Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Troubled With Sysprotect/winantivirus/adultfriendfinder Ads.


  • Please log in to reply
22 replies to this topic

#1 Pumpkins

Pumpkins

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 05 July 2006 - 10:04 AM

Hi everyone, here's my HijackThis log (hope someone can help :D ):


Logfile of HijackThis v1.99.1
Scan saved at 10:59:38 AM, on 7/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_01\bin\ssv.dll (file missing)
O2 - BHO: DPCUpdater Object - {E291663A-2D6F-4B56-B9DF-AE239AEF6A5B} - C:\WINDOWS\System32\ddcyy.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120329870750
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: ddcyy - C:\WINDOWS\System32\ddcyy.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

BC AdBot (Login to Remove)

 


#2 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2006 - 03:23 PM

Hi Pumpkins and Welcome to the Bleeping Computer!


Please download VundoFix.exe to your desktop.
  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.


#3 Pumpkins

Pumpkins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 05 July 2006 - 06:20 PM

Hi, thanks for the reply. Here is my Vundofix Log:




VundoFix V4.2.84

Running as SYSTEM
from c:\windows\system32\VundoFix.exe

Checking Java version...

Java version is 1.5.0.6

Scan started at 6:31:10 PM 7/5/2006

Listing files found while scanning....

C:\WINDOWS\System32\ddcyy.dll
C:\WINDOWS\System32\yycdd.ini
C:\WINDOWS\System32\yycdd.bak1
C:\WINDOWS\System32\yycdd.bak2
C:\WINDOWS\System32\yycdd.tmp

C:\WINDOWS\system32\yycdd.bak1
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.tmp
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\ddcyy.dll
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\yycdd.bak2
C:\WINDOWS\system32\yycdd.tmp
C:\WINDOWS\system32\yycdd.ini
C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\ddcyy.dll
Attempting to delete C:\WINDOWS\System32\ddcyy.dll
C:\WINDOWS\System32\ddcyy.dll Has been deleted!

Attempting to delete C:\WINDOWS\System32\yycdd.ini
C:\WINDOWS\System32\yycdd.ini Has been deleted!

Attempting to delete C:\WINDOWS\System32\yycdd.bak1
C:\WINDOWS\System32\yycdd.bak1 Has been deleted!

Attempting to delete C:\WINDOWS\System32\yycdd.bak2
C:\WINDOWS\System32\yycdd.bak2 Has been deleted!

Attempting to delete C:\WINDOWS\System32\yycdd.tmp
C:\WINDOWS\System32\yycdd.tmp Has been deleted!

Attempting to delete C:\WINDOWS\system32\yycdd.ini2
C:\WINDOWS\system32\yycdd.ini2 Has been deleted!

Performing Repairs to the registry.
Done!


And a new HijackThis Log:

Logfile of HijackThis v1.99.1
Scan saved at 7:27:27 PM, on 7/5/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_01\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120329870750
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

Edited by Pumpkins, 05 July 2006 - 06:29 PM.


#4 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 05 July 2006 - 09:08 PM

First, Download LSPFix.exe to a convenient location. Do NOT run this program. This is only to be used if you lose Internet Access after removing NewDotNet.

To Get rid of NewDotNet, go to:

Start > Control Panel > Add or Remove Programs and remove the following:

New.Net Applications or New.Net Domains (anything that says New.Net)

If it is not there, go here and follow Procedure 4: NewDotNet Removal Procedure 4.

In the event that you lose Internet access after removing New.Net, please double-click LSPFix.exe that you downloaded earlier. Check the "I know what I'm doing" button. You will see 2 panels. If there is any file listed in the "Remove" panel on the right-side, leave it as is and just click "Finish>>" then reboot your computer and you should now have access to the Internet. If nothing is listed under the "Remove Panel", do NOT do anything - just close the program. You will need to use another computer to come back here for further instructions on what to do.


Please run the F-Secure Online Scanner

Note: This Scanner is for Internet Explorer Only!
  • Follow the Instruction on the F-Secure page for proper installation.
  • Accept the License Agreement.
  • Once the ActiveX installs,Click Full System Scan
  • Once the download completes,the scan will begin automatically.
  • The scan will take some time to finish,so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and Copy&Paste the entire report in your next reply along with a fresh HijackThs log.


#5 Pumpkins

Pumpkins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 06 July 2006 - 06:10 PM

Hi again. I had some trouble doing the online scan, as it kept freezing up when it was deleting the malware and viruses and what not .. so I had to do three scans. I forgot to copy the two scans prior to this one.. so sorry about that. Hope it works.

Scanning Report
Thursday, July 06, 2006 17:43:38 - 18:35:45

Computer name: X
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 8 malware found
Apropo.g (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\50273696

Exploit.HTML.Mht (virus)

* C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4F644720.HTM

Tracking Cookie (spyware)

* System (Disinfected)
* System
* System
* System
* System

not-virus:Hoax.Win32.Renos.y (virus)

* C:\SECURE32.HTML

Statistics
Scanned:

* Files: 20726
* System: 7899
* Not scanned: 4

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 7
* Submitted: 0

Files not scanned:

* C:\HIBERFIL.SYS
* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{461F74BA-AFF6-4EC2-98B0-00DD0820D28F}.BIN

Options
Scanning engines:

* F-Secure AVP: 6.0.171, 2006-07-06
* F-Secure Libra: 2.4.1, 2006-07-04
* F-Secure Orion: 1.2.37, 2006-07-06
* F-Secure Blacklight: 1.0.31, 0000-00-00
* F-Secure Draco: 1.0.35, 2006-06-29
* F-Secure Pegasus: 1.19.0, 2006-06-04

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics


And here is a fresh new HijackThis log


Logfile of HijackThis v1.99.1
Scan saved at 7:07:23 PM, on 7/6/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Java\jre1.5.0_01\bin\jucheck.exe
C:\Program Files\BigFix\BigFix.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\MSNMES~1\msnmsgr.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.emachines.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://red.clientapps.yahoo.com/customize/...rch/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.emachines.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R3 - Default URLSearchHook is missing
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_01\bin\ssv.dll (file missing)
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [bcmwltry] bcmwltry.exe
O4 - HKLM\..\Run: [removecpl] RemoveCpl.exe
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SSC_UserPrompt] C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe
O4 - HKLM\..\Run: [ViewMgr] C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_01\bin\jusched.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AIM] C:\Program Files\aim\aim.exe -cnetwait.odl
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\ypager.exe" -quiet
O4 - HKCU\..\Run: [STYLEXP] C:\Program Files\TGTSoft\StyleXP\StyleXP.exe -Hide
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Microsoft Works Update Detection] c:\Program Files\Microsoft Works\WkDetect.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: BigFix.lnk = C:\Program Files\BigFix\BigFix.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O8 - Extra context menu item: &Viewpoint Search - res://C:\Program Files\Viewpoint\Viewpoint Toolbar\ViewBar.dll/CXTSEARCH.HTML
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_01\bin\npjpi150_01.dll
O9 - Extra button: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - C:\Program Files\ICQ\ICQ.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\aim\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O10 - Broken Internet access because of LSP provider 'c:\program files\newdotnet\newdotnet6_98.dll' missing
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.emachines.com
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/...b?1120329870750
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - http://support.f-secure.com/ols3/fscax.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Filter: text/plain - (no CLSID) - (no file)
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - Unknown owner - %ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini (file missing)
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: StyleXPService - Unknown owner - C:\Program Files\TGTSoft\StyleXP\StyleXPService.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe

#6 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2006 - 06:25 PM

Please download SmitfraudFix (by S!Ri)
Extract the content (a folder named SmitfraudFix) to your Desktop.

Open the SmitfraudFix folder and double-click smitfraudfix.cmd
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.

Note : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm

#7 Pumpkins

Pumpkins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 06 July 2006 - 06:31 PM

Here you go, I hope I did this right

SmitFraudFix v2.68b

Scan done at 19:29:57.96, Thu 07/06/2006
Run from C:\Documents and Settings\Andriod\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode

C:\

C:\secure32.html FOUND !

C:\WINDOWS


C:\WINDOWS\system


C:\WINDOWS\Web


C:\WINDOWS\system32

C:\WINDOWS\system32\whitevx.lst FOUND !

C:\Documents and Settings\Andriod\Application Data


Start Menu





Desktop


C:\Program Files


Corrupted keys


Desktop Components

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"=""
"FriendlyName"=""


Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Scanning wininet.dll infection


End

#8 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 06 July 2006 - 08:02 PM

You should print out these instructions, or copy them to a NotePad file for reading while in Safe Mode, because you will not be able to connect to the Internet to read from this site.

Next, please reboot your computer in Safe Mode by doing the following :
  • Restart your computer
  • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
  • Instead of Windows loading as normal, a menu with options should appear;
  • Select the first option, to run Windows in Safe Mode, then press "Enter".
  • Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.

You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.

The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".

The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt

Warning : running option #2 on a non infected computer will remove your Desktop background.



Please run an Online Scan here
http://www.bitdefender.com/scan/licence.php


Post back with the results of the Online Scan and C:\rapport.txt from Smitfraud Fix.

#9 Pumpkins

Pumpkins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 07 July 2006 - 06:17 PM

Here is my Fix log


SmitFraudFix v2.68b

Scan done at 17:43:47.26, Fri 07/07/2006
Run from C:\Documents and Settings\Andriod\Desktop\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in safe mode

Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

Killing process


Generic Renos Fix

GenericRenosFix by S!Ri


Deleting infected files


Deleting Temp Files


Registry Cleaning

Registry Cleaning done.

After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


End



The online log.. It looks like my computer is loaded with viruses. :/


Statistics

Time


01:13:07

Files


250046

Folders


3830

Boot Sectors


2

Archives


7641

Packed Files


15073







Results

Identified Viruses


28

Infected Files


54

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


98







Engines Info

Virus Definitions


406503

Engine build


AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins


13

Archive plugins


39

Unpack plugins


5

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\boot.inx


Infected with: Trojan.Downloader.Tibs.1.Gen

C:\boot.inx


Disinfection failed

C:\boot.inx


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SandBoxEscape.class


Infected with: Trojan.Java.Byteverify.Exploit.B

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SandBoxEscape.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SandBoxEscape.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SuperMSClassLoader.class


Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SuperMSClassLoader.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SuperMSClassLoader.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>NewURLClassLoader.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>NewURLClassLoader.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>NewURLClassLoader.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>Installer.class


Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>Installer.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>Installer.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip=>eclsxp21.exe


Detected with: Application.Keygen.Xpstyle.U

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip=>eclsxp21.exe


Disinfection failed

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip=>eclsxp21.exe


Deleted

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip


Updated

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip


Updated

C:\Documents and Settings\Andriod\Shared\StyleXP .zip


Updated

C:\Program Files\Norton AntiVirus\Quarantine\02105CC7.0=>(Quarantine-2)


Infected with: Trojan.Aproposad.C

C:\Program Files\Norton AntiVirus\Quarantine\02105CC7.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\02105CC7.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\021406C3.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Adload.A

C:\Program Files\Norton AntiVirus\Quarantine\021406C3.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\021406C3.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\021D04B8.0=>(Quarantine-2)


Infected with: Trojan.Downloader.IstBar.LC

C:\Program Files\Norton AntiVirus\Quarantine\021D04B8.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\021D04B8.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\02212EB5.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Dyfuca.EI

C:\Program Files\Norton AntiVirus\Quarantine\02212EB5.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\02212EB5.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\022458B1.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Dyfuca.EI

C:\Program Files\Norton AntiVirus\Quarantine\022458B1.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\022458B1.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\022A2CAA=>(Quarantine-2)


Infected with: JS.Trojan.Downloader.IstBar.M

C:\Program Files\Norton AntiVirus\Quarantine\022A2CAA=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\022A2CAA=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\022E56A6=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\022E56A6=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\022E56A6=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\09BB2FA7.0TM=>(Quarantine-2)


Infected with: Exploit.Phel.Gen

C:\Program Files\Norton AntiVirus\Quarantine\09BB2FA7.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\09BB2FA7.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0EB078AC.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\0EB078AC.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\0EB078AC.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\134D66DB.0TM=>(Quarantine-2)


Infected with: Trojan.Exploit.Vbs.Phel.A

C:\Program Files\Norton AntiVirus\Quarantine\134D66DB.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\134D66DB.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\188C0E74=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\188C0E74=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\188C0E74=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1AED44BA.0=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\1AED44BA.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1AED44BA.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1D300E4B.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\1D300E4B.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1D300E4B.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\212F2B5C=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\212F2B5C=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\212F2B5C=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\21E6469C.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Adload.A

C:\Program Files\Norton AntiVirus\Quarantine\21E6469C.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\21E6469C.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\24035674.0=>(Quarantine-2)


Infected with: Trojan.Dialer.EE

C:\Program Files\Norton AntiVirus\Quarantine\24035674.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\24035674.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2E5276B0.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\2E5276B0.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2E5276B0.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>BlackBox.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>BlackBox.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>BlackBox.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>VerifierBug.class


Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>VerifierBug.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>VerifierBug.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Dummy.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Dummy.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Dummy.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Beyond.class


Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Beyond.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Beyond.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip


Update failed

C:\Program Files\Norton AntiVirus\Quarantine\36ED7B0D.0TM=>(Quarantine-2)


Infected with: Exploit.Phel.Gen

C:\Program Files\Norton AntiVirus\Quarantine\36ED7B0D.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\36ED7B0D.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\38035295.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\38035295.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\38035295.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\39CA0586.0TM=>(Quarantine-2)


Infected with: Exploit.Phel.Gen

C:\Program Files\Norton AntiVirus\Quarantine\39CA0586.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\39CA0586.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\39D0597F.0TM=>(Quarantine-2)


Infected with: Trojan.Htmlhelpcontrol.Exploit.A

C:\Program Files\Norton AntiVirus\Quarantine\39D0597F.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\39D0597F.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\43F64877.0TM=>(Quarantine-2)


Infected with: Trojan.Exploit.Html.MHT

C:\Program Files\Norton AntiVirus\Quarantine\43F64877.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\43F64877.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\44977A98.0=>(Quarantine-2)


Infected with: Trojan.Downloader.IstBar.JM

C:\Program Files\Norton AntiVirus\Quarantine\44977A98.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\470E1988=>(Quarantine-2)


Infected with: Trojan.Isbar.230

C:\Program Files\Norton AntiVirus\Quarantine\470E1988=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\470E1988=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\494E7FFE=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\494E7FFE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\494E7FFE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F644720.htm=>(Quarantine-2)


Infected with: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton AntiVirus\Quarantine\4F644720.htm=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F644720.htm=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5007588C.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\5007588C.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5007588C.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\50273696=>(Quarantine-2)


Detected with: Adware.POP.dl

C:\Program Files\Norton AntiVirus\Quarantine\50273696=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\50273696=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\56C44E01.0XE=>(Quarantine-2)


Infected with: Win32.Worm.Alcan.A

C:\Program Files\Norton AntiVirus\Quarantine\56C44E01.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\56C44E01.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5C1D689C=>(Quarantine-2)


Infected with: Trojan.Downloader.Apropo.G

C:\Program Files\Norton AntiVirus\Quarantine\5C1D689C=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5C1D689C=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5F75574C.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\5F75574C.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5F75574C.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\645D1C12.0=>(Quarantine-2)


Infected with: Trojan.Dialer.EE

C:\Program Files\Norton AntiVirus\Quarantine\645D1C12.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\645D1C12.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\67AE249B.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Agent.HW

C:\Program Files\Norton AntiVirus\Quarantine\67AE249B.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\67AE249B.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\733E609A.0=>(Quarantine-2)


Infected with: Trojan.Downloader.IstBar.IJ

C:\Program Files\Norton AntiVirus\Quarantine\733E609A.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\744E330B.0=>(Quarantine-2)


Infected with: Trojan.Dialer.AY2

C:\Program Files\Norton AntiVirus\Quarantine\744E330B.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B196282=>(Quarantine-2)


Infected with: Trojan.Dloader.HK

C:\Program Files\Norton AntiVirus\Quarantine\7B196282=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B196282=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7ECE1C98=>(Quarantine-2)


Infected with: Trojan.Dloader.HK

C:\Program Files\Norton AntiVirus\Quarantine\7ECE1C98=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7ECE1C98=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000247.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000247.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000247.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000248.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000248.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000248.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000249.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000249.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000249.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000250.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000250.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000250.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000251.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000251.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000251.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000252.exe=>(Quarantine-2)


Infected with: Win32.Worm.Alcan.A

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000252.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000252.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000253.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000253.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000253.exe=>(Quarantine-2)


Deleted

#10 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2006 - 06:52 PM

If you will,post the BitDefender results by themselves please.

#11 Pumpkins

Pumpkins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 07 July 2006 - 07:04 PM

Statistics

Time


01:13:07

Files


250046

Folders


3830

Boot Sectors


2

Archives


7641

Packed Files


15073







Results

Identified Viruses


28

Infected Files


54

Suspect Files


0

Warnings


0

Disinfected


0

Deleted Files


98







Engines Info

Virus Definitions


406503

Engine build


AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)

Scan plugins


13

Archive plugins


39

Unpack plugins


5

E-mail plugins


6

System plugins


1







Scan Settings

First Action


Disinfect

Second Action


Delete

Heuristics


Yes

Enable Warnings


Yes

Scanned Extensions


*;

Exclude Extensions




Scan Emails


Yes

Scan Archives


Yes

Scan Packed


Yes

Scan Files


Yes

Scan Boot


Yes








Scanned File


Status

C:\boot.inx


Infected with: Trojan.Downloader.Tibs.1.Gen

C:\boot.inx


Disinfection failed

C:\boot.inx


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SandBoxEscape.class


Infected with: Trojan.Java.Byteverify.Exploit.B

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SandBoxEscape.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SandBoxEscape.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SuperMSClassLoader.class


Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SuperMSClassLoader.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>SuperMSClassLoader.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>NewURLClassLoader.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>NewURLClassLoader.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>NewURLClassLoader.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>Installer.class


Infected with: Trojan.Exploit.ByteVerify.L

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>Installer.class


Disinfection failed

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip=>Installer.class


Deleted

C:\Documents and Settings\Andriod\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\ie0601a.jar-523da84a-287b2104.zip


Updated

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip=>eclsxp21.exe


Detected with: Application.Keygen.Xpstyle.U

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip=>eclsxp21.exe


Disinfection failed

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip=>eclsxp21.exe


Deleted

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip=>Style.XP.v2.16.Keygen.zip


Updated

C:\Documents and Settings\Andriod\Shared\StyleXP .zip=>StyleXPkeygen.zip


Updated

C:\Documents and Settings\Andriod\Shared\StyleXP .zip


Updated

C:\Program Files\Norton AntiVirus\Quarantine\02105CC7.0=>(Quarantine-2)


Infected with: Trojan.Aproposad.C

C:\Program Files\Norton AntiVirus\Quarantine\02105CC7.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\02105CC7.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\021406C3.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Adload.A

C:\Program Files\Norton AntiVirus\Quarantine\021406C3.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\021406C3.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\021D04B8.0=>(Quarantine-2)


Infected with: Trojan.Downloader.IstBar.LC

C:\Program Files\Norton AntiVirus\Quarantine\021D04B8.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\021D04B8.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\02212EB5.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Dyfuca.EI

C:\Program Files\Norton AntiVirus\Quarantine\02212EB5.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\02212EB5.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\022458B1.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Dyfuca.EI

C:\Program Files\Norton AntiVirus\Quarantine\022458B1.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\022458B1.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\022A2CAA=>(Quarantine-2)


Infected with: JS.Trojan.Downloader.IstBar.M

C:\Program Files\Norton AntiVirus\Quarantine\022A2CAA=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\022A2CAA=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\022E56A6=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\022E56A6=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\022E56A6=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\09BB2FA7.0TM=>(Quarantine-2)


Infected with: Exploit.Phel.Gen

C:\Program Files\Norton AntiVirus\Quarantine\09BB2FA7.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\09BB2FA7.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\0EB078AC.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\0EB078AC.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\0EB078AC.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\134D66DB.0TM=>(Quarantine-2)


Infected with: Trojan.Exploit.Vbs.Phel.A

C:\Program Files\Norton AntiVirus\Quarantine\134D66DB.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\134D66DB.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\188C0E74=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\188C0E74=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\188C0E74=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1AED44BA.0=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\1AED44BA.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1AED44BA.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\1D300E4B.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\1D300E4B.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\1D300E4B.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\212F2B5C=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\212F2B5C=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\212F2B5C=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\21E6469C.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Adload.A

C:\Program Files\Norton AntiVirus\Quarantine\21E6469C.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\21E6469C.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\24035674.0=>(Quarantine-2)


Infected with: Trojan.Dialer.EE

C:\Program Files\Norton AntiVirus\Quarantine\24035674.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\24035674.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\2E5276B0.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\2E5276B0.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\2E5276B0.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>BlackBox.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>BlackBox.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>BlackBox.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>VerifierBug.class


Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>VerifierBug.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>VerifierBug.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Dummy.class


Infected with: Java.Trojan.Exploit.Bytverify

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Dummy.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Dummy.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Beyond.class


Infected with: Java.Trojan.Exploit.Bytverify.C

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Beyond.class


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)=>Beyond.class


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip=>(Quarantine-2)


Updated

C:\Program Files\Norton AntiVirus\Quarantine\32034BF7.zip


Update failed

C:\Program Files\Norton AntiVirus\Quarantine\36ED7B0D.0TM=>(Quarantine-2)


Infected with: Exploit.Phel.Gen

C:\Program Files\Norton AntiVirus\Quarantine\36ED7B0D.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\36ED7B0D.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\38035295.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\38035295.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\38035295.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\39CA0586.0TM=>(Quarantine-2)


Infected with: Exploit.Phel.Gen

C:\Program Files\Norton AntiVirus\Quarantine\39CA0586.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\39CA0586.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\39D0597F.0TM=>(Quarantine-2)


Infected with: Trojan.Htmlhelpcontrol.Exploit.A

C:\Program Files\Norton AntiVirus\Quarantine\39D0597F.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\39D0597F.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\43F64877.0TM=>(Quarantine-2)


Infected with: Trojan.Exploit.Html.MHT

C:\Program Files\Norton AntiVirus\Quarantine\43F64877.0TM=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\43F64877.0TM=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\44977A98.0=>(Quarantine-2)


Infected with: Trojan.Downloader.IstBar.JM

C:\Program Files\Norton AntiVirus\Quarantine\44977A98.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\470E1988=>(Quarantine-2)


Infected with: Trojan.Isbar.230

C:\Program Files\Norton AntiVirus\Quarantine\470E1988=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\470E1988=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\494E7FFE=>(Quarantine-2)


Infected with: Trojan.Dldr.Apropo.R

C:\Program Files\Norton AntiVirus\Quarantine\494E7FFE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\494E7FFE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\4F644720.htm=>(Quarantine-2)


Infected with: Exploit.Html.MhtRedir.Gen

C:\Program Files\Norton AntiVirus\Quarantine\4F644720.htm=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\4F644720.htm=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5007588C.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\5007588C.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5007588C.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\50273696=>(Quarantine-2)


Detected with: Adware.POP.dl

C:\Program Files\Norton AntiVirus\Quarantine\50273696=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\50273696=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\56C44E01.0XE=>(Quarantine-2)


Infected with: Win32.Worm.Alcan.A

C:\Program Files\Norton AntiVirus\Quarantine\56C44E01.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\56C44E01.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5C1D689C=>(Quarantine-2)


Infected with: Trojan.Downloader.Apropo.G

C:\Program Files\Norton AntiVirus\Quarantine\5C1D689C=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5C1D689C=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\5F75574C.0XE=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\Program Files\Norton AntiVirus\Quarantine\5F75574C.0XE=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\5F75574C.0XE=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\645D1C12.0=>(Quarantine-2)


Infected with: Trojan.Dialer.EE

C:\Program Files\Norton AntiVirus\Quarantine\645D1C12.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\645D1C12.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\67AE249B.0=>(Quarantine-2)


Infected with: Trojan.Downloader.Agent.HW

C:\Program Files\Norton AntiVirus\Quarantine\67AE249B.0=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\67AE249B.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\733E609A.0=>(Quarantine-2)


Infected with: Trojan.Downloader.IstBar.IJ

C:\Program Files\Norton AntiVirus\Quarantine\733E609A.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\744E330B.0=>(Quarantine-2)


Infected with: Trojan.Dialer.AY2

C:\Program Files\Norton AntiVirus\Quarantine\744E330B.0=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7B196282=>(Quarantine-2)


Infected with: Trojan.Dloader.HK

C:\Program Files\Norton AntiVirus\Quarantine\7B196282=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7B196282=>(Quarantine-2)


Deleted

C:\Program Files\Norton AntiVirus\Quarantine\7ECE1C98=>(Quarantine-2)


Infected with: Trojan.Dloader.HK

C:\Program Files\Norton AntiVirus\Quarantine\7ECE1C98=>(Quarantine-2)


Disinfection failed

C:\Program Files\Norton AntiVirus\Quarantine\7ECE1C98=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000247.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000247.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000247.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000248.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000248.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000248.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000249.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000249.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000249.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000250.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000250.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000250.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000251.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000251.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000251.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000252.exe=>(Quarantine-2)


Infected with: Win32.Worm.Alcan.A

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000252.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000252.exe=>(Quarantine-2)


Deleted

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000253.exe=>(Quarantine-2)


Infected with: Win32.Vb.AN@mm

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000253.exe=>(Quarantine-2)


Disinfection failed

C:\System Volume Information\_restore{300AC8FB-108B-4230-8770-6C26964E0994}\RP3\A0000253.exe=>(Quarantine-2)


Deleted

#12 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 07 July 2006 - 08:10 PM

Id there anything else below the C:\System Volume Information\_restore entries from the Bit Defender report?

Download ComboFix to your desktop.
Doubleclick combo.exe
Follow the prompts.
Don't click on the window while the fix is running, because that will cause your system to hang.

When finished and after reboot, it should open a log, combofix.txt.

Post the contents of combofix.txt into the next reply.

#13 Pumpkins

Pumpkins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 08 July 2006 - 11:55 AM

I just checked the log again and there was nothing after the __restore entries. Here is my Combofix.txt log:


Start Time= Sat 07/08/2006 12:40:57.09
Running from: C:\Documents and Settings\Andriod\Desktop

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-07-05 10:57:22 ( .D... ) "C:\Program Files\HijackThis"
2006-07-03 23:31:00 ( .D... ) "C:\Program Files\Easy CD-DA Extractor 9"
2006-07-03 15:34:16 ( .D... ) "C:\Program Files\AOL"
2006-05-25 01:22:06 53248 ( A.... ) "C:\WINDOWS\bdoscandel.exe"
2006-05-21 00:26:18 98324 ( A.... ) "C:\WINDOWS\system32\wuseewdc.dll"
2006-05-16 16:23:56 339968 ( ..... ) "C:\WINDOWS\system32\pxwave.dll"
2006-05-16 16:23:56 28672 ( ..... ) "C:\WINDOWS\system32\vxblock.dll"
2006-05-16 16:23:54 1257472 ( ..... ) "C:\WINDOWS\system32\pxsfs.dll"
2006-05-16 16:23:54 450560 ( ..... ) "C:\WINDOWS\system32\pxdrv.dll"
2006-05-16 16:23:54 430080 ( ..... ) "C:\WINDOWS\system32\px.dll"
2006-05-16 16:23:54 176128 ( ..... ) "C:\WINDOWS\system32\pxmas.dll"
2006-05-16 16:23:54 61440 ( ..... ) "C:\WINDOWS\system32\pxhpinst.exe"
2006-05-16 16:23:54 57344 ( ..... ) "C:\WINDOWS\system32\pxcpya64.exe"
2006-05-16 16:23:54 56832 ( ..... ) "C:\WINDOWS\system32\pxinsa64.exe"
2006-05-09 13:56:48 8057 ( A.... ) "C:\Program Files\Warez P2P ClientIPGUARD.LOG"
2006-04-27 17:49:30 288417 ( A.... ) "C:\WINDOWS\system32\SrchSTS.exe"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-07 17:47 266,391,552 C:\hiberfil.sys
2006-07-06 19:29 53,248 C:\WINDOWS\system32\Process.exe
2006-07-06 19:29 42,496 C:\WINDOWS\system32\swreg.exe
2006-07-06 19:29 40,960 C:\WINDOWS\system32\swsc.exe
2006-07-06 19:29 288,417 C:\WINDOWS\system32\SrchSTS.exe
2006-07-05 11:19 1,257,472 C:\WINDOWS\system32\pxsfs.dll
2006-05-25 01:22 53,248 C:\WINDOWS\bdoscandel.exe


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"ccApp"="\"C:\\Program Files\\Common Files\\Symantec Shared\\ccApp.exe\""
"bcmwltry"="bcmwltry.exe"
"removecpl"="RemoveCpl.exe"
"Symantec NetDriver Monitor"="C:\\PROGRA~1\\SYMNET~1\\SNDMon.exe /Consumer"
"SSC_UserPrompt"="C:\\Program Files\\Common Files\\Symantec Shared\\Security Center\\UsrPrmpt.exe"
"ViewMgr"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"RealTray"="C:\\Program Files\\Real\\RealPlayer\\RealPlay.exe SYSTEMBOOTHIDEPLAYER"
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_01\\bin\\jusched.exe"
"DXM6Patch_981116"="C:\\WINDOWS\\p_981116.exe /Q:A"
"WinampAgent"="C:\\Program Files\\Winamp\\winampa.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"AIM"="C:\\Program Files\\aim\\aim.exe -cnetwait.odl"
"Yahoo! Pager"="\"C:\\Program Files\\Yahoo!\\Messenger\\ypager.exe\" -quiet"
"STYLEXP"="C:\\Program Files\\TGTSoft\\StyleXP\\StyleXP.exe -Hide"
"ares"="\"C:\\Program Files\\Ares\\Ares.exe\" -h"
"Microsoft Works Update Detection"="c:\\Program Files\\Microsoft Works\\WkDetect.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"MoneyAgent"="\"C:\\Program Files\\Microsoft Money\\System\\mnyexpr.exe\""

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"CDRAutoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{54D9498B-CF93-414F-8984-8CE7FDE0D391}"="ewido shell guard"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\New.net Startup]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NEWDOT~2"
"hkey"="HKLM"
"command"="rundll32 C:\\PROGRA~1\\NEWDOT~1\\NEWDOT~2.DLL,ClientStartup -s"
"inimapping"="0"



Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Norton AntiVirus - Scan my computer.job
C:\WINDOWS\tasks\Symantec NetDetect.job

Completion time: Sat 07/08/2006 12:42:25.90
ComboFix ver 06.07.07 - This logfile is located at C:\ComboFix.txt

#14 Guest_Cretemonster_*

Guest_Cretemonster_*

  • Guests
  • OFFLINE
  •  

Posted 09 July 2006 - 07:11 AM

I need you to get the file below scanned please.

C:\WINDOWS\system32\wuseewdc.dll

Have it scanned Here

If anything returns it as "infected" or "Suspicious" please copy the results to notepad and save them somewhere safe.

Post the results in the next reply.


Please post an uninstall list,
  • Start HijackThis
  • Click on the Config button
  • Click on the Misc Tools button
  • Click on the Open Uninstall Manager button.
  • Click on the Save list... button and specify where you would like to save this file.
  • When you press Save button a notepad will open with the contents of that file.
  • Simply copy and paste the contents of that notepad into this topic please.


#15 Pumpkins

Pumpkins
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  

Posted 09 July 2006 - 02:41 PM

This is from the online scan: thank you so much for helping me out with this.


Posted Image




And here is from the Hijackthis thing:


Ad-Aware SE Personal
Adobe Acrobat 5.0
Adobe Photoshop 7.0
AIM+ (remove only)
American McGee's Alice™
AOL Instant Messenger
ASIO4ALL v2
Belkin Wireless Setup utility
BigFix
BitTornado 0.3.14
CC_ccStart
ccCommon
CDBurnerXP Pro 3
CompuServe
Conexant SoftK56 Modem(M)
Cucusoft MPEG/MOV/RM/AVI to DVD/VCD/SVCD/MPEG Converter Pro 6.2
Easy CD-DA Extractor 9.1.3
eMule
ewido anti-malware
HijackThis 1.99.1
ICQ
iMeshBar
Intel® Extreme Graphics Driver
J2SE Runtime Environment 5.0 Update 1
Java 2 Runtime Environment Standard Edition v1.3.1
Java 2 Runtime Environment Standard Edition v1.3.1_02
Learn2 Player (Uninstall Only)
Lexmark Photo Center
Lexmark Z700-P700 Series
LimeWire 4.9.30
LiveReg (Symantec Corporation)
LiveUpdate 2.6 (Symantec Corporation)
Logitech Desktop Messenger
Logitech IM Video Companion
Macromedia Flash Player 8
Microsoft NetShow Tools 2.0
Microsoft Office XP Media Content
Microsoft Works 6.0
Mozilla Firefox (1.5.0.4)
MSN Messenger 7.5
MSRedist
Netscape 6 (6.2.1)
Norton AntiVirus 2004
Norton AntiVirus 2004 (Symantec Corporation)
Norton AntiVirus Parent MSI
Norton WMI Update
PowerDVD
QuickSearch Toolbar
QuickTime
RealPlayer Basic
Realtek AC'97 Audio
RTC Client API v1.2
Security Task Manager 1.6f
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896426)
Security Update for Windows XP (KB896428)
StyleXP (remove only)
Symantec Script Blocking Installer
SymNet
Themexp.org File
Update for Windows XP (KB898461)
VideoLAN VLC media player 0.8.4a
Viewpoint Manager (Remove Only)
Viewpoint Media Player
Viewpoint Toolbar (Remove Only)
Winamp (remove only)
Windows Backup Utility
Windows Installer 3.1 (KB893803)
Windows Media Format Runtime
Windows Media Player 9 Hotfix [See KB885492 for more information]
Windows XP Hotfix - KB828741
Windows XP Hotfix - KB835732
Windows XP Hotfix - KB842773
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB883939
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Hotfix - KB897715
WinPcap 3.1 beta3
WinRAR archiver
Yahoo! Messenger
Yahoo! Toolbar




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users