View Full Version : Help - I think its Command Service
Hope you guys can help, this is very anoying to say the least.
Logfile of HijackThis v1.99.1
Scan saved at 12:31:55 AM, on 8/16/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\hijackthis\HijackThis.exe
R3 - URLSearchHook: (no name) - _{00D6A7E7-4A97-456f-848A-3B75BF7554D7} - (no file)
R3 - URLSearchHook: (no name) - _{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076} - (no file)
F3 - REG:win.ini: run=C:\WINDOWS\System32\msoffice.exe
F2 - REG:system.ini: UserInit=userinit.exe
O3 - Toolbar: (no name) - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKCU\..\Run: [irrw] C:\PROGRA~1\COMMON~1\irrw\irrwm.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O15 - Trusted Zone: *.addictivetechnologies.com
O15 - Trusted Zone: *.adgate.info
O15 - Trusted Zone: *.admin2cash.biz
O15 - Trusted Zone: *.adsextend.net
O15 - Trusted Zone: *.bettersearch.biz
O15 - Trusted Zone: *.c4tdownload.com
O15 - Trusted Zone: *.crazywinnings.com
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.elitemediagroup.net
O15 - Trusted Zone: *.finefind.nettraffic2cash.biz
O15 - Trusted Zone: *.imagesrvr.com
O15 - Trusted Zone: *.matcash.com
O15 - Trusted Zone: *.media-motor.com
O15 - Trusted Zone: *.mediatickets.net
O15 - Trusted Zone: *.overpro.com
O15 - Trusted Zone: *.private-dialer.biz
O15 - Trusted Zone: *.snipernet.biz
O15 - Trusted Zone: *.sp2admin.biz
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: *.systemdoctor.com
O15 - Trusted Zone: *.traffic2cash.biz
O15 - Trusted Zone: *.winantivirus.com
O15 - Trusted Zone: *.adgate.info (HKLM)
O15 - Trusted Zone: *.adsextend.net (HKLM)
O15 - Trusted Zone: *.dollarrevenue.com (HKLM)
O15 - Trusted Zone: *.elitemediagroup.net (HKLM)
O15 - Trusted Zone: *.imagesrvr.com (HKLM)
O15 - Trusted Zone: *.matcash.com (HKLM)
O15 - Trusted Zone: *.media-motor.com (HKLM)
O15 - Trusted Zone: *.mediatickets.net (HKLM)
O15 - Trusted Zone: *.snipernet.biz (HKLM)
O15 - Trusted Zone: *.systemdoctor.com (HKLM)
O15 - Trusted Zone: *.winantivirus.com (HKLM)
O15 - ProtocolDefaults: 'http' protocol is in Trusted Zone, should be Internet Zone
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://www.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall.cab
O16 - DPF: {10A30146-C46E-5B0A-2D29-59EA502B04B9} - http://67.19.178.86/1/rdgAU1742.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {28DF79C8-7807-6D6C-F9A5-2E89576B7D8A} - http://67.19.178.86/1/rdgAU1742.exe
O16 - DPF: {298BFFEE-662D-11D5-ADAF-00E0810232D7} (lgbplay Class) - http://geebd.pickles.liveglobalbid.com/LiveSound.dll
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {40B0CCA2-E78C-106B-DBB9-33456E09F492} - http://67.19.178.86/1/rdgAU1742.exe
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} (mm06ocx.mm06ocxf) - mk:@MSITStore:C:\DOCUME~1\Ben\LOCALS~1\Temp\mma.chm::/joysavsht.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {6F5AB2BC-DCBC-1267-A8DA-1DD421A59B17} - http://67.19.178.86/1/rdgAU1742.exe
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {A1426AC5-8CE5-4A00-B71E-011D35709AC6} (Progetto1.int_ver34) - http://advnt01.com/dialer/int_ver34.CAB
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {E055C02E-6258-40FF-80A7-3BDA52FACAD7} (Installer Class) - ms-its:mhtml:file://c:\nesunem.mht!http://adsextend.net/zscript/mca.chm::/speedtest2.dll
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\Ben\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: Time Zones - C:\WINDOWS\system32\k2pmlc711f.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\SYSTEM32\ati2sgag.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
BitDefender Online Scanner
Scan report generated at: Wed, Aug 16, 2006 - 01:12:51
Scan path: A:\;C:\;D:\;E:\;F:\;
Statistics
Time
00:46:17
Files
276391
Folders
2427
Boot Sectors
3
Archives
2783
Packed Files
24318
Results
Identified Viruses
27
Infected Files
79
Suspect Files
0
Warnings
0
Disinfected
0
Deleted Files
79
Engines Info
Virus Definitions
448311
Engine build
AVCORE v1.0 (build 2310) (i386) (Apr 17 2006 16:24:38)
Scan plugins
13
Archive plugins
39
Unpack plugins
5
E-mail plugins
6
System plugins
1
Scan Settings
First Action
Disinfect
Second Action
Delete
Heuristics
Yes
Enable Warnings
Yes
Scanned Extensions
*;
Exclude Extensions
Scan Emails
Yes
Scan Archives
Yes
Scan Packed
Yes
Scan Files
Yes
Scan Boot
Yes
Scanned File
Status
C:\WINDOWS\SYSTEM\bhomod00.dll
Infected with: Trojan.Downloader.Agent.MK
C:\WINDOWS\SYSTEM\bhomod00.dll
Disinfection failed
C:\WINDOWS\SYSTEM\bhomod00.dll
Deleted
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20050602-211637.backup
Infected with: Generic.Qhost.5C11C629
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20050602-211637.backup
Disinfection failed
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20050602-211637.backup
Deleted
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20051224-144535.backup
Infected with: Generic.Qhost.BBC2FFAC
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20051224-144535.backup
Disinfection failed
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20051224-144535.backup
Deleted
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20051224-144536.backup
Infected with: Generic.Qhost.656D4F69
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20051224-144536.backup
Disinfection failed
C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts.20051224-144536.backup
Deleted
C:\WINDOWS\SYSTEM32\df12e.exe
Infected with: Trojan.LowZones.AC
C:\WINDOWS\SYSTEM32\df12e.exe
Deleted
C:\WINDOWS\SYSTEM32\rgdfed.exe
Infected with: Trojan.Clicker.Agent.BN
C:\WINDOWS\SYSTEM32\rgdfed.exe
Disinfection failed
C:\WINDOWS\SYSTEM32\rgdfed.exe
Deleted
C:\WINDOWS\SYSTEM32\SSK_B5_MVSSK2.EXE
Infected with: Trojan.Downloader.Small.QN
C:\WINDOWS\SYSTEM32\SSK_B5_MVSSK2.EXE
Disinfection failed
C:\WINDOWS\SYSTEM32\SSK_B5_MVSSK2.EXE
Deleted
C:\WINDOWS\inst\3p_2.exe=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\WINDOWS\inst\3p_2.exe=>wise0008
Disinfection failed
C:\WINDOWS\inst\3p_2.exe=>wise0008
Deleted
C:\WINDOWS\inst\3p_2.exe
Update failed
C:\WINDOWS\inst\3p_3.exe
Infected with: Trojan.Dropper.Mudrop.O
C:\WINDOWS\inst\3p_3.exe
Disinfection failed
C:\WINDOWS\inst\3p_3.exe
Deleted
C:\WINDOWS\df12e.exe
Infected with: Trojan.LowZones.AV
C:\WINDOWS\df12e.exe
Deleted
C:\WINDOWS\LastGood\amm06.ocx
Infected with: Trojan.Downloader.Mediamotor.C
C:\WINDOWS\LastGood\amm06.ocx
Disinfection failed
C:\WINDOWS\LastGood\amm06.ocx
Deleted
C:\WINDOWS\rgdfed.exe
Infected with: Trojan.Clicker.Agent.BN
C:\WINDOWS\rgdfed.exe
Disinfection failed
C:\WINDOWS\rgdfed.exe
Deleted
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\UWA6P_0001_N91M1807NetInstaller.exe
Deleted
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\UWA6P_0001_N91M1807NetInstaller.exe
Deleted
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\UWA6P_0001_N91M1807NetInstaller.exe
Deleted
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe
Disinfection failed
C:\WINDOWS\Downloaded Program Files\CONFLICT.3\UWA6P_0001_N91M1807NetInstaller.exe
Deleted
C:\WINDOWS\xload.exe
Infected with: Trojan.Downloader.Vb.WZ
C:\WINDOWS\xload.exe
Disinfection failed
C:\WINDOWS\xload.exe
Deleted
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.051224-1445.txt
Infected with: Generic.Qhost.3E196D23
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.051224-1445.txt
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Checks.051224-1445.txt
Deleted
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.051224-1445.txt
Infected with: Generic.Qhost.6F037EC2
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.051224-1445.txt
Disinfection failed
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Logs\Fixes.051224-1445.txt
Deleted
C:\Documents and Settings\Ben\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Ben\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe
Disinfection failed
C:\Documents and Settings\Ben\Local Settings\Temp\ICD1.tmp\UWA6P_0001_N91M1807NetInstaller.exe
Deleted
C:\Documents and Settings\Ben\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Ben\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe
Disinfection failed
C:\Documents and Settings\Ben\Local Settings\Temp\ICD2.tmp\UWA6P_0001_N91M1807NetInstaller.exe
Deleted
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\ILEN04RY\WinAntiVirusPro2006FreeInstall[1].exe
Infected with: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\ILEN04RY\WinAntiVirusPro2006FreeInstall[1].exe
Disinfection failed
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\ILEN04RY\WinAntiVirusPro2006FreeInstall[1].exe
Deleted
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\CLMB0D2R\WinAntiVirusPro2006FreeInstall[1].cab=>UWA6P_0001_N91M1807NetInstaller.exe
Infected with: Trojan.Downloader.Winfixer.O
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\CLMB0D2R\WinAntiVirusPro2006FreeInstall[1].cab=>UWA6P_0001_N91M1807NetInstaller.exe
Disinfection failed
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\CLMB0D2R\WinAntiVirusPro2006FreeInstall[1].cab=>UWA6P_0001_N91M1807NetInstaller.exe
Deleted
C:\Documents and Settings\Ben\Local Settings\Temporary Internet Files\Content.IE5\CLMB0D2R\WinAntiVirusPro2006FreeInstall[1].cab
Update failed
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Beyond.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Beyond.class
Disinfection failed
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Beyond.class
Deleted
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip
Updated
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Dummy.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Dummy.class
Disinfection failed
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Dummy.class
Deleted
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip
Updated
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>NudeBox.class
Infected with: Java.Trojan.ClassLoader.U
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>NudeBox.class
Disinfection failed
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>NudeBox.class
Deleted
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip
Updated
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Worker.class
Infected with: Java.Trojan.ClassLoader.U
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Worker.class
Disinfection failed
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>Worker.class
Deleted
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip
Updated
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>VerifierBug.class
Infected with: Java.Trojan.Exploit.Bytverify
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>VerifierBug.class
Disinfection failed
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>VerifierBug.class
Deleted
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip
Updated
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>javautil.zip
Infected with: Trojan.Proxy.Ranky.Gen
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip=>javautil.zip
Deleted
C:\Documents and Settings\Ben\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\menu.jr-7b81d802-4cb84c28.zip
Updated
C:\Documents and Settings\Julie\Local Settings\Temp\nsw5.tmp
Infected with: Trojan.Downloader.Istbar.EY
C:\Documents and Settings\Julie\Local Settings\Temp\nsw5.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\nsw5.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\iC.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\iC.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\iC.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i6.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i6.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i6.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i5.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i5.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i5.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLFFGLFF.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLFFGLFF.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLFFGLFF.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLFFGLFF.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7GLF7.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7GLF7.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7GLF7.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7GLF7.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8GLF8.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8GLF8.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8GLF8.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8GLF8.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\i8.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i8.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i8.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i1C.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i1C.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i1C.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i29.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i29.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i29.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i38.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i38.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i38.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF1FGLF1F.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF1FGLF1F.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF1FGLF1F.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF1FGLF1F.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF2CGLF2C.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF2CGLF2C.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF2CGLF2C.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF2CGLF2C.EXE
Update failed
The rest of BitDefender
C:\Documents and Settings\Julie\Local Settings\Temp\i7.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i7.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i7.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\nsc76.tmp
Infected with: Trojan.Downloader.Istbar.EY
C:\Documents and Settings\Julie\Local Settings\Temp\nsc76.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\nsc76.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF3BGLF3B.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF3BGLF3B.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF3BGLF3B.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF3BGLF3B.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLFBGLFB.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLFBGLFB.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLFBGLFB.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLFBGLFB.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\i79.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i79.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i79.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i9.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i9.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i9.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i46.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i46.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i46.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF49GLF49.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF49GLF49.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF49GLF49.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF49GLF49.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLFAGLFA.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLFAGLFA.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLFAGLFA.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLFAGLFA.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\iF.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\iF.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\iF.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i88.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i88.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i88.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7CGLF7C.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7CGLF7C.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7CGLF7C.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF7CGLF7C.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF11GLF11.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF11GLF11.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF11GLF11.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF11GLF11.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8AGLF8A.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8AGLF8A.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8AGLF8A.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF8AGLF8A.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\nsx96.tmp
Infected with: Trojan.Downloader.Istbar.EY
C:\Documents and Settings\Julie\Local Settings\Temp\nsx96.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\nsx96.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\i99.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i99.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i99.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF10GLF10.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF10GLF10.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF10GLF10.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF10GLF10.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF9CGLF9C.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF9CGLF9C.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF9CGLF9C.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF9CGLF9C.EXE
Update failed
C:\Documents and Settings\Julie\Local Settings\Temp\i2C.tmp
Infected with: Trojan.Sillydl.EG
C:\Documents and Settings\Julie\Local Settings\Temp\i2C.tmp
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\i2C.tmp
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF30GLF30.EXE=>wise0008
Infected with: Trojan.Downloader.TSUpdate.F
C:\Documents and Settings\Julie\Local Settings\Temp\GLF30GLF30.EXE=>wise0008
Disinfection failed
C:\Documents and Settings\Julie\Local Settings\Temp\GLF30GLF30.EXE=>wise0008
Deleted
C:\Documents and Settings\Julie\Local Settings\Temp\GLF30GLF30.EXE
Update failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000010.exe
Infected with: Trojan.Downloader.Small.BCB
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000010.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000010.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000011.dll
Infected with: Trojan.Downloader.YM
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000011.dll
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000011.dll
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000012.exe
Infected with: Trojan.Downloader.Dyfuca.EY
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000012.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000012.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000014.exe
Infected with: Trojan.Downloader.DollarRevenue.X
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000014.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000014.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000015.exe
Infected with: Trojan.Downloader.DollarRevenue.Y
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000015.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000015.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000016.exe
Infected with: Trojan.Downloader.DollarRevenue.Y
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000016.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000016.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000017.exe
Infected with: Trojan.Downloader.DollarRevenue.Z
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000017.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP2\A0000017.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000140.dll
Infected with: Trojan.Downloader.Agent.MK
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000140.dll
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000140.dll
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000141.exe
Infected with: Trojan.LowZones.AC
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000141.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000142.exe
Infected with: Trojan.Clicker.Agent.BN
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000142.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000142.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000143.EXE
Infected with: Trojan.Downloader.Small.QN
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000143.EXE
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000143.EXE
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000144.exe
Infected with: Trojan.Dropper.Mudrop.O
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000144.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000144.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000145.exe
Infected with: Trojan.LowZones.AV
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000145.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000146.ocx
Infected with: Trojan.Downloader.Mediamotor.C
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000146.ocx
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000146.ocx
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000147.exe
Infected with: Trojan.Clicker.Agent.BN
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000147.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000147.exe
Deleted
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000148.exe
Infected with: Trojan.Downloader.Vb.WZ
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000148.exe
Disinfection failed
C:\System Volume Information\_restore{FE5CCB52-3722-4D28-AE7A-B853C2511141}\RP5\A0000148.exe
Deleted
C:\dfndrfh_10.exe
Infected with: Trojan.Clicker.VB.LY
C:\dfndrfh_10.exe
Disinfection failed
C:\dfndrfh_10.exe
Deleted
LonnyRJones
2006-08-19, 14:15
Please download Look2Me-Destroyer.exe to your to the root drive, eg: Local Disk C: or partition where your operating system is installed.
http://www.atribune.org/content/view/28/
Close all windows before continuing.
Double-click Look2Me-Destroyer.exe to run it.
Put a check next to Run this program as a task.
You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 1 to five minute's. Click OK
When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
Once it's done scanning, click the Remove L2M button.
You will receive a Done Scanning message, click OK.
When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
Your computer will then shutdown.
Wait about Four minutes, Turn your computer back on.
Please post the contents of Look2Me-Destroyer.txt
It appears you do not use a permanent antivirus program ?
This topic has been archived due to lack of a response.
If you need it re-opened please send me a private message (pm) and provide a link to the thread.
Applies only to the original topic starter.
Regarding:
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Please see:
You and Windows, a joint effort (http://forums.spybot.info/showpost.php?p=25290&postcount=4)