Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

My Ie Has Been Hijacked


  • This topic is locked This topic is locked
32 replies to this topic

#1 peterm41

peterm41

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 June 2006 - 10:47 AM

Please help, my internet explorer has been hijacked, thanks in advance



Logfile of HijackThis v1.99.1
Scan saved at 16:12:39, on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\BulletProofSoft.com\BPS Spyware Remover\SpyRem.exe
C:\Documents and Settings\Peter\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bbc.co.uk/
R3 - Default URLSearchHook is missing
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] J:\My old Disk Structure -- 06-03-19 1000PM\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweakSE2\PopUp Blocker.exe
O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweakSE2\PopUp Blocker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: bw+0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw+0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw-0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw00s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw10s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw20s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw30s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw40s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw50s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw60s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw70s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw80s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bw90s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwa0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwb0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwc0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwd0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwe0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwf0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O18 - Protocol: bwg0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwg0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwh0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwi0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwj0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwk0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwl0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwm0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwn0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwo0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwp0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwq0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwr0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bws0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwt0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwu0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwv0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bww0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwx0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwy0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: bwz0s - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: offline-8876480 - {092A9EE2-C660-4DE8-9FAB-ED82DCE59D99} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)

BC AdBot (Login to Remove)

 


#2 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 18 June 2006 - 11:53 AM

Hello and welcome to BC.

Please disable Windows Defender Real Time Protection as it may interfere with the fix.

To disable Windows Defender:
  • Open Windows Defender
  • Click Tools
  • Click General Settings
  • Scroll down to Real Time Protection Options
  • Uncheck Turn on Real Time Protection (recommended)
  • After you uncheck this, click on the Save button
  • Close Windows Defender
Once your log is clean you can re-enable Windows Defender Real Time Protection.

=================================

Logitech Desktop Messenger uses "BackWeb" proactive technology to retrieve information about your Logitech devices by downloading content in the background during network idle time. Eventhough they claim not to upload any other information to their servers or any other internet servers, it's still spying in my book. So, if you want to remove this feature, simply remove "Logitech Desktop Messenger" from Add/Remove programs in the control panel.

=================================

Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 5.0 Update 7 .
You are running an old vulnerable version of Java.
  • Go to Start > Control Panel > Add/Remove Programs.
  • Search for all previous installed versions of Java. (J2SE Runtime Environment.... ) and delete them.
  • It/they should have this icon next to it/them: Posted Image
  • Then download and install the newest version. 1.5.07 from here.
==================================
  • Close all open Explorer windows and browsers/email, etc
  • Run HijackThis
  • Click on the Scan button and when complete
  • Put a check beside all of the items listed below
  • Click on the "Fix Checked" button
  • When completed, close the application.
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = prosearching.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=54729
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=552...cid={SUB_CLCID}
R1 - HKCU\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE


==================================

Reboot and post a fresh HijackThis log please.

#3 peterm41

peterm41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 June 2006 - 12:21 PM

Thanks for your help, here is the new log, I also uninstalled logitech desktop manager


Logfile of HijackThis v1.99.1
Scan saved at 18:18:29, on 18/06/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5346.0005)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\mpssvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Logitech\MediaLife\MediaLifeService.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Lexmark 2200 Series\lxbvbmon.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\Common Files\Logitech\KHAL\KHALMNPR.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\ewido anti-malware\SecuritySuite.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Java\j2re1.4.2_04\bin\jusched.exe
C:\WINDOWS\system32\notepad.exe
C:\Documents and Settings\Peter\My Documents\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bbc.co.uk/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.bbc.co.uk/
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [MediaLifeService] "C:\Program Files\Logitech\MediaLife\MediaLifeService.exe"
O4 - HKLM\..\Run: [Lexmark 2200 Series] "C:\Program Files\Lexmark 2200 Series\lxbvbmgr.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [MMTray] C:\Program Files\MUSICMATCH\MUSICMATCH Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [OneCareUI] "C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PCPitstop Optimize Registration Reminder] J:\My old Disk Structure -- 06-03-19 1000PM\Program Files\PCPitstop\Optimize\Reminder.exe
O4 - HKLM\..\Run: [SpyStopperPro] C:\Program Files\SpyStopper Pro\ssp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_07\bin\jusched.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_07\bin\npjpi150_07.dll
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra 'Tools' menuitem: Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
O9 - Extra button: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweakSE2\PopUp Blocker.exe
O9 - Extra 'Tools' menuitem: Pop-Up Blocker - {84536FE2-ABCD-3586-DCAB-40E286323737} - C:\Program Files\WINnerTweakSE2\PopUp Blocker.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} (PCPitstop Utility) - http://www.pcpitstop.com/pcpitstop/PCPitStop.CAB
O16 - DPF: {13EC55CF-D993-475B-9ACA-F4A384957956} (Controller Class) - https://www.windowsonecare.com/install/cli/...nSSWebAgent.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://driveragent.com/files/driveragent.cab
O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www.pcpitstop.com/antivirus/PitPav.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://chat.msn.com/controls/msnchat45.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: MSMPSVC - Unknown owner - C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MSMPSVC.exe" -n 4 (file missing)

#4 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 18 June 2006 - 12:30 PM

Looks clean. Still have problems?

#5 peterm41

peterm41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 June 2006 - 12:37 PM

Looks clean. Still have problems?


Seems OK, however, I am using IE7 beta and since the above problem started I can not use the tab browsing, when I click to open a new tab the IE just closes and goes back to desktop. Ive tried reinstalling IE7.

#6 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 18 June 2006 - 12:53 PM

So, no more hijacking of your internet browser I understand. I don't believe the problem with the tab browsing is malware related. I would suggest that you visit the XP forum and see if they can help you.

Let's have an online scan too to make sure that there is nothing else is hiding around.

Kaspersky Online Scanner

Click on Kaspersky Online Scanner

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then start to download the latest definition files.
  • Once the scanner is installed and the definitions downloaded, click Next.
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      • Extended (If available otherwise Standard)
    • Scan Options:
      • Scan Archives
      • Scan Mail Bases
  • Click OK
  • Now under select a target to scan select My Computer
  • The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


#7 peterm41

peterm41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 June 2006 - 02:42 PM

Started the scanner an hour ago, upto 13%, its found 13 virus and is only on 13%, this may take awhile. Get back to yu tomorrow, thanks for waiting!!!

#8 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 18 June 2006 - 02:45 PM

You can shorten the scanning time if you clean your temp files first.

Please download Ccleaner and save it to your desktop.

Tutorial for CCleaner

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it

  • Click on Options,

  • Select Advanced

  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"

  • Make sure the Cleaner block on the left is selected.

  • Do not use the "Issues" block . It's meant for professionals.

  • Choose the Windows tab.

  • Check everything EXCEPT Advanced part of the Menu.

  • Click on "Analyze". This process could take a while.

  • If you don't want to loose your login passwords to certain sites, click on Options

  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.

  • Choose Run Cleaner.

When CCleaner shows how much has been removed, cleaning is finished. Click Exit.


If you have more than one users, run Ccleaner for every user

#9 peterm41

peterm41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 June 2006 - 03:18 PM

Did ccleaner before scan, I will post you the results when its finished.

Thanks for your help.

Edited by peterm41, 18 June 2006 - 03:19 PM.


#10 peterm41

peterm41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 June 2006 - 03:23 PM

Got this from C drive












KASPERSKY ON-LINE SCANNER REPORT
Sunday, June 18, 2006 9:20:38 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 18/06/2006
Kaspersky Anti-Virus database records: 201229


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 130111
Number of viruses found 16
Number of infected objects 83
Number of suspicious objects 0
Duration of the scan process 01:53:13

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip ZIP: infected - 4 skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe RarSFX: infected - 5 skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder 1.5 Beta 3.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder 1.5 Beta 3.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder 1.5 Beta 3.exe RarSFX: infected - 2 skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe RarSFX: infected - 3 skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe RarSFX: infected - 4 skipped

C:\downloaded\antispyware tools\XoftSpySE v4.26\XoftSpySE426_185.exe/stream/data0041 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\downloaded\antispyware tools\XoftSpySE v4.26\XoftSpySE426_185.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\downloaded\antispyware tools\XoftSpySE v4.26\XoftSpySE426_185.exe NSIS: infected - 2 skipped

C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped

C:\Program Files\Common Files\Y1123OA.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024021.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024023.exe Infected: Trojan-Downloader.Win32.Small.cvw skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024024.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024024.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024025.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP105\A0024060.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP105\A0024062.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP105\A0024063.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0009930.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014390.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe RarSFX: infected - 3 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe RarSFX: infected - 3 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe RarSFX: infected - 5 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016404.exe Infected: Trojan-Clicker.Win32.Small.kx skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016405.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016405.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016405.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016406.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016407.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016422.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016422.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016422.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP45\A0016511.exe Infected: Trojan-Downloader.Win32.Small.cvw skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP84\A0018831.exe Infected: Trojan-Downloader.Win32.PurityScan.cp skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP84\A0018838.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020032.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.bs skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020032.exe Embedded EXE: infected - 1 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020036.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020036.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020037.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP99\A0022721.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\WINDOWS\system32\awvts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bu skipped

C:\WINDOWS\system32\winwil32.dll Infected: Trojan.Win32.Agent.qt skipped

C:\WINDOWS\system32\yayyxus.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bs skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-70788cf6-7da7ef43.zip/web.exe Infected: Trojan.Win32.Small.ev skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-70788cf6-7da7ef43.zip ZIP: infected - 1 skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-46d62280-1a1d4948.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-46d62280-1a1d4948.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-46d62280-1a1d4948.zip ZIP: infected - 2 skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-770fae0-264e5e7d.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-770fae0-264e5e7d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-770fae0-264e5e7d.zip ZIP: infected - 2 skipped

Scan was interrupted by user!

#11 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 18 June 2006 - 03:31 PM

Scan was interrupted by user!


This is not a complete scan. May I have the complete scan please?

#12 peterm41

peterm41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 18 June 2006 - 03:50 PM

Scan was interrupted by user!


This is not a complete scan. May I have the complete scan please?



yes, maybe a while tho

#13 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 18 June 2006 - 03:55 PM

No, problem, but sooner the better I would say. :thumbsup:

#14 peterm41

peterm41
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:08:30 PM

Posted 20 June 2006 - 02:01 PM

:thumbsup:
Sorry this took so long here is the log and the IE is still being hijacked





KASPERSKY ON-LINE SCANNER REPORT
Tuesday, June 20, 2006 7:54:24 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.78.0
Kaspersky Anti-Virus database last update: 20/06/2006
Kaspersky Anti-Virus database records: 201527


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target My Computer
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\

Scan Statistics
Total number of scanned objects 464258
Number of viruses found 25
Number of infected objects 104
Number of suspicious objects 0
Duration of the scan process 06:23:24

Infected Object Name Virus Name Last Action
C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\Content.IE5\9TZIZVMK\SysProtectScannerInstall[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.k skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip/keyfinder.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\kf141.zip ZIP: infected - 4 skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\Documents and Settings\Peter\My Documents\rockxp.exe RarSFX: infected - 5 skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder 1.5 Beta 3.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder 1.5 Beta 3.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder 1.5 Beta 3.exe RarSFX: infected - 2 skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Key Finder.exe RarSFX: infected - 3 skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\Rock XP 2.0.exe RarSFX: infected - 4 skipped

C:\downloaded\antispyware tools\XoftSpySE v4.26\XoftSpySE426_185.exe/stream/data0041 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\downloaded\antispyware tools\XoftSpySE v4.26\XoftSpySE426_185.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\downloaded\antispyware tools\XoftSpySE v4.26\XoftSpySE426_185.exe NSIS: infected - 2 skipped

C:\Program Files\BitTorrent\uninstall.exe/stream/data0002 Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe/stream Infected: not-a-virus:RiskTool.Win32.PsKill.n skipped

C:\Program Files\BitTorrent\uninstall.exe NSIS: infected - 2 skipped

C:\Program Files\Common Files\Y1123OA.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024021.exe Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024023.exe Infected: Trojan-Downloader.Win32.Small.cvw skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024024.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024024.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP104\A0024025.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP105\A0024060.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP105\A0024062.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP105\A0024063.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP123\A0025102.exe Infected: not-a-virus:Downloader.Win32.WinFixer.k skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0009930.exe Infected: not-a-virus:AdWare.Win32.Trymedia.b skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014390.exe Infected: P2P-Worm.Win32.VB.dw skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014638.exe RarSFX: infected - 3 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe/data.rar/officekey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP36\A0014639.exe RarSFX: infected - 3 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/xpkey.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/keyms.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/RAS.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar/RockXp_.exe Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe/data.rar Infected: not-a-virus:PSWTool.Win32.RAS.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016400.exe RarSFX: infected - 5 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016404.exe Infected: Trojan-Clicker.Win32.Small.kx skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016405.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016405.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016405.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016406.exe Infected: Trojan.Win32.Dialer.oy skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016407.exe Infected: Trojan.Win32.Agent.qt skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016422.exe/data0002/data0006 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016422.exe/data0002 Infected: Trojan-Dropper.Win32.VB.kk skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP44\A0016422.exe NSIS: infected - 2 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP45\A0016511.exe Infected: Trojan-Downloader.Win32.Small.cvw skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP84\A0018831.exe Infected: Trojan-Downloader.Win32.PurityScan.cp skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP84\A0018838.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020032.exe/EXE-file Infected: not-a-virus:AdWare.Win32.Virtumonde.bs skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020032.exe Embedded EXE: infected - 1 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020036.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.cq skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020036.exe NSIS: infected - 1 skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP90\A0020037.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\System Volume Information\_restore{50E337F3-93AE-4145-91E9-DDFE379C02D7}\RP99\A0022721.exe Infected: Trojan-Downloader.Win32.Obfuscated.a skipped

C:\WINDOWS\system32\awvts.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bu skipped

C:\WINDOWS\system32\winwil32.dll Infected: Trojan.Win32.Agent.qt skipped

C:\WINDOWS\system32\yayyxus.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.bs skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-70788cf6-7da7ef43.zip/web.exe Infected: Trojan.Win32.Small.ev skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jar.jar-70788cf6-7da7ef43.zip ZIP: infected - 1 skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-46d62280-1a1d4948.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-46d62280-1a1d4948.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-46d62280-1a1d4948.zip ZIP: infected - 2 skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-770fae0-264e5e7d.zip/GetAccess.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-770fae0-264e5e7d.zip/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.aj skipped

J:\Documents and Settings\peter\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jrl.jar-770fae0-264e5e7d.zip ZIP: infected - 2 skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0002/NHInstall.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0002/v2.0.2.cab/NHUninstaller.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0002/v2.0.2.cab/NHUpdater.exe Infected: not-a-virus:AdWare.Win32.NavExcel skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0002/v2.0.2.cab/NHelper.dll Infected: not-a-virus:AdWare.Win32.NavExcel skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0002/v2.0.2.cab Infected: not-a-virus:AdWare.Win32.NavExcel skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0002 Infected: not-a-virus:AdWare.Win32.NavExcel skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0003/data0139 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe/data0003 Infected: not-a-virus:AdWare.Win32.HelpExpress skipped

J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe Inno: infected - 8 skipped

J:\My old Disk Structure -- 06-03-19 1000PM\WINDOWS\system32\drivers\sysbus32.sys Infected: SpamTool.Win32.Mailbot.ao skipped

J:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP118\A0015758.dll Infected: Trojan-Downloader.Win32.Small.cqs skipped

J:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP160\A0018143.exe Infected: not-a-virus:AdWare.Win32.SaveNow.bo skipped

J:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP190\A0023647.exe/data0002 Infected: Trojan-Clicker.Win32.Small.jf skipped

J:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP190\A0023647.exe NSIS: infected - 1 skipped

J:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP223\A0025057.exe/data0001 Infected: Trojan-Clicker.Win32.Small.jf skipped

J:\System Volume Information\_restore{1ECDAF7B-E276-4258-8067-2BBA1926186B}\RP223\A0025057.exe NSIS: infected - 1 skipped

J:\WINDOWS\system32\tmp_3.exe Infected: Trojan-Downloader.Win32.Small.cqf skipped

K:\Shared\unlock sky channels.zip/setup.exe Infected: Trojan-Downloader.Win32.IstBar.nj skipped

K:\Shared\unlock sky channels.zip ZIP: infected - 1 skipped

Scan process completed.

#15 amateur

amateur

    Malware Fighter


  • Malware Response Team
  • 2,775 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:30 PM

Posted 20 June 2006 - 03:00 PM

Hi peterm41,


Please print these instructions for easy access at all times.

Please download Ccleaner and save it to your desktop.
Tutorial for CCleaner
During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it

=======================================

Download and install Ewido Anti-Malware and update it to the latest definitions. Don't use it yet. We'll do that in Safe Mode later.

========================================

Go to My Computer> Tools> Folder Options> View>"Uncheck" Hide protected operating system files. Click Apply>OK.

=======================================

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
Look in here for
more information.

========================================

Using Windows Explorer(right click on Start, click on Explore), navigate to and delete the following files and folders:

C:\Documents and Settings\Peter\My Documents\kf141.zip/
C:\Documents and Settings\Peter\My Documents\rockxp.exe
C:\Program Files\Common Files\Y1123OA.exe
C:\WINDOWS\system32\awvts.dll
C:\WINDOWS\system32\winwil32.dll
C:\WINDOWS\system32\yayyxus.dll
J:\My old Disk Structure -- 06-03-19 1000PM\Documents and Settings\stevie.FAMILY\My Documents\dvdrnb.exe
J:\My old Disk Structure -- 06-03-19 1000PM\WINDOWS\system32\drivers\sysbus32.sys
J:\WINDOWS\system32\tmp_3.exe
K:\Shared\unlock sky channels.zip

C:\Program Files\BitTorrent\
C:\downloaded\(app) windows xp KeyGens & Cracks & Appz\

Navigate to and delete the contents of the following folder, but not the folder itself:

C:\Documents and Settings\Peter\Local Settings\Temporary Internet Files\<==== delete the contents, not the folder itself.

===========================================

Clear the Java cache...

Go to Control Panel > Java -or- Java Plugin > General tab > Temporary Internet Files > Delete Files:
Checkmark all 3 options
Click "OK"

If those settings are different, the "Clear Cache" option might be under the "Cache" tab instead.

While you are at the Control Panel, please delete all the older versions of Java, leaving only j2re1.507. I still see j2re1.4.2_04 running after my instruction in post # 2.

===========================================

From Safe Mode run Ccleaner
  • Click on Options,
  • Select Advanced
  • Now UNCHECK "Only delete files in Windows Temp folders older than 48 hours"
  • Make sure the Cleaner block on the left is selected.
  • Do not use the "Issues" block . It's meant for professionals.
  • Choose the Windows tab.
  • Check everything EXCEPT Advanced part of the Menu.
  • Click on "Analyze". This process could take a while.
  • If you don't want to loose your login passwords to certain sites, click on Options
  • Select cookies and move the ones you want to keep to the "cookies to keep" section, by highlighting and using the arrows in the middle.
  • Choose Run Cleaner.
When CCleaner shows how much has been removed, cleaning is finished. Click Exit.
If you have more than one users, run Ccleaner for every user

==========================================

From Safe Mode, run Ewido and do a Complete System Scan

==========================================

Reboot in Normal Mode.

==========================================

Download, update, configure and run these two programs: http://tomcoyote.org/aawsb.php
The newest version of Ad-aware SE is 1.06 and Spybot 1.4. Even if you have these programs, use the link to get the newest version, update and configure them as in the link. Run Spybot first, reboot then run Ad-aware. Both programs back up what they remove so delete anything the programs say should be remove

==========================================

Scan with Kaspersky again.

==========================================

Post back a fresh HijackThis log, Ewido log and the new Kaspersky log please. Let me know how thing are now.

Edited by amateur, 20 June 2006 - 03:02 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users