TTough
2008-08-21, 22:32
Hi,here's the logfiles after following instructions from previous threads.Thanks for your time!
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:04, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lphc7hwj0evcv.exe
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pphc7hwj0evcv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: {83449d28-49b0-9478-d044-f9deda035742} - {247530ad-ed9f-440d-8749-0b9482d94438} - (no file)
O2 - BHO: (no name) - {3E3A2C68-CB56-475C-B625-7A8FBB0A61D0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7874156B-D451-4A05-AA9F-532C69A92A9F} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphc7hwj0evcv] C:\WINDOWS\system32\lphc7hwj0evcv.exe
O4 - HKLM\..\Run: [SMrhc3hwj0evcv] C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D050CFA-0964-496C-A1BF-2ED97BCB1722}: NameServer = 85.255.114.14,85.255.112.207
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274A979-1781-4298-B1F3-A786FFD9A9DB}: NameServer = 85.255.114.14,85.255.112.207
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcyaxw - ddcyaxw.dll (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)
O20 - Winlogon Notify: __c00BAEAF - C:\WINDOWS\system32\__c00BAEAF.dat (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 8047 bytes
Malwarebytes' Anti-Malware 1.25
Database version: 1076
Windows 5.1.2600 Service Pack 2
21:13:33 21/08/2008
mbam-log-08-21-2008 (21-13-22).txt
Scan type: Quick Scan
Objects scanned: 42204
Time elapsed: 3 minute(s), 13 second(s)
Memory Processes Infected: 4
Memory Modules Infected: 7
Registry Keys Infected: 23
Registry Values Infected: 7
Registry Data Items Infected: 20
Folders Infected: 13
Files Infected: 31
Memory Processes Infected:
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\lphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
Memory Modules Infected:
C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\blphc7hwj0evcv.scr (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00baeaf (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc3hwj0evcv (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc7hwj0evcv (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
Folders Infected:
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
C:\Program Files\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Packages (Rogue.Multiple) -> No action taken.
Files Infected:
C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\rhc3hwj0evcv\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\blphc7hwj0evcv.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phc7hwj0evcv.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> No action taken.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:04, on 21/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\sm56hlpr.exe
C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\system32\lphc7hwj0evcv.exe
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\pphc7hwj0evcv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\PROGRA~1\MESSEN~1\Msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
C:\Program Files\DNA\btdna.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
O2 - BHO: {83449d28-49b0-9478-d044-f9deda035742} - {247530ad-ed9f-440d-8749-0b9482d94438} - (no file)
O2 - BHO: (no name) - {3E3A2C68-CB56-475C-B625-7A8FBB0A61D0} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O2 - BHO: (no name) - {7874156B-D451-4A05-AA9F-532C69A92A9F} - (no file)
O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [lphc7hwj0evcv] C:\WINDOWS\system32\lphc7hwj0evcv.exe
O4 - HKLM\..\Run: [SMrhc3hwj0evcv] C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{6D050CFA-0964-496C-A1BF-2ED97BCB1722}: NameServer = 85.255.114.14,85.255.112.207
O17 - HKLM\System\CCS\Services\Tcpip\..\{A274A979-1781-4298-B1F3-A786FFD9A9DB}: NameServer = 85.255.114.14,85.255.112.207
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: ddcyaxw - ddcyaxw.dll (file missing)
O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)
O20 - Winlogon Notify: __c00BAEAF - C:\WINDOWS\system32\__c00BAEAF.dat (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
--
End of file - 8047 bytes
Malwarebytes' Anti-Malware 1.25
Database version: 1076
Windows 5.1.2600 Service Pack 2
21:13:33 21/08/2008
mbam-log-08-21-2008 (21-13-22).txt
Scan type: Quick Scan
Objects scanned: 42204
Time elapsed: 3 minute(s), 13 second(s)
Memory Processes Infected: 4
Memory Modules Infected: 7
Registry Keys Infected: 23
Registry Values Infected: 7
Registry Data Items Infected: 20
Folders Infected: 13
Files Infected: 31
Memory Processes Infected:
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\lphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
Memory Modules Infected:
C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\blphc7hwj0evcv.scr (Trojan.FakeAlert) -> No action taken.
Registry Keys Infected:
HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00baeaf (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc3hwj0evcv (Rogue.Multiple) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc7hwj0evcv (Trojan.FakeAlert) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
Folders Infected:
C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
C:\Program Files\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Packages (Rogue.Multiple) -> No action taken.
Files Infected:
C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> No action taken.
C:\Program Files\rhc3hwj0evcv\database.dat (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\license.txt (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcp71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\msvcr71.dll (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe.local (Rogue.Multiple) -> No action taken.
C:\Program Files\rhc3hwj0evcv\Uninstall.exe (Rogue.Multiple) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> No action taken.
C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> No action taken.
C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\blphc7hwj0evcv.scr (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\lphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\phc7hwj0evcv.bmp (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\pphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> No action taken.
C:\Documents and Settings\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
C:\Documents and Settings\Tracy\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
C:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> No action taken.