Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Problem With Msn Block-checker


  • Please log in to reply
4 replies to this topic

#1 rody

rody

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:06:44 AM

Posted 31 March 2006 - 02:44 PM

Hi , im new here :thumbsup:

I've problem with msn block-checker . I accidentally click on it during a chat with a friend quite long ago .. (didnt know it is harmful)

This is my latest Panda scan report :

Adware:adware/block-checker Not disinfected
Windows Registry

--------------------------------------------

Ok before that , i've many spywares, adwares, trojans ....... in my computer ,
and my homepage has been change to 'about blank'
and followed by 'www.necessaryupdates.com' to warn me about my computer which has infected malware or sth .
Uh .. so i do a search in this site and come upon this tutorial : http://www.bleepingcomputer.com/tutorials/how-to-remove-a-trojan-virus-worm-or-malware/ .

I followed everything under the 'How to remove these infections' section ,
and manage to clear most spywares/adwares/trojans manually , thanks to the tutorial anyway :inlove:

------------------

However , i cant delete this block-checker.exe .
The report stated that it is in the Windows Registry .. ? But i seem to have no idea to open that ..
For a moment , i thought it is in the Autoruns program :flowers:

-------------

Any problem i would like to ask is , recently i keep havin problem with this trojan thing called :
TR/Zlob.IT.3
C:\WINDOWS\system32\hp8E74.tmp

and this :
winkpb32.dll

My anti-virus program keep warnin me about these trojans but then it says they cant be deleted .
I went to system32 but cant find them .
Now the warnin seems to stop , so is my computer safe now ?

----------

Hope i've explained clearly .... :trumpet:
Any help would be appreciated , thank you

BC AdBot (Login to Remove)

 


#2 jgweed

jgweed

  • Staff Emeritus
  • 28,473 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Chicago, Il.
  • Local time:05:44 PM

Posted 31 March 2006 - 03:32 PM

Run your Anti-virus in "safe mode" and let us know what it finds.
Do you regularly use Ad-AwareSE and Spybot Search and Destroy?
Regards,
John
Whereof one cannot speak, thereof one should be silent.

#3 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:06:44 AM

Posted 01 April 2006 - 08:10 AM

Im using 2 programs which are Ad-Aware SE Personal and AntiVir PE Classic .
I cant use Panda ActiveScan in safemode as it is a free online scan ....

Hmm .... i have been using Ad-Aware a month ago (after i realised my com have been infected)
Before that i did not have any anti-virus program .
And , currently i dont have Spybot Search and Destroy .
But i have SpywareBlaster (not of much use ?)

So currently i've Ad-Aware SE Personal , AntiVir PE Classic , SpywareBlaster .
And this PandaScan which is free online scan .





Ok i've run them in safemode .

Ad-Aware report :



Ad-Aware SE Build 1.06r1
Logfile Created on:Saturday, April 01, 2006 6:45:20 PM
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R101 27.03.2006
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(TAC index:0):43 total references
Tracking Cookie(TAC index:3):2 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Search for low-risk threats
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects


4-1-2006 6:45:20 PM - Scan started. (Smart mode)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 136
ThreadCreationTime : 4-1-2006 10:40:03 AM
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 204
ThreadCreationTime : 4-1-2006 10:40:18 AM
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 228
ThreadCreationTime : 4-1-2006 10:40:21 AM
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 272
ThreadCreationTime : 4-1-2006 10:40:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Services and Controller app
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 284
ThreadCreationTime : 4-1-2006 10:40:24 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 432
ThreadCreationTime : 4-1-2006 10:40:28 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 480
ThreadCreationTime : 4-1-2006 10:40:29 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 552
ThreadCreationTime : 4-1-2006 10:40:30 AM
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 788
ThreadCreationTime : 4-1-2006 10:40:43 AM
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Windows Explorer
InternalName : explorer
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : EXPLORER.EXE

#:10 [avscan.exe]
FilePath : C:\Program Files\AntiVir PersonalEdition Classic\
ProcessID : 1164
ThreadCreationTime : 4-1-2006 10:42:17 AM
BasePriority : Normal


#:11 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 1356
ThreadCreationTime : 4-1-2006 10:45:04 AM
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0


Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@cgi-bin[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hp_owner@bunseki.kingdom.biglobe.ne.jp/cgi-bin
Expires : 4-1-2007 3:27:22 PM
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hp_owner@stat.onestat[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:hp_owner@stat.onestat.com/
Expires : 3-31-2016 8:00:00 AM
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 2
Objects found so far: 2



Deep scanning and examining files...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Disk Scan Result for C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2

Disk Scan Result for C:\DOCUME~1\HP_Owner\LOCALS~1\Temp\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 2


Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 2



MRU List Object Recognized!
Location: : C:\Documents and Settings\HP_Owner\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Object Recognized!
Location: : C:\Documents and Settings\HP_Owner\recent
Description : list of recently opened documents


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\adobe\acrobat reader\5.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\adobe\acrobat reader\6.0\avgeneral\crecentfiles
Description : list of recently used files in adobe reader


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Object Recognized!
Location: : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\internet explorer
Description : last download directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\internet explorer\main
Description : last save directory used in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\medialibraryui
Description : last selected node in the microsoft windows media player media library


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\player\recenturllist
Description : list of recently used web addresses in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\player\settings
Description : last save as directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\player\settings
Description : last open directory used in jasc paint shop pro


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\preferences
Description : last cd record path used in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\preferences
Description : last playlist index loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\mediaplayer\preferences
Description : last playlist loaded in microsoft windows media player


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\access\settings
Description : list of recently opened documents in microsoft access


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\insert picture\file name mru
Description : list of recent pictured inserted in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\common\open find\microsoft office powerpoint\settings\save as\file name mru
Description : list of recent documents saved by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\common\open find\microsoft office word\settings\open\file name mru
Description : list of recent documents opened by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\common\open find\microsoft office word\settings\save as\file name mru
Description : list of recent documents saved by microsoft word


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\powerpoint\recent file list
Description : list of recent files used by microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\powerpoint\recent typeface list
Description : list of recently used typefaces in microsoft powerpoint


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\office\11.0\publisher\recent file list
Description : list of recent files used by microsoft publisher


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\search assistant\acmru
Description : list of recent search terms used with the search assistant


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\windows\currentversion\applets\paint\recent file list
Description : list of files recently opened using microsoft paint


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\windows\currentversion\applets\wordpad\recent file list
Description : list of recent files opened using wordpad


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\realnetworks\realplayer\6.0\preferences
Description : list of recent skins in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\realnetworks\realplayer\6.0\preferences
Description : list of recent clips in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\realnetworks\realplayer\6.0\preferences
Description : last login time in realplayer


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\smartftp\connection data
Description : list of recently accessed servers using smartftp


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


MRU List Object Recognized!
Location: : S-1-5-21-2844003206-546039053-2456818271-1008\software\winrar\dialogedithistory\extrpath
Description : winrar "extract-to" history



Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 45

6:52:19 PM Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:06:59.47
Objects scanned:100457
Objects identified:2
Objects ignored:0
New critical objects:2

#4 rody

rody
  • Topic Starter

  • Members
  • 136 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Brass Castle
  • Local time:06:44 AM

Posted 01 April 2006 - 08:12 AM

--------------------------------------------------------
AntiVir PE Classic report :
--------------------------------------------------------



Report file date: Saturday, April 01, 2006 19:01


Jobname: 'Local Hard Disks'

Scanning for 345741 virus strains and unwanted programs.

Licensed to: AntiVir PersonalEdition Classic
Serial number: 0000149996-WURGE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: HP_Owner
Computer name: AUDREY

Version informations:
AVSCAN.EXE : 7.0.0.30 536616 3/30/2006 10:36:48
AVSCAN.DLL : 7.0.0.30 40488 3/30/2006 10:36:48
LUKE.DLL : 7.0.0.30 114728 3/30/2006 10:36:48
LUKERES.DLL : 7.0.0.30 25600 3/30/2006 10:36:48
ANTIVIR0.VDF : 6.32.0.60 4323840 3/1/2006 07:15:46
ANTIVIR1.VDF : 6.34.0.105 1669120 3/30/2006 10:36:49
ANTIVIR2.VDF : 6.34.0.106 1536 3/30/2006 10:36:49
ANTIVIR3.VDF : 6.34.0.127 40960 4/1/2006 10:11:35
AVEWIN32.DLL : 7.0.0.3 1167872 3/16/2006 22:28:54
AVPREF.DLL : 6.34.0.0 38440 2/23/2006 02:22:30
AVREP.DLL : 6.34.0.100 2461736 3/27/2006 08:50:47
AVPACK32.DLL : 6.33.0.6 331816 2/23/2006 02:22:30
AVREG.DLL : 6.31.0.90 27688 2/23/2006 02:22:30
NETNT.DLL : 6.32.0.0 6696 2/23/2006 02:22:32
NETNW.DLL : 6.32.0.0 9768 2/23/2006 02:22:32


Start of the scan: Saturday, April 01, 2006 19:01


Start scanning boot sectors:

Boot sector 'C:'
[NOTE] No virus was found!
Boot sector 'D:'
[NOTE] No virus was found!

Starting to scan the registry.

The registry was scanned ( 28 files ).


Starting the file scan:

C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Owner\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Owner\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\4N9B2IR1\wdinit64[1].exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\9NNZ9PCE\wdinit64[1].exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\C0N0VB0Y\srvlbin5[1].exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\C0N0VB0Y\wdinit64[2].exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\C9IRG1E3\wdinit64[1].exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\Documents and Settings\HP_Owner\Local Settings\Temporary Internet Files\Content.IE5\JM9B1D46\wdinit64[2].exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\Documents and Settings\NetworkService\NTUSER.DAT
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\ntuser.dat.LOG
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat
[WARNING] The file could not be opened!
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\interf.tlb
[DETECTION] Is the Trojan horse TR/Dldr.Zlob.JS.1
[INFO] The file was deleted!
C:\WINDOWS\system32\config\default
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\default.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SAM.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\SECURITY.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\software.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system
[WARNING] The file could not be opened!
C:\WINDOWS\system32\config\system.LOG
[WARNING] The file could not be opened!
C:\WINDOWS\temp\win9ED.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\win9F2.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winABA.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winB08.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winB0C.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winB10.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winB2D.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winB31.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winB34.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winB3B.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winBED.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winBFD.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winC08.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winC0B.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winC0E.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!
C:\WINDOWS\temp\winC14.tmp.exe
[DETECTION] Is the Trojan horse TR/Dialer.OY.7
[INFO] The file was deleted!


End of the scan: Saturday, April 01, 2006 20:54
Used time: 1:52:50 min

The scan has been done completely.

10469 Scanning directories
614768 Files were scanned
23 viruses and/or unwanted programs was found
23 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
15648 Archives were scanned
38 Warnings
0 Notes

#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 51,281 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:44 PM

Posted 01 April 2006 - 08:30 AM

I suggest you read and follow all instructions in the pinned topic titled Preparation Guide For Use Before Posting A Hijackthis Log.

When you have done that, post a log in the HijackThis Logs and Analysis Forum, not here, for assistance by the HJT Team Experts.

It may take a while to get a response because the HJT Team members are very busy. Please be patient as they are volunteers who will help you out as soon as possible. Once you have made your post, please DO NOT make another reply until it has been responded to by a member of the HJT Team. Generally the staff checks the forum for postings that have not been replied as this makes it easier for them to identify those who have not been helped. If you post another response, a team member, looking for a new log to work may assume another HJT Team member is already assisting you and not open the thread to respond.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users