Results 1 to 4 of 4

Thread: New member with malware

  1. #1
    Junior Member
    Join Date
    Aug 2007
    Posts
    2

    Default New member with malware

    Hi, i have read the the rule threads, and have the appropriate programs in place.

    I have up till now used the guides to help me produce a report or log.

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 19:51:26, on 27/08/2007
    Platform: Windows XP SP1 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Analog Devices\Core\smax4pnp.exe
    C:\PROGRA~1\mcafee.com\agent\mcagent.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
    C:\Program Files\Spyware Doctor\SDTrayApp.exe
    C:\WINDOWS\System32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    c:\progra~1\mcafee.com\vso\mcvsescn.exe
    C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
    C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
    c:\program files\mcafee.com\shared\mghtml.exe
    C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    C:\Program Files\Spyware Doctor\svcntaux.exe
    c:\progra~1\mcafee.com\vso\mcvsftsn.exe
    C:\Program Files\Spyware Doctor\swdsvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\wdfmgr.exe
    C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\WINDOWS\System32\wbem\wmiprvse.exe
    C:\Program Files\Internet Explorer\iexplore.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/yco.../www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
    O2 - BHO: (no name) - {6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C} - C:\WINDOWS\system32\byxvvus.dll
    O2 - BHO: (no name) - {A29C7FB0-DFC2-4149-8930-BBE637DE8C56} - C:\WINDOWS\System32\awvvu.dll
    O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
    O3 - Toolbar: (no name) - {C3DEA25E-A515-4B65-8760-AEE03089F1CD} - (no file)
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O4 - HKLM\..\Run: [Windows Explorer] C:\WINDOWS\System32\explorer.exe
    O4 - HKLM\..\Run: [Advanced DHTML Enable] C:\WINDOWS\System32\mubvcgla.exe
    O4 - HKLM\..\Run: [Windows Logon Application] C:\WINDOWS\System32\logon.exe
    O4 - HKLM\..\Run: [Microsft Security Monitor Process] mssmpp.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
    O4 - HKLM\..\Run: [VSOCheckTask] "c:\PROGRA~1\mcafee.com\vso\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
    O4 - HKLM\..\Run: [MCUpdateExe] C:\PROGRA~1\mcafee.com\agent\mcupdate.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [VirusScan] c:\PROGRA~1\mcafee.com\vso\mcvsshld.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [McRegWiz] C:\PROGRA~1\mcafee.com\agent\mcregwiz.exe /autorun
    O4 - HKLM\..\Run: [j2u] C:\WINDOWS\system32\j2u.exe
    O4 - HKLM\..\Run: [Else pure remote sign] C:\Documents and Settings\All Users\Application Data\MP3 FILM ELSE PURE\knob boob.exe
    O4 - HKLM\..\Run: [hnqajfx] c:\windows\system32\hnqajfx.exe hnqajfx
    O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
    O4 - HKLM\..\Run: [SDTray] "C:\Program Files\Spyware Doctor\SDTrayApp.exe"
    O4 - HKLM\..\RunServices: [Microsft Security Monitor Process] mssmpp.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
    O4 - HKCU\..\Run: [Service Pack 1] C:\WINDOWS\System32\vedxg6ame4.exe
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [SpyVampire] C:\Program Files\SpyVampire\SpyVampire.exe
    O4 - HKCU\..\Run: [j2u] C:\WINDOWS\system32\j2u.exe
    O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
    O4 - HKCU\..\Run: [ExitKeep] C:\DOCUME~1\Owner\APPLIC~1\ITCHMA~1\WIPEFRAGGPL.exe
    O4 - HKLM\..\Policies\Explorer\Run: [1] C:\WINDOWS\System32\mrcmgr.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
    O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O7 - HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System, DisableRegedit=1
    O9 - Extra button: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\aclspc.dll
    O9 - Extra 'Tools' menuitem: Popup Blocker - {0D555BC6-E331-48b3-A60E-AAC0DF79438A} - C:\WINDOWS\system32\aclspc.dll
    O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yaho...st20040510.cab
    O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} - http://software-dl.real.com/06e7d892...p/RdxIE601.cab
    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} - http://a532.g.akamai.net/f/532/6712/.../installer.exe
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 208.67.220.220,208.67.222.222
    O20 - AppInit_DLLs: c:\windows\system32\jkhfccb.dll
    O20 - Winlogon Notify: aclspc - C:\WINDOWS\SYSTEM32\aclspc.dll
    O20 - Winlogon Notify: awvvu - C:\WINDOWS\System32\awvvu.dll
    O20 - Winlogon Notify: botreg - C:\Documents and Settings\All Users\Documents\Settings\bot.dll
    O20 - Winlogon Notify: byxvvus - C:\WINDOWS\SYSTEM32\byxvvus.dll
    O21 - SSODL: LDpswSend - {71EC5123-28DF-324A-D76B-32549AB4C338} - C:\WINDOWS\System32\Ampnlhnq.dll (file missing)
    O21 - SSODL: DuxkuAZFj - {EC167D42-46BC-D7E8-0E19-4424BFA14173} - C:\WINDOWS\System32\ralo.dll
    O22 - SharedTaskScheduler: Windows Installer Class - {24E31EA9-FCE2-404F-BD80-20543565D946} - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~~install.dll (file missing)
    O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
    O23 - Service: DomainService - Unknown owner - C:\WINDOWS\System32\qwerty12.exe (file missing)
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: LOWC - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\LOWC.exe (file missing)
    O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - Networks Associates Technology, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
    O23 - Service: McAfee.com VirusScan Online Realtime Engine (MCVSRte) - Networks Associates Technology, Inc - c:\PROGRA~1\mcafee.com\vso\mcvsrte.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
    O23 - Service: OPFSVC - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\OPFSVC.exe (file missing)
    O23 - Service: Personal Firewall - Unknown owner - C:\Program Files\Omniquad Total Security\OPF\pfsvc.exe (file missing)
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe
    O23 - Service: Spooler SubSystem App (SPOOLSV32) - Unknown owner - C:\WINDOWS\system32\drivers\spoolsv32.exe (file missing)

    --
    End of file - 8956 bytes

  2. #2
    Junior Member
    Join Date
    Aug 2007
    Posts
    2

    Default

    I will not be able to fit the whole report in, sorry.


    KASPERSKY ONLINE SCANNER REPORT
    Monday, August 27, 2007 7:20:03 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 1 (Build 2600)
    Kaspersky Online Scanner version: 5.0.93.0
    Kaspersky Anti-Virus database last update: 27/08/2007
    Kaspersky Anti-Virus database records: 392958


    Scan Settings
    Scan using the following antivirus database extended
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer
    A:\
    C:\
    D:\
    E:\

    Scan Statistics
    Total number of scanned objects 50873
    Number of viruses found 82
    Number of infected objects 2384
    Number of suspicious objects 2
    Duration of the scan process 00:35:06

    Infected Object Name Virus Name Last Action
    C:\3456346345643.exe~ Infected: Email-Worm.Win32.Zhelatin.fm skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8LUZCT6V\counter21[1].htm/Installer.class Infected: Trojan-Downloader.Java.OpenConnection.ao skipped

    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\8LUZCT6V\counter21[1].htm ZIP: infected - 1 skipped

    C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\system.exe Infected: not-virus:Hoax.Win32.Renos.hz skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\MP3 FILM ELSE PURE\knob boob.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\All Users\Application Data\MP3 FILM ELSE PURE\Vc Ford.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\All Users\Application Data\Rect Sixth Sign Mp3\GLOBAL PEAK WAVE.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip/avp.exe Suspicious: Password-protected-EXE skipped

    C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\Virtumonde.zip ZIP: suspicious - 1 skipped

    C:\Documents and Settings\All Users\Documents\Settings\bot.dll Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\Owner\Application Data\itch math\inkjgrgz.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\Owner\Application Data\itch math\license mags error.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\Owner\Application Data\itch math\ufnlohki.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\Owner\Application Data\itch math\WIPEFRAGGPL.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\Owner\Application Data\tmp16.tmp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\Documents and Settings\Owner\Application Data\tmp4.tmp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\Documents and Settings\Owner\Application Data\tmp47.tmp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\Documents and Settings\Owner\Application Data\tmp9.tmp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\Documents and Settings\Owner\Application Data\tmpA.tmp.exe Infected: Trojan-Downloader.Win32.Tiny.id skipped

    C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\MSHist012007082720070828\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\1664.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\16agent.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\16sv.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\16win.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\3264.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\32win.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\6432.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\6464.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\64host.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\64win.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\agentlook.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\agentpower.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\agentserver.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\agentsys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\bis18.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\bis19.exe Infected: Trojan.Win32.Obfuscated.en skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\host32.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\host64.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\hostmon.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\hostsyn.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\is-8F0HD.tmp\TorrentManager.dll Infected: not-a-virus:AdWare.Win32.Lop.bo skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\is-DHMMV.tmp\TorrentManager.dll Infected: not-a-virus:AdWare.Win32.Lop.bo skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\look16.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\lookmon.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\looksyn.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\mon64.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\monhost.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\monsys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\monwin.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\powersys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\svserver.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\svsyn.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\syn64.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\synhost.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\sys32.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\syssys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\winserver.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\winsv.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temp\winsys.exe Infected: Trojan-Clicker.Win32.Small.mv skipped

    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped

    C:\lo-1177627868.exe Infected: Email-Worm.Win32.Zhelatin.fm skipped

    C:\Program Files\Common Files\WinAntiVirus Pro 2007\is-P8KC0.tmp Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

    C:\Program Files\Common Files\WinAntiVirus Pro 2007\wa7pinst.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped

    C:\Program Files\setup.exe/stream/data0006 Infected: Trojan-Downloader.Win32.Zlob.cbp skipped

    C:\Program Files\setup.exe/stream Infected: Trojan-Downloader.Win32.Zlob.cbp skipped

    C:\Program Files\setup.exe NSIS: infected - 2 skipped

    C:\Program Files\ucleaner_setup.exe Infected: not-a-virus:FraudTool.Win32.UltimateDefender.b skipped

    C:\qlpdxrv.exe Infected: Trojan-Dropper.Win32.Agent.blo skipped

    C:\sysgsqf.exe Infected: Trojan-Dropper.Win32.Agent.bpz skipped

    C:\syshotv.exe Infected: Trojan.Win32.Agent.ato skipped

    C:\sysoesb.exe Infected: Trojan.Win32.Agent.ato skipped

    C:\syst.exe~ Infected: Email-Worm.Win32.Zhelatin.fm skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0001015.exe Infected: Trojan-Dropper.Win32.Agent.blo skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0001016.exe Infected: Email-Worm.Win32.Zhelatin.fm skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002015.exe Infected: Email-Worm.Win32.Zhelatin.fm skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002016.exe Infected: not-virus:Hoax.Win32.Renos.hl skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002017.exe Infected: Trojan-Downloader.Win32.Small.eqn skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002018.exe Infected: Email-Worm.Win32.Zhelatin.fm skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002019.exe Infected: Packed.Win32.Tibs.ap skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002020.exe Infected: Trojan-Downloader.Win32.Agent.bil skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002021.exe Infected: Trojan-Downloader.Win32.Agent.bil skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002047.exe Infected: Trojan-Downloader.Win32.Alphabet.g skipped

    C:\System Volume Information\_restore{F5693F8E-61B1-498E-B349-7FE557B743F6}\RP1\A0002048.exe Infected: Trojan-Dropper.Win32.Agent.blo skipped

  3. #3
    In Memoriam -Always in our heart teacup61's Avatar
    Join Date
    Jun 2006
    Location
    Texas
    Posts
    759

    Default

    Hello digitalb,

    Welcome to Safer Networking Forums

    This log is a mess! The system is compromised. It would be safest to reformat and reinstall, especially if you have sensitive data stored. If you'd rather clean it, then let's start by running these tools:

    1. Download this file - combofix.exe
    2. Double click combofix.exe & follow the prompts.
    3. When finished, it will produce a log for you. Post that log in your next reply please.

    Note:
    Do not mouseclick combofix's window while it's running. That may cause it to stall.

    Download SDFix and save it to your Desktop.

    Double click SDFix.exe and it will extract the files to %systemdrive%
    (Drive that contains the Windows Directory, typically C:\SDFix)

    Please then reboot your computer in Safe Mode by doing the following :
    • Restart your computer
    • After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
    • Instead of Windows loading as normal, the Advanced Options Menu should appear;
    • Select the first option, to run Windows in Safe Mode, then press Enter.
    • Choose your usual account.
    • Open the extracted SDFix folder and double click RunThis.bat to start the script.
    • Type Y to begin the cleanup process.
    • It will remove any Trojan Services and Registry Entries that it finds then prompt you to press any key to Reboot.
    • Press any Key and it will restart the PC.
    • When the PC restarts the Fixtool will run again and complete the removal process then display Finished, press any key to end the script and load your desktop icons.
    • Once the desktop icons load the SDFix report will open on screen and also save into the SDFix folder as Report.txt
      (Report.txt will also be copied to Clipboard ready for posting back on the forum).
    • Finally paste the contents of the Report.txt back on the forum with a new HijackThis log


    Thanks,
    tea
    teacup61

  4. #4
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,955

    Default

    This topic has been archived.

    If you need it re-opened please send me a private message (pm) and provide a link to the thread.

    Applies only to the original poster, anyone else with similar problems please start a new topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •