Results 1 to 2 of 2

Thread: antivirus xp 2008 removal,log files HJT & MBAM

  1. 2008-08-21, 22:32 #1
    TTough
    TTough is offline
    Junior Member
    Join Date
    Aug 2008
    Posts
    2

    Default antivirus xp 2008 removal,log files HJT & MBAM

    Hi,here's the logfiles after following instructions from previous threads.Thanks for your time!
    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:13:04, on 21/08/2008
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\WINDOWS\system32\CTsvcCDA.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\hkcmd.exe
    C:\WINDOWS\system32\igfxpers.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\WINDOWS\SOUNDMAN.EXE
    C:\WINDOWS\sm56hlpr.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\lphc7hwj0evcv.exe
    C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\pphc7hwj0evcv.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\MESSEN~1\Msmsgs.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe
    C:\Program Files\DNA\btdna.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    C:\Program Files\Common Files\Sony Shared\GMR\GMRMan.exe
    C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAutoUpdate.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Java\jre1.5.0_11\bin\jucheck.exe
    C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: CodecPlugin Class - {098716A9-0310-4CBE-BD64-B790A9761158} - C:\WINDOWS\system32\RichVideoCodec.dll
    O2 - BHO: {83449d28-49b0-9478-d044-f9deda035742} - {247530ad-ed9f-440d-8749-0b9482d94438} - (no file)
    O2 - BHO: (no name) - {3E3A2C68-CB56-475C-B625-7A8FBB0A61D0} - (no file)
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O2 - BHO: (no name) - {7874156B-D451-4A05-AA9F-532C69A92A9F} - (no file)
    O4 - HKLM\..\Run: [High Definition Audio Property Page Shortcut] HDAShCut.exe
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [AlcWzrd] ALCWZRD.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe"
    O4 - HKLM\..\Run: [CONNECTScheduler] "C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTScheduler.exe" /RUN_SCHEDULER
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [lphc7hwj0evcv] C:\WINDOWS\system32\lphc7hwj0evcv.exe
    O4 - HKLM\..\Run: [SMrhc3hwj0evcv] C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "c:\PROGRA~1\MESSEN~1\Msmsgs.exe" /background
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"
    O4 - HKCU\..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe"
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: CONNECTAUTrayApp.lnk = C:\Program Files\Sony\CONNECTAutoUpdate\CONNECTAUTrayApp.exe
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: @c:\Program Files\Messenger\Msgslang.dll,-61144 - {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\Program Files\Messenger\msmsgs.exe
    O17 - HKLM\System\CCS\Services\Tcpip\..\{6D050CFA-0964-496C-A1BF-2ED97BCB1722}: NameServer = 85.255.114.14,85.255.112.207
    O17 - HKLM\System\CCS\Services\Tcpip\..\{A274A979-1781-4298-B1F3-A786FFD9A9DB}: NameServer = 85.255.114.14,85.255.112.207
    O17 - HKLM\System\CS1\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: NameServer = 85.255.114.14 85.255.112.207
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O20 - Winlogon Notify: ddcyaxw - ddcyaxw.dll (file missing)
    O20 - Winlogon Notify: jkhhg - C:\WINDOWS\system32\jkhhg.dll (file missing)
    O20 - Winlogon Notify: mllji - C:\WINDOWS\system32\mllji.dll (file missing)
    O20 - Winlogon Notify: pmkhh - C:\WINDOWS\system32\pmkhh.dll (file missing)
    O20 - Winlogon Notify: ssqrq - C:\WINDOWS\system32\ssqrq.dll (file missing)
    O20 - Winlogon Notify: __c00BAEAF - C:\WINDOWS\system32\__c00BAEAF.dat (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
    O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
    O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
    O23 - Service: PDScheduler (PDSched) - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDSched.exe
    O23 - Service: Sony SCSI Helper Service - Sony Corporation - C:\Program Files\Common Files\Sony Shared\Fsk\SonySCSIHelperService.exe
    O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe

    --
    End of file - 8047 bytes
    Malwarebytes' Anti-Malware 1.25
    Database version: 1076
    Windows 5.1.2600 Service Pack 2

    21:13:33 21/08/2008
    mbam-log-08-21-2008 (21-13-22).txt

    Scan type: Quick Scan
    Objects scanned: 42204
    Time elapsed: 3 minute(s), 13 second(s)

    Memory Processes Infected: 4
    Memory Modules Infected: 7
    Registry Keys Infected: 23
    Registry Values Infected: 7
    Registry Data Items Infected: 20
    Folders Infected: 13
    Files Infected: 31

    Memory Processes Infected:
    C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe (Rogue.Multiple) -> No action taken.
    C:\WINDOWS\system32\lphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\pphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.

    Memory Modules Infected:
    C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\MFC71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\msvcp71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\msvcr71.dll (Rogue.Multiple) -> No action taken.
    C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\blphc7hwj0evcv.scr (Trojan.FakeAlert) -> No action taken.

    Registry Keys Infected:
    HKEY_CLASSES_ROOT\codecbho.codecplugin (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\TypeLib\{84562fca-ee8b-4585-a1d1-eae97b23370e} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{48e92754-2daf-4de4-8385-34f631580e9b} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\Interface\{a1c23ba2-8f20-4c01-b663-7ff2b3421194} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{098716a9-0310-4cbe-bd64-b790a9761158} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\CLSID\{d37d6c1a-7ba4-47f4-9bf2-75031e257df6} (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\codecbho.codecplugin.1 (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\codecbho.xmldomdocumenteventssink.1 (Trojan.FakeAlert) -> No action taken.
    HKEY_CLASSES_ROOT\AppID\{f4406238-983a-4845-9053-f1d0007fd135} (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\msliksur (Trojan.DNSChanger) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\msliksurserv (Rootkit.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\__c00baeaf (Trojan.Vundo) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Software Notifier (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.
    HKEY_CLASSES_ROOT\AppID\CodecBHO.DLL (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\sysrest.sys (Rootkit.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sysrest.sys (Rootkit.Agent) -> No action taken.

    Registry Values Infected:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\smrhc3hwj0evcv (Rogue.Multiple) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysrest32.exe (Trojan.Agent) -> No action taken.
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\lphc7hwj0evcv (Trojan.FakeAlert) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\wallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\originalwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\convertedwallpaper (Hijack.Wallpaper) -> No action taken.
    HKEY_CURRENT_USER\Control Panel\Desktop\scrnsave.exe (Hijack.Wallpaper) -> No action taken.

    Registry Data Items Infected:
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispBackgroundPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispScrSavPage (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14 85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{6d050cfa-0964-496c-a1bf-2ed97bcb1722}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\DhcpNameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.
    HKEY_LOCAL_MACHINE\SYSTEM\ControlSet003\Services\Tcpip\Parameters\Interfaces\{a274a979-1781-4298-b1f3-a786ffd9a9db}\NameServer (Trojan.DNSChanger) -> Data: 85.255.114.14,85.255.112.207 -> No action taken.

    Folders Infected:
    C:\Program Files\RichVideoCodec (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKCU (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKCU\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKLM (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\HKLM\RunOnce (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\StartMenuAllUsers (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Autorun\StartMenuCurrentUser (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\BrowserObjects (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\rhc3hwj0evcv\Quarantine\Packages (Rogue.Multiple) -> No action taken.

    Files Infected:
    C:\WINDOWS\system32\RichVideoCodec.dll (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\RichVideoCodec\MultiLoader.dll (Trojan.FakeAlert) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\database.dat (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\license.txt (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\MFC71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\MFC71ENU.DLL (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\msvcp71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\msvcr71.dll (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\rhc3hwj0evcv.exe.local (Rogue.Multiple) -> No action taken.
    C:\Program Files\rhc3hwj0evcv\Uninstall.exe (Rogue.Multiple) -> No action taken.
    C:\Documents and Settings\All Users\Start Menu\Programs\Antivirus XP 2008.lnk (Rogue.AntivirusXP) -> No action taken.
    C:\Documents and Settings\All Users\Desktop\Antivirus XP 2008.lnk (Rogue.Antivirus) -> No action taken.
    C:\WINDOWS\system32\sysrest32.exe (Trojan.Agent) -> No action taken.
    C:\WINDOWS\system32\msliksurcredo.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\msliksurdns.dll (Rootkit.Agent) -> No action taken.
    C:\WINDOWS\system32\blphc7hwj0evcv.scr (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\lphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\phc7hwj0evcv.bmp (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\pphc7hwj0evcv.exe (Trojan.FakeAlert) -> No action taken.
    C:\WINDOWS\system32\sysrest.sys (Rootkit.Agent) -> No action taken.
    C:\Documents and Settings\Tracy\Application Data\Microsoft\Internet Explorer\Quick Launch\Antivirus XP 2008.lnk (Rogue.Antivirus2008) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.tt15.tmp (Trojan.Agent) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.tt5.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.tt7.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.tt8.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.tt9.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.ttB.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.ttD.tmp (Trojan.Downloader) -> No action taken.
    C:\Documents and Settings\Tracy\Local Settings\Temp\.ttF.tmp (Trojan.Downloader) -> No action taken.
    C:\WINDOWS\system32\drivers\msliksurserv.sys (Rootkit.Agent) -> No action taken.
  2. 2008-08-21, 22:40 #2
    TTough
    TTough is offline
    Junior Member
    Join Date
    Aug 2008
    Posts
    2

    Default Any Ideas

    The computer appears to have recovered apart from the CD/DVD burner which doesnt seem to be working,dont think its registering any discs at all,going to restart,or uninstall reinstall the driver.Any ideas?


    FYI.
    Quote Originally Posted by TTough
    here's the logfiles after following instructions from previous threads.
    Please note that all instructions given are customized for that member's computer only, the tools used may cause damage if run on a computer with different infections. Your symptoms may only appear to be similar.
    "BEFORE you POST"(READ this Procedure BEFORE Requesting Assistance)
    Last edited by tashi; 2008-08-22 at 00:26. Reason: Mod: added link
« Previous Thread | Next Thread »

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules