View Full Version : Avast detects LOP Virus
Greetings.
LOP will not die for me even after a safemode scan with Spy Bot and Avast. I have included the Hijack This log.
Logfile of HijackThis v1.97.3
Scan saved at 9:10:21 PM, on 10/23/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\RAYSWNNT\System32\smss.exe
C:\RAYSWNNT\system32\winlogon.exe
C:\RAYSWNNT\system32\services.exe
C:\RAYSWNNT\system32\lsass.exe
C:\RAYSWNNT\system32\svchost.exe
C:\RAYSWNNT\System32\WBEM\WinMgmt.exe
C:\RAYSWNNT\Explorer.EXE
C:\Documents and Settings\ray\Desktop\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\ray\Application Data\Mozilla\Profiles\default\6j8q9579.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\ray\Application Data\Mozilla\Profiles\default\6j8q9579.slt\prefs.js)
O2 - BHO: (no name) - {2ADB55AF-BF93-4DD6-A6B5-FDECBE58C8B7} - C:\RAYSWNNT\system32\npqhphts.dll
O2 - BHO: (no name) - {478099F5-ADF4-4DCC-87D6-D1D8A6BE3D6F} - C:\RAYSWNNT\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\RAYSWNNT\system32\wvotftvg.dll (file missing)
O2 - BHO: (no name) - {8AB88754-ABFF-4BDA-96D6-3315DE507C73} - C:\RAYSWNNT\system32\ddcya.dll (file missing)
O2 - BHO: (no name) - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: (no name) - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive2.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CA4C7E76-3223-4C40-82E8-56D58200C609} - C:\RAYSWNNT\system32\npqhphts.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\RAYSWNNT\system32\fccayvv.dll
O2 - BHO: (no name) - {EDB60D82-553E-4F33-9F76-0EF3699BDFE9} - C:\RAYSWNNT\system32\blackbo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\RAYSWNNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\RAYSWNNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [l6] C:\documents and settings\ray\local settings\temp\l6.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\RAYSWNNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\RAYSWNNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{51-13-30-0F-ZN}] C:\rayswnnt\system32\modsregs.exe CHD003
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\RAYSWNNT\system32\pndrkaof.dll",sitypnow
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [ISMModule7] "C:\Program Files\ISM\ISMModule7.exe"
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: FlashGet (HKLM)
O9 - Extra 'Tools' menuitem: &FlashGet (HKLM)
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {0000000A-0000-0010-8000-00AA00389B71} - http://download.microsoft.com/download/d/4/4/d446e8a9-3a86-4b59-bb19-f5bd11b40367/wmavax.CAB
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} (Microsoft Office Template and Media Control) - http://office.microsoft.com/templates/ieawsdc.cab
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} (QuickTime Object) - http://www.apple.com/qtactivex/qtplugin.cab
O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} (Eyeball Video Message Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} (Shockwave ActiveX Control) - http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} - http://download.microsoft.com/download/0/A/9/0A9F8B32-9F8C-4D74-A130-E4CAB36EB01F/wmvadvd.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1489a12178a46738d417/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} - http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?38120.7023726852
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab
Wednesday, October 24, 2007 5:34:56 AM
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 24/10/2007
Kaspersky Anti-Virus database records: 443567
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 90645
Number of viruses found 25
Number of infected objects 73
Number of suspicious objects 2
Duration of the scan process 02:00:49
Infected Object Name Virus Name Last Action
C:\6D.tmp/stream/data0002 Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\6D.tmp/stream/data0003 Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\6D.tmp/stream/data0004 Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\6D.tmp/stream Infected: not-a-virus:AdWare.Win32.Agent.br skipped
C:\6D.tmp NSIS: infected - 4 skipped
C:\Documents and Settings\All Users.RAYSWNNT\Application Data\AVG7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users.RAYSWNNT\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users.RAYSWNNT\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users.RAYSWNNT\Application Data\Spybot - Search & Destroy\Recovery\XupiterOrbitExplorer3.zip/OELoader.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users.RAYSWNNT\Application Data\Spybot - Search & Destroy\Recovery\XupiterOrbitExplorer3.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Default User.RAYSWNNT\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Default User.RAYSWNNT\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Default User.RAYSWNNT\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\cert8.db Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\flashgot.log Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\history.dat Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\key3.db Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\parent.lock Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\search.sqlite Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\ray\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\webappsstore.sqlite Object is locked skipped
C:\Documents and Settings\ray\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Application Data\Mozilla\Firefox\Profiles\99sx2f01.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\ray\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temp\Outerinfo-1281.exe/data0004/data0002 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Documents and Settings\ray\Local Settings\Temp\Outerinfo-1281.exe/data0004 Infected: not-a-virus:AdWare.Win32.PurityScan.fk skipped
C:\Documents and Settings\ray\Local Settings\Temp\Outerinfo-1281.exe NSIS: infected - 2 skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\EVGF6BKD\CA05AZ8H Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\EVGF6BKD\CA0TJUB5 Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\EVGF6BKD\CAKT2RGT Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\EVGF6BKD\CAM58F4J Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\EVGF6BKD\CAXC43X9 Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\K9G7WFE9\CA7LLNDZ Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\K9G7WFE9\CAAVST4D Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\K9G7WFE9\CARARA75 Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\QXU14TA9\CA37L94A Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\QXU14TA9\CAA9GXGG Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\QXU14TA9\CAS8S9CN Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\QXU14TA9\CASHIJ4D Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\QXU14TA9\CAVM9C9V Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\QXU14TA9\CAWX6B8H Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\UH0XCXWJ\CA8VEHIL Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\UH0XCXWJ\CAFEAT73 Object is locked skipped
C:\Documents and Settings\ray\Local Settings\Temporary Internet Files\Content.IE5\UH0XCXWJ\CAIFSPQZ Object is locked skipped
C:\Documents and Settings\ray\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\ray\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\Ray Packard\Local Settings\Temporary Internet Files\Content.IE5\YZWXCNON\crazypjava[1].html Infected: Trojan-Clicker.JS.Agent.a skipped
C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db Object is locked skipped
C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log Object is locked skipped
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{EDAAD2EE-EEB5-4EC6-94AE-8A4D014EB594}\{1E7E15D3-6685-42CB-9FE5-3F53F1A5FBEB}.tmp/{1E7E15D3-6685-42CB-9FE5-3F53F1A5FBEB}.tmp Infected: Email-Worm.Win32.Bagle.ct skipped
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{EDAAD2EE-EEB5-4EC6-94AE-8A4D014EB594}\{1E7E15D3-6685-42CB-9FE5-3F53F1A5FBEB}.tmp ZIP: infected - 1 skipped
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{EDAAD2EE-EEB5-4EC6-94AE-8A4D014EB594}\{21D18C15-791B-42C2-9B1E-B3FB4C436717}.com/{21D18C15-791B-42C2-9B1E-B3FB4C436717}.com Infected: not-a-virus:AdWare.Win32.AdURL.c skipped
C:\Program Files\iolo\System Mechanic 6\Undo\Manual\{EDAAD2EE-EEB5-4EC6-94AE-8A4D014EB594}\{21D18C15-791B-42C2-9B1E-B3FB4C436717}.com ZIP: infected - 1 skipped
C:\Program Files\ISM\archupd.exe/stream/data0001 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\Program Files\ISM\archupd.exe/stream Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\Program Files\ISM\archupd.exe NSIS: infected - 2 skipped
C:\Program Files\ISM\BndDrive.dll Infected: not-a-virus:AdWare.Win32.Agent.ay skipped
C:\Program Files\ISM\BndDrive6.dll Infected: not-a-virus:AdWare.Win32.AdBand.b skipped
C:\Program Files\ISM\bndloader.exe Infected: not-a-virus:Downloader.Win32.Agent.q skipped
C:\Program Files\ISM\syncupd.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.jn skipped
C:\Program Files\ISM\syncupd.exe NSIS: infected - 1 skipped
C:\Program Files\ISM\synupd.exe/stream/data0002 Infected: not-a-virus:AdWare.Win32.AdBand.b skipped
C:\Program Files\ISM\synupd.exe/stream Infected: not-a-virus:AdWare.Win32.AdBand.b skipped
C:\Program Files\ISM\synupd.exe NSIS: infected - 2 skipped
C:\Program Files\ISM2\cringupd.exe/data0002 Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\Program Files\ISM2\cringupd.exe NSIS: infected - 1 skipped
C:\Program Files\ISM2\ISMPack7.exe Infected: not-a-virus:AdWare.Win32.Agent.qi skipped
C:\Program Files\Microsoft AntiSpyware\Quarantine\7B970205-E716-4258-8A86-364995\4F2FBD6A-5FA1-4243-9D41-55C37D Infected: not-a-virus:AdWare.Win32.IWon skipped
C:\RAYSWNNT\CSC\00000001 Object is locked skipped
C:\RAYSWNNT\Debug\ipsecpa.log Object is locked skipped
C:\RAYSWNNT\Debug\oakley.log Object is locked skipped
C:\RAYSWNNT\Debug\PASSWD.LOG Object is locked skipped
C:\RAYSWNNT\Downloaded Program Files\button.inf Infected: not-a-virus:AdWare.Win32.BetterInternet.be skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.1\HDPlugin1018.dll Infected: not-a-virus:AdWare.Win32.Gator.1018 skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.1\HDPlugin1019.dll Infected: not-a-virus:AdWare.Win32.Gator.1019 skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.1\HDPlugin1101.dll Infected: not-a-virus:AdWare.Win32.Gator.1101 skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.1\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.1\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.2\HDPlugin1014.dll Infected: not-a-virus:AdWare.Win32.Gator.1015 skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.2\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.3\HDPlugin1018.dll Infected: not-a-virus:AdWare.Win32.Gator.1018 skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.3\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.4\HDPlugin1018.dll Infected: not-a-virus:AdWare.Win32.Gator.1018 skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.5\HDPlugin1018.dll Infected: not-a-virus:AdWare.Win32.Gator.1018 skipped
C:\RAYSWNNT\Downloaded Program Files\CONFLICT.6\HDPlugin1018.dll Infected: not-a-virus:AdWare.Win32.Gator.1018 skipped
C:\RAYSWNNT\Downloaded Program Files\popcaploader.dll Infected: not-a-virus:Downloader.Win32.PopCap.a skipped
C:\RAYSWNNT\Downloaded Program Files\UERS_9999_N91S1502NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RAYSWNNT\Downloaded Program Files\UWA7P_0001_N91M0809NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RAYSWNNT\Downloaded Program Files\WinAntiSpyware2007FreeInstall.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\RAYSWNNT\Internet Logs\fwdbglog.txt Object is locked skipped
C:\RAYSWNNT\Internet Logs\fwpktlog.txt Object is locked skipped
C:\RAYSWNNT\Internet Logs\IAMDB.RDB Object is locked skipped
C:\RAYSWNNT\Internet Logs\RAY-I93OD8JJ7HM.ldb Object is locked skipped
C:\RAYSWNNT\Internet Logs\tvDebug.log Object is locked skipped
C:\RAYSWNNT\SchedLgU.Txt Object is locked skipped
C:\RAYSWNNT\SoftwareDistribution\EventCache\{59EAAA8D-593C-4B55-B26E-4710E7B1F6C0}.bin Object is locked skipped
C:\RAYSWNNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\RAYSWNNT\Sti_Trace.log Object is locked skipped
C:\RAYSWNNT\system32\awvvt.dll Object is locked skipped
C:\RAYSWNNT\system32\bosypccj.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\bqtbkxuk.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\config\Antivirus.Evt Object is locked skipped
C:\RAYSWNNT\system32\config\AppEvent.Evt Object is locked skipped
C:\RAYSWNNT\system32\config\default Object is locked skipped
C:\RAYSWNNT\system32\config\default.LOG Object is locked skipped
C:\RAYSWNNT\system32\config\SAM Object is locked skipped
C:\RAYSWNNT\system32\config\SAM.LOG Object is locked skipped
C:\RAYSWNNT\system32\config\SecEvent.Evt Object is locked skipped
C:\RAYSWNNT\system32\config\SECURITY Object is locked skipped
C:\RAYSWNNT\system32\config\SECURITY.LOG Object is locked skipped
C:\RAYSWNNT\system32\config\software Object is locked skipped
C:\RAYSWNNT\system32\config\software.LOG Object is locked skipped
C:\RAYSWNNT\system32\config\SysEvent.Evt Object is locked skipped
C:\RAYSWNNT\system32\config\system Object is locked skipped
C:\RAYSWNNT\system32\config\SYSTEM.ALT Object is locked skipped
C:\RAYSWNNT\system32\ddaby.dll Object is locked skipped
C:\RAYSWNNT\system32\drivers\lnkafawj.sys Infected: Trojan.Win32.BHO.gy skipped
C:\RAYSWNNT\system32\drivers\tjdplcgf.sys Infected: Trojan.Win32.BHO.gy skipped
C:\RAYSWNNT\system32\ejbtbhqv.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\fccayvv.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.jp skipped
C:\RAYSWNNT\system32\fpvmhyoq.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\gebcy.dll Object is locked skipped
C:\RAYSWNNT\system32\gebyy.dll Object is locked skipped
C:\RAYSWNNT\system32\geebb.dll Object is locked skipped
C:\RAYSWNNT\system32\gydvmqvm.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\iuaxkkiy.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\jkhhh.dll Object is locked skipped
C:\RAYSWNNT\system32\kxmaoscs.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\lakpbhkn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\lqijgndc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\modsregs.exe Infected: not-a-virus:AdWare.Win32.ZenoSearch.o skipped
C:\RAYSWNNT\system32\npqhphts.dll Infected: not-a-virus:AdWare.Win32.BHO.hg skipped
C:\RAYSWNNT\system32\oeuwaesu.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\opgpprxp.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\Perflib_Perfdata_27c.dat Object is locked skipped
C:\RAYSWNNT\system32\pmkhg.dll Object is locked skipped
C:\RAYSWNNT\system32\qemvryqn.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\rqvucglq.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\seqhspbp.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\ssqpp.dll Object is locked skipped
C:\RAYSWNNT\system32\ssttr.dll Object is locked skipped
C:\RAYSWNNT\system32\ssttt.dll Object is locked skipped
C:\RAYSWNNT\system32\tbdsnlfd.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\tuaubjqc.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\twhtbavm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\vskvjgog.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\vwolxobh.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\wiiymjks.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\wtbtnhgk.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\system32\yhwdcbtm.exe Infected: Trojan.Win32.Agent.bck skipped
C:\RAYSWNNT\system32\ymlkplmt.exe Infected: Trojan.Win32.Agent.aoy skipped
C:\RAYSWNNT\Temp\ZLT05115.TMP Object is locked skipped
C:\RAYSWNNT\Temp\ZLT05154.TMP Object is locked skipped
C:\RAYSWNNT\WindowsUpdate.log Object is locked skipped
Scan process completed.
Hello REDGYM and welcome to the Forums :)
You're infected and using an old version of HijackTHis.
Please remove any old versions of HijacKThis.
Download HJTInstall.exe (http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe) to your Desktop.
Doubleclick HJTInstall.exe to install it.
By default it will install to C:\Program Files\Trend Micro\HijackThis .
Click on Install.
It will create a HijackThis icon on the desktop.
Once installed, it will launch Hijackthis.
Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
Copy/Paste the log to your next reply please.
Don't use the Analyse This button, its findings are dangerous if misinterpreted.
DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.
Thanks Mr_Jak3 for the reply - much appreciated!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 6:31:37 AM, on 10/30/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal
Running processes:
C:\RAYSWNNT\System32\smss.exe
C:\RAYSWNNT\system32\winlogon.exe
C:\RAYSWNNT\system32\services.exe
C:\RAYSWNNT\system32\lsass.exe
C:\RAYSWNNT\system32\svchost.exe
C:\RAYSWNNT\system32\LEXBCES.EXE
C:\RAYSWNNT\system32\spoolsv.exe
C:\RAYSWNNT\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\RAYSWNNT\System32\svchost.exe
C:\RAYSWNNT\system32\nvsvc32.exe
C:\RAYSWNNT\System32\setver32.exe
C:\RAYSWNNT\system32\MSTask.exe
C:\RAYSWNNT\system32\stisvc.exe
C:\RAYSWNNT\System32\WBEM\WinMgmt.exe
C:\RAYSWNNT\system32\svchost.exe
C:\RAYSWNNT\SOUNDMAN.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\RAYSWNNT\System32\LXSUPMON.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\RAYSWNNT\system32\kmw_run.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\RAYSWNNT\system32\KMW_SHOW.EXE
C:\RAYSWNNT\system32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\RAYSWNNT\system32\ZoneLabs\vsmon.exe
C:\Program Files\Decal 3.0\DenAgent.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\FlashGet\flashget.exe
C:\RAYSWNNT\system32\wuauclt.exe
C:\RAYSWNNT\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Mozilla Firefox\firefox.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cnn.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:81
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R3 - Default URLSearchHook is missing
N3 - Netscape 7: user_pref("browser.startup.homepage", "http://home.netscape.com/bookmark/7_1/home.html"); (C:\Documents and Settings\RAY\Application Data\Mozilla\Profiles\default\6j8q9579.slt\prefs.js)
N3 - Netscape 7: user_pref("browser.search.defaultengine", "engine://C%3A%5CPROGRA%7E1%5CNETSCAPE%5CNETSCAPE%5Csearchplugins%5CSBWeb_01.src"); (C:\Documents and Settings\RAY\Application Data\Mozilla\Profiles\default\6j8q9579.slt\prefs.js)
O2 - BHO: (no name) - {194B482A-809E-4EFA-9FEF-706493F07C8E} - C:\RAYSWNNT\system32\ssqpm.dll (file missing)
O2 - BHO: (no name) - {2ADB55AF-BF93-4DD6-A6B5-FDECBE58C8B7} - C:\RAYSWNNT\system32\npqhphts.dll
O2 - BHO: (no name) - {478099F5-ADF4-4DCC-87D6-D1D8A6BE3D6F} - C:\RAYSWNNT\system32\pmnll.dll (file missing)
O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\RAYSWNNT\system32\wvotftvg.dll (file missing)
O2 - BHO: (no name) - {8AB88754-ABFF-4BDA-96D6-3315DE507C73} - C:\RAYSWNNT\system32\ddcya.dll (file missing)
O2 - BHO: BndShell3 BHO Class - {8ABA9A9C-8791-4d61-8D5B-BCC9448EA573} - C:\Program Files\ISM\BndDrive7.dll (file missing)
O2 - BHO: BndDrive2 BHO Class - {8B27CC68-110C-46a9-80D3-F3107DE6EB98} - C:\Program Files\ISM\BndDrive2.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {CA4C7E76-3223-4C40-82E8-56D58200C609} - C:\RAYSWNNT\system32\npqhphts.dll
O2 - BHO: (no name) - {DC192567-65F9-4AB6-ADB7-E13575F81726} - C:\RAYSWNNT\system32\fccayvv.dll
O2 - BHO: (no name) - {EDB60D82-553E-4F33-9F76-0EF3699BDFE9} - C:\RAYSWNNT\system32\blackbo.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\RAYSWNNT\System32\msdxm.ocx
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXSUPMON] C:\RAYSWNNT\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [STOPzilla] "C:\Program Files\STOPzilla!\Stopzilla.exe" /autorun
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [l6] C:\documents and settings\ray\local settings\temp\l6.exe
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\RAYSWNNT\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\RAYSWNNT\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [{51-13-30-0F-ZN}] C:\rayswnnt\system32\modsregs.exe CHD003
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SearchIndexer] rundll32.exe "C:\RAYSWNNT\system32\pndrkaof.dll",sitypnow
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKCU\..\Run: [ProxyWay] C:\Program Files\ProxyWay\proxyway.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ISMPack6] "C:\Program Files\ISM2\ISMPack6.exe"
O4 - HKCU\..\Run: [ISMModule7] "C:\Program Files\ISM\ISMModule7.exe"
O4 - HKCU\..\Run: [ISMPack7] "C:\Program Files\ISM2\ISMPack7.exe"
O4 - HKUS\.DEFAULT\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background (User 'Default user')
O4 - HKUS\.DEFAULT\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [^SetupICWDesktop] (User 'Default user')
O4 - Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O4 - Startup: Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PC Alert 4.lnk = C:\Program Files\MSI\PC Alert 4\PCAlert4.exe
O8 - Extra context menu item: &Dictionary - http://www.ezreference.com/_/ie-com-p3.htm
O8 - Extra context menu item: &Encyclopedia - http://www.ezreference.com/_/ie-com-e-p3.htm
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Download All by FlashGet - C:\Program Files\FlashGet\jc_all.htm
O8 - Extra context menu item: Download using FlashGet - C:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - C:\PROGRA~1\FlashGet\flashget.exe
O12 - Plugin for .pdf: C:\Program Files\Internet Explorer\PLUGINS\nppdf32.dll
O16 - DPF: axscanner - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: axscannerruntime - http://www.pestscan.com/scanner/axscannerruntime.cab
O16 - DPF: ConferenceRoom Java Client - http://irc.theamateurchat.com/java/cr.cab
O16 - DPF: mscomctl - http://www.pestscan.com/scanner/mscomctl.cab
O16 - DPF: msvcp71 - http://download.pestpatrol.com/Downloads/Components/msvcp71.cab
O16 - DPF: msvcr71 - http://download.pestpatrol.com/Downloads/Components/msvcr71.cab
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potc_x.cab
O16 - DPF: {00000000-0000-0000-0000-000020030000} - http://www.celebritaspoglie.net/all.exe
O16 - DPF: {02CA9974-B6AC-497E-A371-73580432B0F6} (Eyeball Video Message Control) - http://imlive.com/ChatSource/gVideoContol.cab
O16 - DPF: {05D44720-58E3-49E6-BDF6-D00330E511D3} (StagingUI Object) - http://zone.msn.com/binFrameWork/v10/StagingUI.cab46479.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {12589FA1-C456-11CE-BF01-10AA1055595A} - http://www.wsel.net/imcupdatefiles/whistlesilent610.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {3A7FE611-1994-4EF1-A09F-99456752289D} - http://zone.msn.com/bingame/trbo/default/ActiveLauncher.cab
O16 - DPF: {3BB54395-5982-4788-8AF4-B5388FFDD0D8} (ZoneBuddy Class) - http://zone.msn.com/BinFrameWork/v10/ZBuddy.cab32846.cab
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://207.188.7.150/1489a12178a46738d417/netzip/RdxIE2.cab
O16 - DPF: {5736C456-EA94-4AAC-BB08-917ABDD035B3} (ZonePAChat Object) - http://zone.msn.com/binframework/v10/ZPAChat.cab32846.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20031216/qtinstall.info.apple.com/mickey/us/win/QuickTimeInstaller.exe
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://a840.g.akamai.net/7/840/537/2004061001/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {75D1F3B2-2A21-11D7-97B9-0010DC2A6243} (SecureLogin.SecureControl) - http://secure2.comned.com/signuptemplates/ActiveSecurity.cab
O16 - DPF: {95B5D20C-BD31-4489-8ABF-F8C8BE748463} (ZPA_HRTZ Object) - http://zone.msn.com/bingame/zpagames/zpa_hrtz.cab40641.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://zone.msn.com/binFramework/v10/ZIntro.cab34246.cab
O16 - DPF: {B942A249-D1E7-4C11-98AE-FCB76B08747F} (RealArcadeRdxIE Class) - http://games-dl.real.com/gameconsole/Bundler/CAB/RealArcadeRdxIE.cab
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CAC181B0-4D70-402D-B571-C596A47D0CE0} (CBankshotZoneCtrl Class) - http://zone.msn.com/bingame/zpagames/zpa_pool.cab42858.cab
O16 - DPF: {D77EF652-9A6B-40C8-A4B9-1C0697C6CF41} (TikGames Online Control) - http://zone.msn.com/bingame/gold/default/gf.cab
O16 - DPF: {DA2AA6CF-5C7A-4B71-BC3B-C771BB369937} (StadiumProxy Class) - http://zone.msn.com/binframework/v10/StProxy.cab41227.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://zone.msn.com/bingame/zuma/default/popcaploader_v5.cab
O16 - DPF: {E5D419D6-A846-4514-9FAD-97E826C84822} (HeartbeatCtl Class) - http://fdl.msn.com/zone/datafiles/heartbeat.cab
O16 - DPF: {FA13A9FA-CA9B-11D2-9780-00104B242EA3} - http://www.wildtangent.com/install/wdriver/racing/dodgespeedway/microsoft/wtinst.cab
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O20 - Winlogon Notify: ddcya - C:\RAYSWNNT\system32\ddcya.dll (file missing)
O20 - Winlogon Notify: fccayvv - C:\RAYSWNNT\SYSTEM32\fccayvv.dll
O20 - Winlogon Notify: MCD - C:\RAYSWNNT\
O20 - Winlogon Notify: pmnll - C:\RAYSWNNT\system32\pmnll.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\RAYSWNNT\System32\dmadmin.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\RAYSWNNT\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\RAYSWNNT\system32\nvsvc32.exe
O23 - Service: Remote Procedure Call (RPC) Manager (RpcMgr) - Unknown owner - C:\RAYSWNNT\System32\setver32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\RAYSWNNT\system32\ZoneLabs\vsmon.exe
--
End of file - 14460 bytes
Hello :)
One or more of the identified infections is a backdoor trojan :sick:
This allows hackers to remotely control your computer, steal critical system information and Download and Execute files
I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.
Though the infection has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? (http://www.dslreports.com/faq/10451)
When Should I Format, How Should I Reinstall (http://www.dslreports.com/faq/10063)
I can help you in the cleaning if you don't want to reformat but there is a possibility that we can't get you 100% clean.
Please let us know what you have decided to do in your next post:bigthumb:
Took your advice and reformatted the HHD Mr_Jak3. Thanks for the assistance.
Hi :)
I'll respect your decision.
There are a couple of things you should do immediately after installing Windows and before surfing the net... Install an antivirus and firewall (you should download and have those on a CD or USB drive, all ready to be installed).
These are good (free) firewalls:
- Kerio (http://www.sunbelt-software.com/Kerio.cfm)
- Sygate (http://http://www.majorgeeks.com/download.php?det=3356)
- Outpost (http://www.majorgeeks.com/download.php?det=1056)
These are good (free) antiviruses:
- Antivir (http://www.free-av.com)
- Avast (http://www.avast.com)
- AVG (http://free.grisoft.com)
Get all Windows updates installed!
Please ask me if you have any questions :)
Then here are a few things that you can do in order to make your fresh computer more secure:
Use ATF Cleaner (http://www.atribune.org/ccount/click.php?id=1)
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use Ad-Aware (http://www.bleepingcomputer.com/forums/?showtutorial=48)
Download and install Ad-Aware. Update it and scan your computer regularly with it.
Use Ewido (http://www.ewido.net/en/)
Update it and scan your computer regularly with it.
Use Spybot S&D (http://www.bleepingcomputer.com/forums/?showtutorial=43)
Download and install Spybot S&D. Update it and scan your computer regularly with it.
Install SpywareBlaster (http://www.javacoolsoftware.com/spywareblaster.html)
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file (http://mvps.org/winhelp2002/hosts.htm)
This prevents your computer from connecting to harmful sites.
Use Firefox browser (http://www.mozilla.org)
Firefox is faster, safer and better browser than Internet Explorer.
Keep your systen up-to-date (http://windowsupdate.microsoft.com)
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Read this article by TonyKlein (http://castlecops.com/postlite7736-.html)
So how did I get infected in the first place?