuing.
· Double-click Look2Me-Destroyer.exe to run it.
· Put a check next to Run this program as a task.
· You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
· When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
· Once it's done scanning, click the Remove L2M button.
· You will receive a Done Scanning message, click OK.
· When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
· Your computer will then shutdown.
· Turn your computer back on.
· Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If Look2Me-Destroyer does not reopen automatically, reboot and try again.

If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.

http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX


Post a new HiJackThis log along with the results from Kaspersky and L2M
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#8 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 13 March 2006 - 06:47 PM

Hey I finished all the steps. At first AVG really gave me a hard time but now its no longer working and no longer a problem either. Anywho here are the logs you requested. Will wait for your advice. Thanks

Logfile of HijackThis v1.99.1
Scan saved at 7:43:05 PM, on 3/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\winrar311.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
c:\Windows\system32\Dap\mssvchost.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\System32\svchost.exe
c:\Windows\system32\Dap\mssvchost.exe
c:\Windows\system32\Dap\Dap.exe
C:\WINDOWS\system32\net.exe
C:\WINDOWS\system32\net1.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKLM\..\Run: [Sygate Personal Firewall] winrar311.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\RunServices: [Sygate Personal Firewall] winrar311.exe
O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe
O4 - HKCU\..\Run: [Sygate Personal Firewall] winrar311.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01877c28a3cb0d...ip/RdxIE601.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138601701481
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138602790200
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aGVubmE\command.exe (file missing)
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)
O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\zqzhvkh.exe (file missing)
O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe
O23 - Service: windowsupdate.microsoft.com - Unknown owner - C:\WINDOWS\wmsaumgr.exe (file missing)
O23 - Service: wxpdll32 - Unknown owner - C:\WINDOWS\wxpdll32.exe (file missing)


Look2Me-Destroyer V1.0.10

Scanning for infected files.....
Scan started at 3/13/2006 7:38:14 PM

Infected! C:\WINDOWS\system32\m664lgjq16oe.dll
Infected! C:\WINDOWS\system32\az100ejmehoa0.dll
Infected! C:\WINDOWS\system32\az14l1hq1.dll
Infected! C:\WINDOWS\system32\az1ol1f31.dll
Infected! C:\WINDOWS\system32\az1ql1751.dll
Infected! C:\WINDOWS\system32\az1ql1951.dll
Infected! C:\WINDOWS\system32\az1slc971f.dll
Infected! C:\WINDOWS\system32\az1ulc391f.dll
Infected! C:\WINDOWS\system32\az1ulcd91f0.dll
Infected! C:\WINDOWS\system32\aza00ejmehoa0.dll
Infected! C:\WINDOWS\system32\aza02c1mgf.dll
Infected! C:\WINDOWS\system32\aza20edoeh0c0.dll
Infected! C:\WINDOWS\system32\aza2l1do1.dll
Infected! C:\WINDOWS\system32\aza4051qe.dll
Infected! C:\WINDOWS\system32\aza405lqe.dll
Infected! C:\WINDOWS\system32\aza4l1fq1.dll
Infected! C:\WINDOWS\system32\aza4l1hq1.dll
Infected! C:\WINDOWS\system32\aza4l1jq1.dll
Infected! C:\WINDOWS\system32\aza6l1ds1.dll
Infected! C:\WINDOWS\system32\aza8lc1u1f.dll
Infected! C:\WINDOWS\system32\aza8lc5u1f.dll
Infected! C:\WINDOWS\system32\aza8lc7u1f.dll
Infected! C:\WINDOWS\system32\aza8lc9u1f.dll
Infected! C:\WINDOWS\system32\aza8lcfu1f28.dll
Infected! C:\WINDOWS\system32\aza8lchu1f48.dll
Infected! C:\WINDOWS\system32\aza8lcju1fo8.dll
Infected! C:\WINDOWS\system32\azaol1131.dll
Infected! C:\WINDOWS\system32\azaol1j31.dll
Infected! C:\WINDOWS\system32\azaql1751.dll
Infected! C:\WINDOWS\system32\azaql1951.dll
Infected! C:\WINDOWS\system32\azaql1f51.dll
Infected! C:\WINDOWS\system32\azaql1j51.dll
Infected! C:\WINDOWS\system32\azaslc371f.dll
Infected! C:\WINDOWS\system32\azaslc971f.dll
Infected! C:\WINDOWS\system32\azaslcj71fo.dll
Infected! C:\WINDOWS\system32\azaslcl71fq.dll
Infected! C:\WINDOWS\system32\azaulc191f.dll
Infected! C:\WINDOWS\system32\azaulc391f.dll
Infected! C:\WINDOWS\system32\azaulcd91f0.dll
Infected! C:\WINDOWS\system32\azcol1f31.dll
Infected! C:\WINDOWS\system32\azcql1951.dll
Infected! C:\WINDOWS\system32\azculcd91f0.dll
Infected! C:\WINDOWS\system32\c2002cdmgf0a2.dll
Infected! C:\WINDOWS\system32\d2j02c1mgf.dll
Infected! C:\WINDOWS\system32\d40m0ed1eh0.dll
Infected! C:\WINDOWS\system32\d4j00e1meh.dll
Infected! C:\WINDOWS\system32\dn6u01j9e.dll
Infected! C:\WINDOWS\system32\e2202cfmgf2a2.dll
Infected! C:\WINDOWS\system32\e4020edoeh0c0.dll
Infected! C:\WINDOWS\system32\e4200efmeh2a0.dll
Infected! C:\WINDOWS\system32\ef02l1do1.dll
Infected! C:\WINDOWS\system32\en00l1dm1.dll
Infected! C:\WINDOWS\system32\en02l1do1.dll
Infected! C:\WINDOWS\system32\en06l1ds1.dll
Infected! C:\WINDOWS\system32\en0ol1d31.dll
Infected! C:\WINDOWS\system32\en0ql1d51.dll
Infected! C:\WINDOWS\system32\en22l1fo1.dll
Infected! C:\WINDOWS\system32\en2ol1f31.dll
Infected! C:\WINDOWS\system32\en2ql1f51.dll
Infected! C:\WINDOWS\system32\en40l1hm1.dll
Infected! C:\WINDOWS\system32\en42l1ho1.dll
Infected! C:\WINDOWS\system32\en44l1hq1.dll
Infected! C:\WINDOWS\system32\en46l1hs1.dll
Infected! C:\WINDOWS\system32\en4ml1h11.dll
Infected! C:\WINDOWS\system32\en64l1jq1.dll
Infected! C:\WINDOWS\system32\en6ol1j31.dll
Infected! C:\WINDOWS\system32\en6ql1j51.dll
Infected! C:\WINDOWS\system32\en84l1lq1.dll
Infected! C:\WINDOWS\system32\en8ql1l51.dll
Infected! C:\WINDOWS\system32\enj2l11o1.dll
Infected! C:\WINDOWS\system32\enjol1131.dll
Infected! C:\WINDOWS\system32\enjql1151.dll
Infected! C:\WINDOWS\system32\enl4l13q1.dll
Infected! C:\WINDOWS\system32\enlml1311.dll
Infected! C:\WINDOWS\system32\enlol1331.dll
Infected! C:\WINDOWS\system32\ennql1551.dll
Infected! C:\WINDOWS\system32\enp4l17q1.dll
Infected! C:\WINDOWS\system32\enp6l17s1.dll
Infected! C:\WINDOWS\system32\enpql1751.dll
Infected! C:\WINDOWS\system32\enr2l19o1.dll
Infected! C:\WINDOWS\system32\enr6l19s1.dll
Infected! C:\WINDOWS\system32\enrml1911.dll
Infected! C:\WINDOWS\system32\enrql1951.dll
Infected! C:\WINDOWS\system32\f42m0ef1eh2.dll
Infected! C:\WINDOWS\system32\hr6805jue.dll
Infected! C:\WINDOWS\system32\hr8405lqe.dll
Infected! C:\WINDOWS\system32\hr8805lue.dll
Infected! C:\WINDOWS\system32\hr8q05l5e.dll
Infected! C:\WINDOWS\system32\hrj4051qe.dll
Infected! C:\WINDOWS\system32\hrn8055ue.dll
Infected! C:\WINDOWS\system32\i4420ehoeh4c0.dll
Infected! C:\WINDOWS\system32\i4600ejmehoa0.dll
Infected! C:\WINDOWS\system32\i4nm0e51eh.dll
Infected! C:\WINDOWS\system32\k208lcdu1f08.dll
Infected! C:\WINDOWS\system32\k2jslc171f.dll
Infected! C:\WINDOWS\system32\k680lglm16qa.dll
Infected! C:\WINDOWS\system32\k6nolg5316.dll
Infected! C:\WINDOWS\system32\kcdru.dll
Infected! C:\WINDOWS\system32\khdsf.dll
Infected! C:\WINDOWS\system32\kt28l7fu1.dll
Infected! C:\WINDOWS\system32\kt68l7ju1.dll
Infected! C:\WINDOWS\system32\l20ulcd91f0.dll
Infected! C:\WINDOWS\system32\l22slcf71f2.dll
Infected! C:\WINDOWS\system32\l2j8lc1u1f.dll
Infected! C:\WINDOWS\system32\l48m0el1ehq.dll
Infected! C:\WINDOWS\system32\l4r00e9meh.dll
Infected! C:\WINDOWS\system32\lv2009fme.dll
Infected! C:\WINDOWS\system32\lvn8095ue.dll
Infected! C:\WINDOWS\system32\m228lcfu1f28.dll
Infected! C:\WINDOWS\system32\m246lchs1f46.dll
Infected! C:\WINDOWS\system32\m2julc191f.dll
Infected! C:\WINDOWS\system32\madtcprx.dll
Infected! C:\WINDOWS\system32\mddtcuiu.dll
Infected! C:\WINDOWS\system32\mfdemui.dll
Infected! C:\WINDOWS\system32\misec.dll
Infected! C:\WINDOWS\system32\mkvfw32.dll
Infected! C:\WINDOWS\system32\muexch40.dll
Infected! C:\WINDOWS\system32\n08o0al3edq.dll
Infected! C:\WINDOWS\system32\n2l8lc3u1f.dll
Infected! C:\WINDOWS\system32\o248lchu1f48.dll
Infected! C:\WINDOWS\system32\o2lulc391f.dll
Infected! C:\WINDOWS\system32\o2nslc571f.dll
Infected! C:\WINDOWS\system32\o6rolg9316.dll
Infected! C:\WINDOWS\system32\p24ulch91f4.dll
Infected! C:\WINDOWS\system32\p26slcj71fo.dll
Infected! C:\WINDOWS\system32\p2n8lc5u1f.dll
Infected! C:\WINDOWS\system32\q268lcju1fo8.dll
Infected! C:\WINDOWS\system32\q286lcls1fq6.dll
Infected! C:\WINDOWS\system32\q2nulc591f.dll
Infected! C:\WINDOWS\system32\q2pslc771f.dll
Infected! C:\WINDOWS\system32\r08s0al7edq.dll
Infected! C:\WINDOWS\system32\r28slcl71fq.dll
Infected! C:\WINDOWS\system32\r2p8lc7u1f.dll
Infected! C:\WINDOWS\system32\s0880aluedq80.dll
Infected! C:\WINDOWS\system32\s2rslc971f.dll
Infected! C:\WINDOWS\system32\selunirl.dll
Infected! C:\WINDOWS\system32\simpsnap.dll
Infected! C:\WINDOWS\system32\sjscrap.dll
Infected! C:\WINDOWS\system32\t28ulcl91fq.dll
Infected! C:\WINDOWS\system32\t2r8lc9u1f.dll
Infected! C:\WINDOWS\system32\u2rulc991f.dll
Infected! C:\WINDOWS\system32\waecedit.dll

Attempting to delete infected files...

Attempting to delete: C:\WINDOWS\system32\az100ejmehoa0.dll
C:\WINDOWS\system32\az100ejmehoa0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\az14l1hq1.dll
C:\WINDOWS\system32\az14l1hq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\az1ol1f31.dll
C:\WINDOWS\system32\az1ol1f31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\az1ql1751.dll
C:\WINDOWS\system32\az1ql1751.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\az1ql1951.dll
C:\WINDOWS\system32\az1ql1951.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\az1slc971f.dll
C:\WINDOWS\system32\az1slc971f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\az1ulc391f.dll
C:\WINDOWS\system32\az1ulc391f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\az1ulcd91f0.dll
C:\WINDOWS\system32\az1ulcd91f0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza00ejmehoa0.dll
C:\WINDOWS\system32\aza00ejmehoa0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza02c1mgf.dll
C:\WINDOWS\system32\aza02c1mgf.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza20edoeh0c0.dll
C:\WINDOWS\system32\aza20edoeh0c0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza2l1do1.dll
C:\WINDOWS\system32\aza2l1do1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza4051qe.dll
C:\WINDOWS\system32\aza4051qe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza405lqe.dll
C:\WINDOWS\system32\aza405lqe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza4l1fq1.dll
C:\WINDOWS\system32\aza4l1fq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza4l1hq1.dll
C:\WINDOWS\system32\aza4l1hq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza4l1jq1.dll
C:\WINDOWS\system32\aza4l1jq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza6l1ds1.dll
C:\WINDOWS\system32\aza6l1ds1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lc1u1f.dll
C:\WINDOWS\system32\aza8lc1u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lc5u1f.dll
C:\WINDOWS\system32\aza8lc5u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lc7u1f.dll
C:\WINDOWS\system32\aza8lc7u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lc9u1f.dll
C:\WINDOWS\system32\aza8lc9u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lcfu1f28.dll
C:\WINDOWS\system32\aza8lcfu1f28.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lchu1f48.dll
C:\WINDOWS\system32\aza8lchu1f48.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\aza8lcju1fo8.dll
C:\WINDOWS\system32\aza8lcju1fo8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaol1131.dll
C:\WINDOWS\system32\azaol1131.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaol1j31.dll
C:\WINDOWS\system32\azaol1j31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaql1751.dll
C:\WINDOWS\system32\azaql1751.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaql1951.dll
C:\WINDOWS\system32\azaql1951.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaql1f51.dll
C:\WINDOWS\system32\azaql1f51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaql1j51.dll
C:\WINDOWS\system32\azaql1j51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaslc371f.dll
C:\WINDOWS\system32\azaslc371f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaslc971f.dll
C:\WINDOWS\system32\azaslc971f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaslcj71fo.dll
C:\WINDOWS\system32\azaslcj71fo.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaslcl71fq.dll
C:\WINDOWS\system32\azaslcl71fq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaulc191f.dll
C:\WINDOWS\system32\azaulc191f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaulc391f.dll
C:\WINDOWS\system32\azaulc391f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azaulcd91f0.dll
C:\WINDOWS\system32\azaulcd91f0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azcol1f31.dll
C:\WINDOWS\system32\azcol1f31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azcql1951.dll
C:\WINDOWS\system32\azcql1951.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\azculcd91f0.dll
C:\WINDOWS\system32\azculcd91f0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\c2002cdmgf0a2.dll
C:\WINDOWS\system32\c2002cdmgf0a2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d2j02c1mgf.dll
C:\WINDOWS\system32\d2j02c1mgf.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d40m0ed1eh0.dll
C:\WINDOWS\system32\d40m0ed1eh0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\d4j00e1meh.dll
C:\WINDOWS\system32\d4j00e1meh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\dn6u01j9e.dll
C:\WINDOWS\system32\dn6u01j9e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e2202cfmgf2a2.dll
C:\WINDOWS\system32\e2202cfmgf2a2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e4020edoeh0c0.dll
C:\WINDOWS\system32\e4020edoeh0c0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\e4200efmeh2a0.dll
C:\WINDOWS\system32\e4200efmeh2a0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ef02l1do1.dll
C:\WINDOWS\system32\ef02l1do1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en00l1dm1.dll
C:\WINDOWS\system32\en00l1dm1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en02l1do1.dll
C:\WINDOWS\system32\en02l1do1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en06l1ds1.dll
C:\WINDOWS\system32\en06l1ds1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en0ol1d31.dll
C:\WINDOWS\system32\en0ol1d31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en0ql1d51.dll
C:\WINDOWS\system32\en0ql1d51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en22l1fo1.dll
C:\WINDOWS\system32\en22l1fo1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en2ol1f31.dll
C:\WINDOWS\system32\en2ol1f31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en2ql1f51.dll
C:\WINDOWS\system32\en2ql1f51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en40l1hm1.dll
C:\WINDOWS\system32\en40l1hm1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en42l1ho1.dll
C:\WINDOWS\system32\en42l1ho1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en44l1hq1.dll
C:\WINDOWS\system32\en44l1hq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en46l1hs1.dll
C:\WINDOWS\system32\en46l1hs1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en4ml1h11.dll
C:\WINDOWS\system32\en4ml1h11.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en64l1jq1.dll
C:\WINDOWS\system32\en64l1jq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en6ol1j31.dll
C:\WINDOWS\system32\en6ol1j31.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en6ql1j51.dll
C:\WINDOWS\system32\en6ql1j51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en84l1lq1.dll
C:\WINDOWS\system32\en84l1lq1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\en8ql1l51.dll
C:\WINDOWS\system32\en8ql1l51.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enj2l11o1.dll
C:\WINDOWS\system32\enj2l11o1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enjol1131.dll
C:\WINDOWS\system32\enjol1131.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enjql1151.dll
C:\WINDOWS\system32\enjql1151.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enl4l13q1.dll
C:\WINDOWS\system32\enl4l13q1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enlml1311.dll
C:\WINDOWS\system32\enlml1311.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enlol1331.dll
C:\WINDOWS\system32\enlol1331.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\ennql1551.dll
C:\WINDOWS\system32\ennql1551.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enp4l17q1.dll
C:\WINDOWS\system32\enp4l17q1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enp6l17s1.dll
C:\WINDOWS\system32\enp6l17s1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enpql1751.dll
C:\WINDOWS\system32\enpql1751.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enr2l19o1.dll
C:\WINDOWS\system32\enr2l19o1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enr6l19s1.dll
C:\WINDOWS\system32\enr6l19s1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enrml1911.dll
C:\WINDOWS\system32\enrml1911.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\enrql1951.dll
C:\WINDOWS\system32\enrql1951.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\f42m0ef1eh2.dll
C:\WINDOWS\system32\f42m0ef1eh2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr6805jue.dll
C:\WINDOWS\system32\hr6805jue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr8405lqe.dll
C:\WINDOWS\system32\hr8405lqe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr8805lue.dll
C:\WINDOWS\system32\hr8805lue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hr8q05l5e.dll
C:\WINDOWS\system32\hr8q05l5e.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrj4051qe.dll
C:\WINDOWS\system32\hrj4051qe.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\hrn8055ue.dll
C:\WINDOWS\system32\hrn8055ue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i4420ehoeh4c0.dll
C:\WINDOWS\system32\i4420ehoeh4c0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i4600ejmehoa0.dll
C:\WINDOWS\system32\i4600ejmehoa0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\i4nm0e51eh.dll
C:\WINDOWS\system32\i4nm0e51eh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k208lcdu1f08.dll
C:\WINDOWS\system32\k208lcdu1f08.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k2jslc171f.dll
C:\WINDOWS\system32\k2jslc171f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k680lglm16qa.dll
C:\WINDOWS\system32\k680lglm16qa.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\k6nolg5316.dll
C:\WINDOWS\system32\k6nolg5316.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kcdru.dll
C:\WINDOWS\system32\kcdru.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\khdsf.dll
C:\WINDOWS\system32\khdsf.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt28l7fu1.dll
C:\WINDOWS\system32\kt28l7fu1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\kt68l7ju1.dll
C:\WINDOWS\system32\kt68l7ju1.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l20ulcd91f0.dll
C:\WINDOWS\system32\l20ulcd91f0.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l22slcf71f2.dll
C:\WINDOWS\system32\l22slcf71f2.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l2j8lc1u1f.dll
C:\WINDOWS\system32\l2j8lc1u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l48m0el1ehq.dll
C:\WINDOWS\system32\l48m0el1ehq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\l4r00e9meh.dll
C:\WINDOWS\system32\l4r00e9meh.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lv2009fme.dll
C:\WINDOWS\system32\lv2009fme.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\lvn8095ue.dll
C:\WINDOWS\system32\lvn8095ue.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m228lcfu1f28.dll
C:\WINDOWS\system32\m228lcfu1f28.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m246lchs1f46.dll
C:\WINDOWS\system32\m246lchs1f46.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\m2julc191f.dll
C:\WINDOWS\system32\m2julc191f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\madtcprx.dll
C:\WINDOWS\system32\madtcprx.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mddtcuiu.dll
C:\WINDOWS\system32\mddtcuiu.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mfdemui.dll
C:\WINDOWS\system32\mfdemui.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\misec.dll
C:\WINDOWS\system32\misec.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\mkvfw32.dll
C:\WINDOWS\system32\mkvfw32.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\muexch40.dll
C:\WINDOWS\system32\muexch40.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n08o0al3edq.dll
C:\WINDOWS\system32\n08o0al3edq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\n2l8lc3u1f.dll
C:\WINDOWS\system32\n2l8lc3u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o248lchu1f48.dll
C:\WINDOWS\system32\o248lchu1f48.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o2lulc391f.dll
C:\WINDOWS\system32\o2lulc391f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o2nslc571f.dll
C:\WINDOWS\system32\o2nslc571f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\o6rolg9316.dll
C:\WINDOWS\system32\o6rolg9316.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p24ulch91f4.dll
C:\WINDOWS\system32\p24ulch91f4.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p26slcj71fo.dll
C:\WINDOWS\system32\p26slcj71fo.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\p2n8lc5u1f.dll
C:\WINDOWS\system32\p2n8lc5u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q268lcju1fo8.dll
C:\WINDOWS\system32\q268lcju1fo8.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q286lcls1fq6.dll
C:\WINDOWS\system32\q286lcls1fq6.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q2nulc591f.dll
C:\WINDOWS\system32\q2nulc591f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\q2pslc771f.dll
C:\WINDOWS\system32\q2pslc771f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r08s0al7edq.dll
C:\WINDOWS\system32\r08s0al7edq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r28slcl71fq.dll
C:\WINDOWS\system32\r28slcl71fq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\r2p8lc7u1f.dll
C:\WINDOWS\system32\r2p8lc7u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s0880aluedq80.dll
C:\WINDOWS\system32\s0880aluedq80.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\s2rslc971f.dll
C:\WINDOWS\system32\s2rslc971f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\selunirl.dll
C:\WINDOWS\system32\selunirl.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\simpsnap.dll
C:\WINDOWS\system32\simpsnap.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\sjscrap.dll
C:\WINDOWS\system32\sjscrap.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t28ulcl91fq.dll
C:\WINDOWS\system32\t28ulcl91fq.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\t2r8lc9u1f.dll
C:\WINDOWS\system32\t2r8lc9u1f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\u2rulc991f.dll
C:\WINDOWS\system32\u2rulc991f.dll Deleted successfully!

Attempting to delete: C:\WINDOWS\system32\waecedit.dll
C:\WINDOWS\system32\waecedit.dll Deleted successfully!

Making registry repairs.

Removing: HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\Syncmgr

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{E1E7BC28-D1F1-4903-AF74-A303CFE1097E}"
HKCR\Clsid\{E1E7BC28-D1F1-4903-AF74-A303CFE1097E}

Removing: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved "{A58A9566-EDFE-45C5-A50F-0FAFC5099B61}"
HKCR\Clsid\{A58A9566-EDFE-45C5-A50F-0FAFC5099B61}

Restoring Windows certificates.

Replaced hosts file with default windows hosts file


Restoring SeDebugPrivilege for Administrators - Succeeded

KASPERSKY ON-LINE SCANNER REPORT
Monday, March 13, 2006 7:35:29 PM
Operating System: Microsoft Windows XP Professional, (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 14/03/2006
Kaspersky Anti-Virus database records: 171220


Scan Settings
Scan using the following antivirus database standard
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Henna\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 9591
Number of viruses found 3
Number of infected objects 56
Number of suspicious objects 0
Duration of the scan process 00:09:25

Infected Object Name Virus Name Last Action
C:\WINDOWS\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\iTunesSetup.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\Downloaded Installations\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\QuickTimeInstaller.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\icont.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\iconu.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\Installer\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\ARPPRODUCTICON.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\Installer\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\NewShortcut3_35AFD495EC2E4B2BB9DB30EEBC74049D.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\Installer\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\NewShortcut4_8C3BCD70236347B8A53EEE8A82FD5C78.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\Installer\{1E8CF57A-24E8-4A97-9564-A8F1956C447B}\NewShortcut6_35AFD495EC2E4B2BB9DB30EEBC74049D.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\IsUninst.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\LastGood\help\tours\mmtour\tour.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\LastGood\system32\dvdplay.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\LastGood\system32\usrmlnka.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\LastGood\system32\usrprbda.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\LastGood\system32\usrshuta.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\LastGood\system32\uwdf.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\MTE3NDI6ODoxNg.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\newfrn.exe Infected: Trojan-Clicker.Win32.VB.is skipped

C:\WINDOWS\pf78.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\pf79.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\uwdf.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\RegisteredPackages\{981FB688-E76B-4246-987B-92083185B90A}\wdfmgr.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\SoftwareDistribution\Download\e9b0377463edd4b6480f6148a1f88bac\sp1qfe\bitsinst.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\SoftwareDistribution\Download\e9b0377463edd4b6480f6148a1f88bac\spuninst.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\SoftwareDistribution\Download\e9b0377463edd4b6480f6148a1f88bac\update\update.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\stub_113_4_0_4_0.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\Dap\Refresh.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\Dap\tar.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\DivXsm.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\java.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\javaw.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\javaws.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\Macromed\Flash\GetFlash.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzcfg10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzeng10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpre10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstc10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzstw10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbu10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztbx10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_5700072c\hpzcfg10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_5700072c\hpzeng10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_5700072c\hpzpre10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_5700072c\hpzstc10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_5700072c\hpzstw10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_5700072c\hpztbu10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\spool\drivers\w32x86\hpdeskjet_5700072c\hpztbx10.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\SpoonUninstall.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\tsuninst.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\updcrl.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\uwdf.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\winrar311.exe Infected: Backdoor.Win32.Rbot.are skipped

C:\WINDOWS\system32\wo0t.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\system32\wuauclt1.exe Infected: Virus.Win32.Parite.b skipped

C:\WINDOWS\Windows Update Setup Files\ie6setup.exe Infected: Virus.Win32.Parite.b skipped

C:\DOCUME~1\Henna\LOCALS~1\Temp\ora2.tmp Infected: Virus.Win32.Parite.b skipped

C:\DOCUME~1\Henna\LOCALS~1\Temp\vra1.tmp Infected: Virus.Win32.Parite.b skipped

Scan process completed.

Will check back in a day or two. Thank You!
"Im always off in my own little world, but thats okay, they know me there"

#9 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 14 March 2006 - 12:24 PM

What happened with AVG?????

Go to the link below and download the trial version of SpySweeper:

SpySweeper http://www.webroot.com/consumer/products/s...&rc=4129&ac=tsg

* Click the Free Trial link under "SpySweeper" to download the program.
* Install it. Once the program is installed, it will open.
* It will prompt you to update to the latest definitions, click Yes.
* Once the definitions are installed, click Options on the left side.
* Click the Sweep Options tab.
* Under What to Sweep please put a check next to the following:
o Sweep Memory
o Sweep Registry
o Sweep Cookies
o Sweep All User Accounts
o Enable Direct Disk Sweeping
o Sweep Contents of Compressed Files
o Sweep for Rootkits

o Please UNCHECK Do not Sweep System Restore Folder.

* Click Sweep Now on the left side.
* Click the Start button.
* When it's done scanning, click the Next button.
* Make sure everything has a check next to it, then click the Next button.
* It will remove all of the items found.
* Click Session Log in the upper right corner, copy everything in that window.
* Click the Summary tab and click Finish.
* Paste the contents of the session log you copied into your next reply.
Also post a new Hijack This log.
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#10 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 15 March 2006 - 04:08 AM

Well with AVG once I finally got it to install it ran and found a whole bunch of viruses and deleted or quarintened them and after that nothing worked. Internet Explorer, Adware, Limewire, MSN messenger were all not working. Then after I resarted a few times AVG was not working properly, I don't remember the actual error message but since then IE has been working along with MSN messenger but LimeWire keeps giving be the same message and closing right after startup.
I just d/l the trial version from the link you gave, I downloaded then installed and when I clicked finish it said my trial protection expired and its wanting me to buy it. I've never had this pirticular program before so I'll wait for your instructions. Thanks
"Im always off in my own little world, but thats okay, they know me there"

#11 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 15 March 2006 - 04:22 AM

By the way I don't know if this is your area of expertise but this is the message I get from LimeWire:
LimeWire version 4.11.0
Java version 1.5.0_06 from Sun Microsystems Inc.
Windows XP v. 5.1 on x86
Free/total memory: 261872/11358208

FATAL ERROR!

java.lang.ExceptionInInitializerError
at com.limegroup.gnutella.RouterService.start(RouterService.java:436)
at com.limegroup.gnutella.gui.Initializer.initialize(Initializer.java:301)
at com.limegroup.gnutella.gui.GUILoader.load(GUILoader.java:41)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at com.limegroup.gnutella.gui.Main.main(Main.java:44)
Caused by: java.lang.ClassCastException: cannot assign instance of com.limegroup.gnutella.spam.KeywordToken to field com.limegroup.gnutella.spam.KeywordToken._keyword of type [B in instance of com.limegroup.gnutella.spam.KeywordToken
at java.io.ObjectStreamClass$FieldReflector.setObjFieldValues(Unknown Source)
at java.io.ObjectStreamClass.setObjFieldValues(Unknown Source)
at java.io.ObjectInputStream.defaultReadFields(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at java.util.HashMap.readObject(Unknown Source)
at sun.reflect.GeneratedMethodAccessor15.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at java.io.ObjectStreamClass.invokeReadObject(Unknown Source)
at java.io.ObjectInputStream.readSerialData(Unknown Source)
at java.io.ObjectInputStream.readOrdinaryObject(Unknown Source)
at java.io.ObjectInputStream.readObject0(Unknown Source)
at java.io.ObjectInputStream.readObject(Unknown Source)
at com.limegroup.gnutella.spam.RatingTable.readData(RatingTable.java:214)
at com.limegroup.gnutella.spam.RatingTable.<init>(RatingTable.java:58)
at com.limegroup.gnutella.spam.RatingTable.<clinit>(RatingTable.java:34)
... 8 more


-- listing session information --
Current thread: main
Active Threads: 28
Uptime: 0:16
Is Connected: false
Number of Ultrapeer -> Ultrapeer Connections: 0
Number of Ultrapeer -> Leaf Connections: 0
Number of Leaf -> Ultrapeer Connections: 0
Number of Old Connections: 0
Acting as Ultrapeer: false
Acting as Shielded Leaf: false
Number of Active Uploads: 0
Number of Queued Uploads: 0
Number of Active Managed Downloads: 1
Number of Active HTTP Downloaders: 0
Number of Waiting Downloads: 1
Received incoming this session: false
Number of Shared Files: 29
Guess Capable: false
Received Solicited UDP: true
SIMPP version: 46
Port Stable: true
FWT Capable: true
Last Reported Port: 35559
External Port: 35559
IP Pongs Received: 0

-- listing threads --
NIODispatcher: 1
Image Fetcher 2: 1
UDPHostRanker: 1
Handshaking: 3
Thread-7: 1
main: 1
MulticastService: 1
AWT-EventQueue-0: 1
AWT-Windows: 1
AWT-Shutdown: 1
IdleThread: 2
Timer-0: 1
Image Fetcher 1: 1
Image Fetcher 0: 1
Image Fetcher 3: 1
MessageDispatch: 1
FileManagerLoader: 1
DelayedGUI: 1
QueryUnicaster: 1
ManagedDownload: 1
Java2D Disposer: 1
TimerQueue: 1
ContentProcessor: 1
QRPPropagator: 1
UpdateHandler: 1


-- listing properties --
PORT=35559
RUN_ON_STARTUP=false
UPDATE_DELAY=252000020
UPDATE_GIVEUP_FACTOR=24
FILTER_HASH_QUERIES=true
INSTALLED=true
UI_LIBRARY_TREE_DIVIDER_LOCATION=124
AVERAGE_UPTIME=16659
TOTAL_UPTIME=116616
MAX_UPLOAD_BYTES_PER_SEC=9
MIN_CONNECT_TIME=7
CONTENT_AUTHORITIES=fserv1.limewire.com:10000
COUNTRY=
LAST_SHUTDOWN_TIME=1142374877607
APP_WIDTH=1019
SESSIONS=10
SHOW_TOTD=false
FAILED_UPDATES=urn:sha1:GAHCXWYPS7DPVBG4CFR42BCUQY2S...
CLEAR_DOWNLOAD=true
LAST_ACCEPTABLE_BUG_VERSION=4.10.10
FRACTIONAL_UPTIME=0.020118881
CONNECTION_SPEED=350
LAST_EXPIRE_TIME=1141857880970
MAX_DOWNLOAD_BYTES_PER_SEC=233
UPDATE_DOWNLOAD_DELAY=10000000
RUN_ONCE=true
APP_HEIGHT=725
EVER_SUPERNODE_CAPABLE=true
MAX_SIM_DOWNLOAD=8
LAST_GWEBCACHE_FETCH_TIME=1141857935128
UNSET_FIREWALLED_FROM_CONNECTBACK=true
EVER_ACCEPTED_INCOMING=true
CLIENT_ID=772D094DCAC0819F6F1DD24273AF2400
FLUSH_DELAY_TIME=256
CONTENT_MANAGEMENT_ACTIVE=true
IDLE_CONNECTIONS=2


If you can help I'd appreciate it, if not then don't sweat it. Thanks
"Im always off in my own little world, but thats okay, they know me there"

#12 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 15 March 2006 - 02:36 PM

Fix these with HJT – mark them, close IE, click fix checked

R3 - URLSearchHook: (no name) - {02EE5B04-F144-47BB-83FB-A60BD91B74A9} - (no file)

O4 - HKLM\..\Run: [AlfaCleaner] C:\Program Files\AlfaCleaner\AlfaCleaner.exe

O4 - HKLM\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKLM\..\Run: [Sygate Personal Firewall] winrar311.exe

O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 –u

O4 - HKLM\..\RunServices: [Sygate Personal Firewall] winrar311.exe

O4 - HKCU\..\Run: [SurfSideKick 3] C:\Program Files\SurfSideKick 3\Ssk.exe

O4 - HKCU\..\Run: [Sygate Personal Firewall] winrar311.exe

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/01877c28a3cb0d...ip/RdxIE601.cab

O23 - Service: Command Service (cmdService) - Unknown owner - C:\WINDOWS\aGVubmE\command.exe (file missing)

O23 - Service: Network Monitor - Unknown owner - C:\Program Files\Network Monitor\netmon.exe (file missing)

O23 - Service: FireDaemon Service: Secure (Secure) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe

O23 - Service: FireDaemon Service: smss (smss) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe

O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\zqzhvkh.exe (file missing)

O23 - Service: FireDaemon Service: WindowsUpdate (WindowsUpdate) - Unknown owner - c:\Windows\system32\Dap\\mssvchost.exe

O23 - Service: windowsupdate.microsoft.com - Unknown owner - C:\WINDOWS\wmsaumgr.exe (file missing)

O23 - Service: wxpdll32 - Unknown owner - C:\WINDOWS\wxpdll32.exe (file missing)
=================

Click Start > Run > and type in:

services.msc

Click OK.

In the services window find this exact name

Command Service

Rightclick and choose "Properties". On the "General" tab under "Service Status" click the "Stop" button to stop the service. Beside "Startup Type" in the dropdown menu select "Disabled". Click Apply then OK. File-Exit the Services utility.

Repeat this process for these services

FireDaemon Service: Secure
FireDaemon Service: smss
Windows Overlay Components
FireDaemon Service: WindowsUpdate
windowsupdate.microsoft.com
wxpdll32
================
DownLoad http://www.downloads.subratam.org/KillBox.zip

Restart your computer into safe mode now. (Tapping F8 at the first black screen) Perform the following steps in safe mode:

Double-click on Killbox.exe to run it. Now put a tick by Standard File Kill. In the "Full Path of File to Delete" box, copy and paste each of the following lines one at a time then click on the button that has the red circle with the X in the middle after you enter each file. It will ask for confimation to delete the file. Click Yes. Continue with that same procedure until you have copied and pasted all of these in the "Paste Full Path of File to Delete" box.

C:\Program Files\AlfaCleaner
C:\Program Files\SurfSideKick 3
c:\Windows\system32\winrar311.exe
c:\Windows\system32\Dap

Note: It is possible that Killbox will tell you that one or more files do not exist. If that happens, just continue on with all the files. Be sure you don't miss any.

START – RUN – type in %temp% OK - Edit – Select all – File – Delete

Delete everything in the C:\Windows\Temp folder or C:\WINNT\temp

Not all temp files will delete and that is normal
Empty the recycle bin
Boot and post a new log from normal NOT safe mode

Please give feedback on what worked/didn’t work and the current status of your system
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#13 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 17 March 2006 - 04:32 PM

Hey so pretty much everything worked. I'll post HT log then write what didn't work.
Logfile of HijackThis v1.99.1
Scan saved at 5:28:27 PM, on 3/17/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\HP\hpcoretech\comp\hptskmgr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.ca/
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by106fd.bay106.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1138601701481
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1138602790200
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe

Ok so Windows Overlay Components
FireDaemon Service: WindowsUpdate
windowsupdate.microsoft.com
these three were already disabled and stopped.
C:\Program Files\AlfaCleaner
C:\Program Files\SurfSideKick 3
didn't exist.
Other than that everything went smoothly, I'm still getting some windows messenger service messages but rarely. AVG still doesn't work should I just try re-downloading it? So let me know if you see anything else that needs to be done. Thanks
"Im always off in my own little world, but thats okay, they know me there"

#14 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 17 March 2006 - 05:09 PM

Kill Windows Messenger - http://vlaurie.com/computers2/Articles/messenger.htm
==========
What is happening with AVG
"Nothing could be finer than to be in South Carolina ............"

Member ASAP

#15 henabs

henabs
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:05:00 AM

Posted 21 March 2006 - 04:35 AM

Ok so messenger svc. is not poping up anymore. AVG is working. I am quite hesitant to run a scan because last time it was done I couldn't use Internet Explorer. Every few minutes AVG will tell me virus found Win32/parite in a different file everytime. I haven't done anything, I just keep ignoring it.
I also now have a new popup "Windows File Protection" "File that are required for windows to work properly have been replaced by unrecognized versions. To maintain system stability, Windows must restore the original versions of these files.
Insert your Windows XP Professional CD-ROM now."
"Retry More info Cancel"

So I'm not sure what to do, putting my XP CD in doesn't seem to do anything. Let me know Thnx.
"Im always off in my own little world, but thats okay, they know me there"




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users