help with this backdoor trojan
- Thread starter alshay
- Start date
Hi
It is a huge log and will take some time to go through. I'll answer as soon as possible :bigthumb:
okidoki
Hi 
How is the computer running?
We'll run one more scan.
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
How is the computer running?
We'll run one more scan.
You should print these instructions or save these to a text file. Follow these instructions carefully.
Download Dr.Web CureIt to the desktop -> ftp://ftp.drweb.com/pub/drweb/cureit/drweb-cureit.exe
Restart your computer to the safe mode:
- Restart your computer
- Start tapping the F8 key when the computer restarts.
- When the start menu opens, choose Safe mode
- Press Enter. The computer then begins to start in Safe mode.
- Doubleclick the drweb-cureit.exe file and Allow to run the express scan
- This will scan the files currently running in memory and when something is found, click the yes button when it asks you if you want to cure it. This is only a short scan.
- Once the short scan has finished, you should now mark the drives that you want to scan.
- Select all drives. A red dot shows which drives have been chosen.
- Click the green arrow at the right, and the scan will start.
- Click 'Yes to all' if it asks if you want to cure/move the file.
- When the scan has finished, look if you can click next icon next to the files found
- If so, click it and then click the next icon right below and select Move incurable
- After the scan, in the menu, click file and choose save report list
- Save the report to your desktop. The report will be called DrWeb.csv
- Close Dr.Web Cureit.
- Reboot the computer in Normal Mode,
- Post the Cure-it report and a fresh HijackThis log
here's my report 
:
since dis morning wen i opened the pc i havent noticed yet any virus alert i think the trojan thing is gone ( i hope so) or mybe it's just waiting ryt tym 2 attack hehehe.....here's the log u request
Drweb
crss.exe;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
crss.exebak;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
mstcpcon20.dll;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
netmanage.dll;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
netused.dll;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
SR1000R.DLL;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
SR1000R.DLLbak;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
JigsawLighthousesInstall.exe;C:\games\Games;Adware.Ezula;Incurable.Moved.;
hltv.exe;C:\Program Files\SIERRA\Counter-Strike;Tool.ProxyHLTV;Incurable.Moved.;
Silent Runners.vbs;C:\silentrunners;Probably BATCH.Virus;Incurable.Moved.;
A0039487.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039488.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039489.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039490.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039507.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0039508.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0039509.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0039510.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0040514.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040515.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040516.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040517.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040518.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0042686.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042687.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;BackDoor.Doker;Deleted.;
A0042688.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042689.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042690.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042691.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042727.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042728.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042729.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042730.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042731.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0036399.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP99;Win32.HLLW.Autoruner;Deleted.;
A0036400.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP99;Win32.HLLW.Autoruner;Deleted.;
HJT LOg
Logfile of HijackThis v1.99.1
Scan saved at 1:18:20 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\_stn_11\Desktop\cleaner\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
end of report
:since dis morning wen i opened the pc i havent noticed yet any virus alert i think the trojan thing is gone ( i hope so) or mybe it's just waiting ryt tym 2 attack hehehe.....here's the log u request
Drweb
crss.exe;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
crss.exebak;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
mstcpcon20.dll;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
netmanage.dll;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
netused.dll;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
SR1000R.DLL;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
SR1000R.DLLbak;C:\!KillBox;Win32.HLLW.Autoruner;Deleted.;
JigsawLighthousesInstall.exe;C:\games\Games;Adware.Ezula;Incurable.Moved.;
hltv.exe;C:\Program Files\SIERRA\Counter-Strike;Tool.ProxyHLTV;Incurable.Moved.;
Silent Runners.vbs;C:\silentrunners;Probably BATCH.Virus;Incurable.Moved.;
A0039487.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039488.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039489.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039490.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP103;Win32.HLLW.Autoruner;Deleted.;
A0039507.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0039508.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0039509.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0039510.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP104;Win32.HLLW.Autoruner;Deleted.;
A0040514.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040515.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040516.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040517.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0040518.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP105;Win32.HLLW.Autoruner;Deleted.;
A0042686.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042687.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;BackDoor.Doker;Deleted.;
A0042688.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042689.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042690.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042691.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP113;Win32.HLLW.Autoruner;Deleted.;
A0042727.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042728.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042729.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042730.dll;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0042731.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP115;Win32.HLLW.Autoruner;Deleted.;
A0036399.DLL;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP99;Win32.HLLW.Autoruner;Deleted.;
A0036400.exe;C:\System Volume Information\_restore{0E7AA2AB-0FBE-4515-9029-1F10DA63919E}\RP99;Win32.HLLW.Autoruner;Deleted.;
HJT LOg
Logfile of HijackThis v1.99.1
Scan saved at 1:18:20 PM, on 6/21/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\_stn_11\Desktop\cleaner\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [PowerDVD] C:\Program Files\CyberLink\PowerDVD\PowerDVD.exe /autostart
O4 - HKLM\..\Run: [VirtualDrive] "C:\Program Files\FarStone\VirtualDrive\VDTask.exe" /AutoRestore
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: Norton AntiVirus Firewall Monitor Service (NPFMntor) - Symantec Corporation - C:\Program Files\Norton AntiVirus\IWP\NPFMntor.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
end of report
Hi again, it is looking clean now
Now you can clean AVG's Quarantine:
Then you should update your Java to the latest version (6u1)
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
Stay clean and be safe
Now you can clean AVG's Quarantine:
- Open AVG Anti-Spyware
- Click Infections
- Click Quarantine tab
- Click Select all
- Click Remove finally
- Close the program
Then you should update your Java to the latest version (6u1)
- [*]Start
[*]Control Panel
[*]Add/Remove Programs - Delete the old Java,
J2SE Runtime Environment 5.0 Update 3
- Download the latest version of Java Runtime Environment (JRE) 6u1.
- Scroll down to where it says "The J2SE Runtime Environment (JRE) allows end-users to run Java applications."
- Click the "Download" button to the right.
- Check the box that says: "Accept License Agreement."
- The page will refresh.
- Click on the link to download Windows Offline Installation with or without Multi-language and save to your desktop.
- Install it
- Go to My Computer
- Select the Tools menu and click Folder Options
- Click the View tab.
- Checkmark the "Display the contents of system folders"
- Under the Hidden files and folders select "Show hidden files and folders"
- Check "Hide protected operating system files"
- Click Apply and then the OK and close My Computer.
=============
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure:
- Clear your system restore
This will clear the system restore folders from possible malware that was left behind during the cleaning process.
- Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
- Use Ad-Aware
Download and install Ad-Aware. Update it and scan your computer regularly with it.
- Use AVG Anti-Spyware
Download and install AVG Anti-Spyware. Update it and scan your computer regularly with it.
- Use Spybot S&D
Download and install Spybot S&D. Update it and scan your computer regularly with it.
- Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
- Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
- Use Firefox browser
Firefox is faster and more secure browser than Internet Explorer.
- Keep your systen up-to-date
Visit Windows Update regularly. How to enable Automatic Updates?
- Keep your antivirus and firewall up-to-date
Scan your computer regularly with you antivirus software.
- Read this article by TonyKlein
So how did I get infected in the first place?
- Stand Up and Be Counted !
The site offers people who have been (or are) victims of malware the opportunity to document their story and, in that way, launch a complaint against the malware and the makers of the malware.
Stay clean and be safe
You're very welcome :
As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help :2thumb:
: As the problem appears to be resolved this topic has been archived.
If you need it re-opened please send a private message (pm) to a forum staff member and provide a link to the thread; this applies only to the original topic starter.
Glad we could help :2thumb: