Unsolved
This post is more than 5 years old
12 Posts
0
1149
August 10th, 2007 15:00
Amaena causing problems - please help
There are popups coming in asking me to install anti virus software. On the top I saw Amaena and looked for it on the net. FOund a ton of similar complaints and understood that you guys can help me. Need some help PLEASE, thanks.
here is my HJT file
Logfile of HijackThis v1.99.1
Scan saved at 12:36:55 PM, on 8/10/2007
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
\Feb-5fwds61\c$\PROGRA~1\Palm\HOTSYNC.EXE
C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe
C:\Program Files\INTERN~1\iexplore.exe
C:\Program Files\Microsoft Office\Office\WINWORD.EXE
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://mysearch.myway.com/jsp/dellsidebar.jsp?p=DE
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.hotmail.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O1 - Hosts: 160.3.15.84 MAILNS01
O1 - Hosts: 160.3.15.84 MAILNS01.UGC
O1 - Hosts: 160.3.15.84 MAILNS01.NET.UGC
O1 - Hosts: 160.3.15.84 MAILNS01.HOME.NET.UGC
O1 - Hosts: 160.3.15.85 MAILNS02
O1 - Hosts: 160.3.15.85 MAILNS02.UGC
O1 - Hosts: 160.3.15.85 MAILNS02.NET.UGC
O1 - Hosts: 160.3.15.85 MAILNS02.HOME.NET.UGC
O1 - Hosts: 160.3.15.77 APPNS01
O1 - Hosts: 160.3.15.77 APPNS01.UGC
O1 - Hosts: 160.3.15.77 APPNS01.NET.UGC
O1 - Hosts: 160.3.15.77 APPNS01.HOME.NET.UGC
O1 - Hosts: 160.3.15.78 APPNS02
O1 - Hosts: 160.3.15.78 APPNS02.UGC
O1 - Hosts: 160.3.15.78 APPNS02.NET.UGC
O1 - Hosts: 160.3.15.78 APPNS02.HOME.NET.UGC
O1 - Hosts: 130.10.5.113 ULSDBCI1
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {bb9bfd03-3999-4cef-bf84-c49e059552c4} - C:\WINNT\system32\C_2SSO.dll
O2 - BHO: (no name) - {f2b6b1ad-967f-4fee-957b-3f31e89b9003} - C:\WINNT\system32\C_2SSO.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SDR6_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcsdr.exe"
O4 - HKLM\..\Run: [PAS_Check] "C:\Program Files\Common Files\DriveCleaner Free\udcpas.exe"
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186165816592
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = feblo.hlgllc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = feblo.hlgllc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = feblo.hlgllc.com
O20 - AppInit_DLLs: c:\winnt\system32\awvtsst.dll
O20 - Winlogon Notify: C_2SSO - C:\WINNT\SYSTEM32\C_2SSO.dll
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)


bamajim
10.4K Posts
0
August 13th, 2007 12:00
Please download Combofix and save to your desktop:
Close any open browsers.
Double click on combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the contents of the C:\ComboFix.txt into your next reply.
Note: Do not mouseclick combofix's window whilst it's running.
That may cause the program to freeze/hang.
MRU Graduate
"The world is what you make of it"
spmad
12 Posts
0
August 13th, 2007 14:00
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.263 [GMT -4:00]
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmp11.tmp.exe
C:\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmp127A.tmp.exe
C:\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmp127C.tmp.exe
C:\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmp13.tmp.exe
C:\WINNT\system32\dnac2bf4d4.dat
((((((((((((((((((((((((( Files Created from 2007-07-13 to 2007-08-13 )))))))))))))))))))))))))))))))
2007-08-13 11:40 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_37c.dat
2007-08-13 11:37 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_5c0.dat
2007-08-13 11:37 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_5b8.dat
2007-08-13 11:37 16,384 --a----t- C:\WINNT\SYSTEM32\Perflib_Perfdata_53c.dat
2007-08-13 10:51 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-07 02:08
2007-08-07 02:07
2007-08-07 02:07
2007-08-07 02:05
2007-08-07 02:02
2007-08-06 08:13 44,032 --------- C:\WINNT\SYSTEM32\DLLCACHE\msxml3r.dll
2007-08-06 08:09 86,288 --------- C:\WINNT\SYSTEM32\DLLCACHE\srvsvc.dll
2007-08-06 08:05 2,174,976 --------- C:\WINNT\SYSTEM32\DLLCACHE\wmvcore.dll
2007-08-06 08:03 840,976 --------- C:\WINNT\SYSTEM32\DLLCACHE\mmcndmgr.dll
2007-08-03 15:10
2007-08-03 14:30 549,720 --a------ C:\WINNT\SYSTEM32\wuapi.dll
2007-08-03 14:30 43,352 --a------ C:\WINNT\SYSTEM32\wups2.dll
2007-08-03 14:30 33,624 --a------ C:\WINNT\SYSTEM32\wups.dll
2007-08-03 14:30 325,976 --a------ C:\WINNT\SYSTEM32\wucltui.dll
2007-08-03 14:30
2007-08-03 09:38 2,379,776 --ah----- C:\DOCUME~1\SOLAI~1.FEB\NTUSER.DAT
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-02 12:26
2007-08-02 12:07 58,798 --a------ C:\DOCUME~1\solai\APPLIC~1\tmp7B.tmp.exe
2007-08-01 11:46 58,798 --a------ C:\DOCUME~1\solai\APPLIC~1\tmp26.tmp.exe
2007-07-31 11:46 58,798 --a------ C:\DOCUME~1\solai\APPLIC~1\tmp19.tmp.exe
2007-07-31 10:27 499,712 --a------ C:\WINNT\SYSTEM32\msvcp71.dll
2007-07-31 10:27 1,060,864 --a------ C:\WINNT\SYSTEM32\mfc71.dll
2007-07-30 10:55 78,623 --a------ C:\DOCUME~1\solai\APPLIC~1\tmp13.tmp.exe
2007-07-30 10:55 58,798 --a------ C:\DOCUME~1\solai\APPLIC~1\tmp10.tmp.exe
2007-07-30 10:55 125,141 --a------ C:\DOCUME~1\solai\APPLIC~1\tmp11.tmp.exe
2007-07-28 10:58 93,814 --a------ C:\WINNT\SYSTEM32\C_2SSO.dll
2007-07-28 10:58 17,120 --a------ C:\WINNT\SYSTEM32\awvtsst.dll
2007-07-23 15:05
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
07-06-25 16:55 22592 --a------ C:\WINNT\system32\JHfEDA6I.exe
03-07-10 15:54 271 --ah----- C:\Program Files\DESKTOP.INI
03-07-10 15:54 21952 --ah----- C:\Program Files\FOLDER.HTT
03-06-20 09:00 32528 --a------ C:\WINNT\inf\WBFIRDMA.SYS
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
07-07-28 10:58 93814 --a------ C:\WINNT\system32\C_2SSO.dll
07-07-28 10:58 93814 --a------ C:\WINNT\system32\C_2SSO.dll
"Synchronization Manager"="mobsync.exe" [03-06-20 09:00 C:\WINNT\SYSTEM32\MOBSYNC.EXE]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [04-08-20 17:55 ]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [04-08-20 17:51 ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04-04-26 10:04 ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [04-01-07 03:01 ]
"dla"="C:\WINNT\system32\dla\tfswctrl.exe" [04-08-13 03:05 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04-02-29 17:44 ]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04-03-12 16:18 ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [04-02-12 14:38 ]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04-05-12 16:18 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-05-05 12:44 ]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [03-08-01 19:28 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [04-05-12 01:03 ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"internat.exe"=internat.exe
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE [1997-07-11 01:00:00]
Office Startup.lnk - C:\Program Files\Microsoft Office97\Office\OSA.EXE [1997-07-11 01:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-16 09:46:18]
"DisablePersonalDirChange"=1 (0x1)
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
C_2SSO.dll 07-07-28 10:58 93814 C:\WINNT\SYSTEM32\C_2SSO.dll
"appinit_dlls"=c:\winnt\system32\awvtsst.dll
@="Driver"
@="Driver"
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys
R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys
R2 BASFND;BASFND;\??\C:\WINNT\system32\Drivers\BASFND.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE
*Newly Created Service* - RASAUTO
*Newly Created Service* - SHAREDACCESS
2007-08-02 16:26:44 C:\WINNT\Tasks\AdwareAlert Scheduled Scan.job - C:\Program Files\AdwareAlert\AdwareAlert.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At1.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-13 13:00:30 C:\WINNT\Tasks\At10.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-13 14:00:30 C:\WINNT\Tasks\At11.job
2007-08-10 15:00:30 C:\WINNT\Tasks\At12.job
2007-08-10 16:00:30 C:\WINNT\Tasks\At13.job
2007-08-10 17:00:30 C:\WINNT\Tasks\At14.job
2007-08-10 18:00:30 C:\WINNT\Tasks\At15.job
2007-08-10 19:00:30 C:\WINNT\Tasks\At16.job
2007-08-10 20:00:30 C:\WINNT\Tasks\At17.job
2007-08-09 21:00:30 C:\WINNT\Tasks\At18.job
2007-08-07 22:01:08 C:\WINNT\Tasks\At19.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At2.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At20.job
2007-08-07 06:11:29 C:\WINNT\Tasks\At21.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At22.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At23.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At24.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At3.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At4.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At5.job
2007-08-07 06:11:29 C:\WINNT\Tasks\At6.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At7.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-07 06:11:29 C:\WINNT\Tasks\At8.job - C:\WINNT\system32\JHfEDA6I.exe
2007-08-13 12:01:34 C:\WINNT\Tasks\At9.job - C:\WINNT\system32\JHfEDA6I.exe
Rootkit scan 2007-08-13 11:42:47
Windows 5.0.2195 Service Pack 4 NTFS
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 07-08-13 11:43
bamajim
10.4K Posts
0
August 13th, 2007 15:00
You are most welcome.
You have a suspicious file I would like to look at
Please go HERE
Put Your Name, and Dell HJT forum
and In the file to submit box, click Browse.Using Windows Explorer
- (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate the fileIn the comments tell them that I asked you to upload the file
Then Select Send File.
MRU Graduate
"The world is what you make of it"
spmad
12 Posts
0
August 13th, 2007 17:00
bamajim
10.4K Posts
0
August 13th, 2007 20:00
Got the file. It's bad
1. Open NotePad (not wordpad). Copy and paste the following into Notepad
C:\WINNT\Tasks\AdwareAlert Scheduled Scan.job
C:\WINNT\Tasks\At1.job
C:\WINNT\Tasks\At10.job
C:\WINNT\Tasks\At11.job
C:\WINNT\Tasks\At12.job
C:\WINNT\Tasks\At13.job
C:\WINNT\Tasks\At14.job
C:\WINNT\Tasks\At15.job
C:\WINNT\Tasks\At16.job
C:\WINNT\Tasks\At17.job
C:\WINNT\Tasks\At18.job
C:\WINNT\Tasks\At19.job
C:\WINNT\Tasks\At2.job
C:\WINNT\Tasks\At20.job
C:\WINNT\Tasks\At21.job
C:\WINNT\Tasks\At22.job
C:\WINNT\Tasks\At23.job
C:\WINNT\Tasks\At24.job
C:\WINNT\Tasks\At3.job
C:\WINNT\Tasks\At4.job
C:\WINNT\Tasks\At5.job
C:\WINNT\Tasks\At6.job
C:\WINNT\Tasks\At7.job
C:\WINNT\Tasks\At8.job
C:\WINNT\Tasks\At9.job
C:\WINNT\system32\JHfEDA6I.exe
C:\WINNT\SYSTEM32\awvtsst.dll
C:\WINNT\SYSTEM32\C_2SSO.dll
C:\DOCUME~1\solai\APPLIC~1\tmp13.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp10.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp11.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp7B.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp26.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp19.tmp.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
Folder::
C:\Program Files\AdwareAlert
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb9bfd03-3999-4cef-bf84-c49e059552c4}]
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{f2b6b1ad-967f-4fee-957b-3f31e89b9003}]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\C_2SSO]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"appinit_dlls"=-
Save the File as CFScript (Just as indicated no spaces) ->> Save it to your Desktop
Using the Image as a reference, drag CFScript into ComboFix.exe
Following the same rules as indicated in my first post
Then post the contents of the C:\ComboFix.txt log in your reply
MRU Graduate
"The world is what you make of it"
spmad
12 Posts
0
August 14th, 2007 15:00
Scan saved at 12:55, on 2007-08-14
Platform: Windows 2000 SP4 (WinNT 5.00.2195)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
C:\WINNT\System32\smss.exe
C:\WINNT\system32\winlogon.exe
C:\WINNT\system32\services.exe
C:\WINNT\system32\lsass.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\spoolsv.exe
C:\WINNT\system32\basfipm.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\system32\hidserv.exe
C:\WINNT\system32\regsvc.exe
C:\WINNT\system32\MSTask.exe
C:\WINNT\system32\stisvc.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
C:\Program Files\TightVNC\WinVNC.exe
C:\WINNT\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINNT\system32\svchost.exe
C:\WINNT\Explorer.EXE
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE
C:\Program Files\Microsoft Office97\Office\OSA.EXE
C:\Program Files\WinZip\WZQKPICK.EXE
\Feb-5fwds61\c$\PROGRA~1\Palm\HOTSYNC.EXE
C:\Program Files\Common Files\System\MAPI\1033\nt\MAPISP32.EXE
C:\PROGRA~1\MICROS~2\Office\OUTLOOK.EXE
C:\Program Files\INTERN~1\iexplore.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\PROGRA~1\WINZIP\winzip32.exe
C:\Documents and Settings\solai.FEBLO_PDC\Local Settings\Temp\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
R3 - URLSearchHook: (no name) - {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINNT\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: @msdxmLC.dll,-1@1033,&Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O4 - HKLM\..\Run: [Synchronization Manager] mobsync.exe /logon
O4 - HKLM\..\Run: [IgfxTray] C:\WINNT\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINNT\system32\hkcmd.exe
O4 - HKLM\..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe"
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINNT\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\TightVNC\WinVNC.exe" -servicehelper
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Startup: HotSync Manager.lnk = Program Files\Palm\HOTSYNC.EXE
O4 - Global Startup: Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE
O4 - Global Startup: Office Startup.lnk = C:\Program Files\Microsoft Office97\Office\OSA.EXE
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O15 - Trusted IP range: 192.168.10.85
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1186165816592
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = feblo.hlgllc.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = feblo.hlgllc.com
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = feblo.hlgllc.com
O20 - Winlogon Notify: igfxcui - C:\WINNT\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINNT\system32\NavLogon.dll
O23 - Service: Broadcom ASF IP monitoring service v6.0.4 (BAsfIpM) - Broadcom Corp. - C:\WINNT\system32\basfipm.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Logical Disk Manager Administrative Service (dmadmin) - VERITAS Software Corp. - C:\WINNT\System32\dmadmin.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: OracleOraHome81ClientCache - Unknown owner - C:\oracle\ora81\BIN\ONRSD.EXE (file missing)
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: VNC Server (winvnc) - Unknown owner - C:\Program Files\TightVNC\WinVNC.exe" -service (file missing)
spmad
12 Posts
0
August 14th, 2007 15:00
bamajim
10.4K Posts
0
August 14th, 2007 15:00
MRU Graduate
"The world is what you make of it"
spmad
12 Posts
0
August 14th, 2007 15:00
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.278 [GMT -4:00]
Command switches used :: C:\Documents and Settings\solai.FEBLO_PDC\Desktop\CFScript.txt
C:\WINNT\Tasks\AdwareAlert Scheduled Scan.job
C:\WINNT\Tasks\At1.job
C:\WINNT\Tasks\At10.job
C:\WINNT\Tasks\At11.job
C:\WINNT\Tasks\At12.job
C:\WINNT\Tasks\At13.job
C:\WINNT\Tasks\At14.job
C:\WINNT\Tasks\At15.job
C:\WINNT\Tasks\At16.job
C:\WINNT\Tasks\At17.job
C:\WINNT\Tasks\At18.job
C:\WINNT\Tasks\At19.job
C:\WINNT\Tasks\At2.job
C:\WINNT\Tasks\At20.job
C:\WINNT\Tasks\At21.job
C:\WINNT\Tasks\At22.job
C:\WINNT\Tasks\At23.job
C:\WINNT\Tasks\At24.job
C:\WINNT\Tasks\At3.job
C:\WINNT\Tasks\At4.job
C:\WINNT\Tasks\At5.job
C:\WINNT\Tasks\At6.job
C:\WINNT\Tasks\At7.job
C:\WINNT\Tasks\At8.job
C:\WINNT\Tasks\At9.job
C:\WINNT\system32\JHfEDA6I.exe
C:\WINNT\SYSTEM32\awvtsst.dll
C:\WINNT\SYSTEM32\C_2SSO.dll
C:\DOCUME~1\solai\APPLIC~1\tmp13.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp10.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp11.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp7B.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp26.tmp.exe
C:\DOCUME~1\solai\APPLIC~1\tmp19.tmp.exe
C:\Program Files\AdwareAlert\AdwareAlert.exe
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
C:\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmpD5.tmp.exe
C:\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmpD7.tmp.exe
C:\WINNT\SYSTEM32\C_2SSO.dll
((((((((((((((((((((((((( Files Created from 2007-07-14 to 2007-08-14 )))))))))))))))))))))))))))))))
2007-08-13 10:51 51,200 --a------ C:\WINNT\nircmd.exe
2007-08-07 02:08
2007-08-07 02:07
2007-08-07 02:07
2007-08-07 02:05
2007-08-07 02:02
2007-08-06 08:13 44,032 --------- C:\WINNT\SYSTEM32\DLLCACHE\msxml3r.dll
2007-08-06 08:09 86,288 --------- C:\WINNT\SYSTEM32\DLLCACHE\srvsvc.dll
2007-08-06 08:05 2,174,976 --------- C:\WINNT\SYSTEM32\DLLCACHE\wmvcore.dll
2007-08-06 08:03 840,976 --------- C:\WINNT\SYSTEM32\DLLCACHE\mmcndmgr.dll
2007-08-03 15:10
2007-08-03 14:30 549,720 --a------ C:\WINNT\SYSTEM32\wuapi.dll
2007-08-03 14:30 43,352 --a------ C:\WINNT\SYSTEM32\wups2.dll
2007-08-03 14:30 33,624 --a------ C:\WINNT\SYSTEM32\wups.dll
2007-08-03 14:30 325,976 --a------ C:\WINNT\SYSTEM32\wucltui.dll
2007-08-03 14:30
2007-08-03 09:38 2,379,776 --ah----- C:\DOCUME~1\SOLAI~1.FEB\NTUSER.DAT
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-03 09:38
2007-08-02 12:26
2007-07-31 10:27 499,712 --a------ C:\WINNT\SYSTEM32\msvcp71.dll
2007-07-31 10:27 1,060,864 --a------ C:\WINNT\SYSTEM32\mfc71.dll
2007-07-23 15:05
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
03-07-10 15:54 271 --ah----- C:\Program Files\DESKTOP.INI
03-07-10 15:54 21952 --ah----- C:\Program Files\FOLDER.HTT
03-06-20 09:00 32528 --a------ C:\WINNT\inf\WBFIRDMA.SYS
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
"Synchronization Manager"="mobsync.exe" [03-06-20 09:00 C:\WINNT\SYSTEM32\MOBSYNC.EXE]
"IgfxTray"="C:\WINNT\system32\igfxtray.exe" [04-08-20 17:55 ]
"HotKeysCmds"="C:\WINNT\system32\hkcmd.exe" [04-08-20 17:51 ]
"DVDLauncher"="C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" [04-04-26 10:04 ]
"UpdateManager"="C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" [04-01-07 03:01 ]
"dla"="C:\WINNT\system32\dla\tfswctrl.exe" [04-08-13 03:05 ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [04-02-29 17:44 ]
"vptray"="C:\PROGRA~1\SYMANT~1\VPTray.exe" [04-03-12 16:18 ]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [04-02-12 14:38 ]
"HP Component Manager"="C:\Program Files\HP\hpcoretech\hpcmpmgr.exe" [04-05-12 16:18 ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [05-05-05 12:44 ]
"WinVNC"="C:\Program Files\TightVNC\WinVNC.exe" [03-08-01 19:28 ]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [04-05-12 01:03 ]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" []
"^SetupICWDesktop"=C:\Program Files\Internet Explorer\Connection Wizard\icwconn1.exe /desktop
"internat.exe"=internat.exe
HotSync Manager.lnk - \\Feb-5fwds61\c$\PROGRA~1\Palm\HOTSYNC.EXE [2003-03-07 18:46:14]
Microsoft Find Fast.lnk - C:\Program Files\Microsoft Office97\Office\FINDFAST.EXE [1997-07-11 01:00:00]
Office Startup.lnk - C:\Program Files\Microsoft Office97\Office\OSA.EXE [1997-07-11 01:00:00]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2005-02-16 09:46:18]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]
@="Driver"
@="Driver"
R0 Fd16_700;Fd16_700;C:\WINNT\system32\DRIVERS\fd16_700.sys
R0 mraid2k;mraid2k;C:\WINNT\system32\DRIVERS\mraid2k.sys
R2 BASFND;BASFND;\??\C:\WINNT\system32\Drivers\BASFND.sys
R3 usbhub20;USB 2.0 Root Hub Support;C:\WINNT\system32\DRIVERS\usbhub20.sys
S3 EL90BC;3Com EtherLink XL B/C Adapter Driver;C:\WINNT\system32\DRIVERS\el90xbc5.sys
S3 OracleOraHome81ClientCache;OracleOraHome81ClientCache;C:\oracle\ora81\BIN\ONRSD.EXE
**************************************************************************
Rootkit scan 2007-08-14 11:55:58
Windows 5.0.2195 Service Pack 4 NTFS
hidden files: 0
C:\ComboFix-quarantined-files.txt ... 07-08-14 11:57
C:\ComboFix2.txt ... 07-08-13 11:43
bamajim
10.4K Posts
0
August 14th, 2007 17:00
Thank you for the compliment
1. Rerun Hijackthis ( scan only) and place checks beside the following entries
O16 - DPF: {2D2BEE6E-3C9A-4D58-B9EC-458EDB28D0F6} - http://www.drivecleaner.com/.freeware/installdrivecleanerstart.cab
Close all other open windows except Hijackthis and Select " Fix checked"
Close Hijackthis and reboot your PC
2. *NOTE* CCleaner deletes EVERYTHING out of temp/temporary folders. If you have anything in a temp folder, back it up or move it to a permanent folder prior to running CCleaner!
Download CCleaner from here to clean temp files from your computer.
3. Run an online virus scan called Kaspersky from HERE.
2. A new smaller window will pop up. Press on " Accept". After reading the contents.
3. Now Kaspersky will update the anti-virus database. Let it run.
4. Click on " Next"->>" Scan Settings", and make sure the database is set to " extended". And check both the scan options. Then click OK.
5. Then click on " My Computer". And the scan will start.
6. Once finished, save a log as ". txt" to the desktop.
Copy and post the results of the Kaspersky Online scan
MRU Graduate
"The world is what you make of it"
spmad
12 Posts
0
August 15th, 2007 11:00
KASPERSKY ONLINE SCANNER REPORT
2007-08-15 08:31
Operating System: Microsoft Windows 2000 Professional, Service Pack 4 (Build 2195)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 14/08/2007
Kaspersky Anti-Virus database records: 381197
-------------------------------------------------------------------------------
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
A:\
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
L:\
M:\
N:\
T:\
Total number of scanned objects: 102900
Number of viruses found: 14
Number of infected objects: 42
Number of suspicious objects: 0
Duration of the scan process: 01:46:50
C:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04100000.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04100001.VBN Infected: Exploit.HTML.Mht skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04140000.VBN Infected: Virus.Win32.Delf.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04140001.VBN Infected: Virus.Win32.Delf.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04200000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04280001.VBN Infected: Virus.Win32.Delf.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04280002.VBN Infected: Virus.Win32.Delf.an skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\04480000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\06600000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.kw skipped
C:\Documents and Settings\solai\Local Settings\Temporary Internet Files\Content.IE5\FCSS5D3E\installdrivecleanerstart_tbn[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\Documents and Settings\solai\Local Settings\Temporary Internet Files\Content.IE5\S1UVSPU7\dedamisha[1] Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\solai\Local Settings\Temporary Internet Files\Content.IE5\S1UVSPU7\installdrivecleanerstart[1].cab/UDC6_0001_D19M1908NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\Documents and Settings\solai\Local Settings\Temporary Internet Files\Content.IE5\S1UVSPU7\installdrivecleanerstart[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\solai\Local Settings\Temporary Internet Files\Content.IE5\SPQFKLEV\dedamisha[1] Infected: Trojan.Win32.Agent.aoy skipped
C:\Documents and Settings\solai\Local Settings\Temporary Internet Files\Content.IE5\UBGRQVU9\ErrorSafeNewReleaseInstall[1].cab/UERS_9999_N91S2507NetInstaller.exe Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\Documents and Settings\solai\Local Settings\Temporary Internet Files\Content.IE5\UBGRQVU9\ErrorSafeNewReleaseInstall[1].cab CAB: infected - 1 skipped
C:\Documents and Settings\solai.FEBLO_PDC\Cookies\INDEX.DAT Object is locked skipped
C:\Documents and Settings\solai.FEBLO_PDC\Desktop\[4]-Submit_Tue 2007-08-14_115039.27.zip/C_2SSO.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ke skipped
C:\Documents and Settings\solai.FEBLO_PDC\Desktop\[4]-Submit_Tue 2007-08-14_115039.27.zip ZIP: infected - 1 skipped
C:\Documents and Settings\solai.FEBLO_PDC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\solai.FEBLO_PDC\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\solai.FEBLO_PDC\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\solai.FEBLO_PDC\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\solai.FEBLO_PDC\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\solai.FEBLO_PDC\ntuser.dat.LOG Object is locked skipped
C:\Program Files\HP\hpcoretech\hpcmerr.log Object is locked skipped
C:\Program Files\Symantec AntiVirus\VPTray.exe Infected: Trojan.Win32.Patched.af skipped
C:\Program Files\TightVNC\VNCHooks.dll Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
C:\Program Files\TightVNC\WinVNC.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
C:\QooBox\Quarantine\C\DOCUME~1\solai\APPLIC~1\tmp10.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\DOCUME~1\solai\APPLIC~1\tmp19.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\DOCUME~1\solai\APPLIC~1\tmp26.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\DOCUME~1\solai\APPLIC~1\tmp7B.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmp2BD.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmp8.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmpB3.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\DOCUME~1\SOLAI~1.FEB\APPLIC~1\tmpD4.tmp.exe.vir Infected: Trojan.Win32.Agent.aoy skipped
C:\QooBox\Quarantine\C\WINNT\DOWNLO~1\UDC6_0001_D19M1908NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.m skipped
C:\QooBox\Quarantine\C\WINNT\DOWNLO~1\UERS_9999_N91S2507NetInstaller.exe.vir Infected: not-a-virus:Downloader.Win32.WinFixer.o skipped
C:\QooBox\Quarantine\C\WINNT\SYSTEM32\awvtsqo.dll.vir Infected: Trojan-Downloader.Win32.ConHook.bg skipped
C:\QooBox\Quarantine\C\WINNT\SYSTEM32\JHfEDA6I.exe.vir Infected: Trojan-Downloader.Win32.Firu.b skipped
C:\QooBox\Quarantine\C\WINNT\WebAssist.dll.vir Infected: not-a-virus:AdWare.Win32.BHO.cz skipped
C:\QooBox\Quarantine\C\WINNT\xhelper.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.db skipped
C:\QooBox\Quarantine\C\WINNT\xmlhelper2.dll.vir Infected: not-a-virus:AdWare.Win32.Agent.db skipped
C:\WINNT\CSC\00000001 Object is locked skipped
C:\WINNT\CSC\00000002 Object is locked skipped
C:\WINNT\CSC\00000003 Object is locked skipped
C:\WINNT\CSC\D2\00000011 Object is locked skipped
C:\WINNT\Debug\ipsecpa.log Object is locked skipped
C:\WINNT\Debug\Netlogon.log Object is locked skipped
C:\WINNT\Debug\oakley.log Object is locked skipped
C:\WINNT\Debug\PASSWD.LOG Object is locked skipped
C:\WINNT\SchedLgU.Txt Object is locked skipped
C:\WINNT\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINNT\Sti_Trace.log Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\DEFAULT Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SAM Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SECURITY Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SYSTEM Object is locked skipped
C:\WINNT\SYSTEM32\CONFIG\SYSTEM.ALT Object is locked skipped
C:\WINNT\SYSTEM32\dla\tfswctrl.exe Infected: Trojan.Win32.Patched.af skipped
C:\WINNT\SYSTEM32\hkcmd.exe Infected: Trojan.Win32.Patched.af skipped
C:\WINNT\SYSTEM32\igfxtray.exe Infected: Trojan.Win32.Patched.af skipped
C:\WINNT\SYSTEM32\Perflib_Perfdata_504.dat Object is locked skipped
C:\WINNT\SYSTEM32\Perflib_Perfdata_568.dat Object is locked skipped
C:\WINNT\SYSTEM32\Perflib_Perfdata_588.dat Object is locked skipped
C:\WINNT\WindowsUpdate.log Object is locked skipped
T:\ASN Folder\GM ASNS (Inbounds).xls Object is locked skipped
T:\DIRECT SHIP FILES\LTL\OTTW 08-14.xls Object is locked skipped
T:\DIRECT SHIP FILES\LTL\PROD\FEBLIV1150466 08-14.xls Object is locked skipped
T:\software\tightvnc-1.2.9-setup.exe/data0002 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.h skipped
T:\software\tightvnc-1.2.9-setup.exe/data0003 Infected: not-a-virus:RemoteAdmin.Win32.WinVNC-based.b skipped
T:\software\tightvnc-1.2.9-setup.exe Inno: infected - 2 skipped
bamajim
10.4K Posts
0
August 15th, 2007 13:00
We have a few things to do.
1. Please download the Killbox.
- 1)Save it to the desktop
2. Empty Norton Quarantine folder2) Rt Click->>Extract all->.Extract it to your Desktop
3) Double Click Killbox.exe to run it
4)At the main window Select Tools ->> Delete Temp Files
5)At the next window uncheck XP Prefetch
Leave the other boxes checked
6)Select " Delete Selected Temp Files"
Allow the tool to run. When it is finished (You will know that it is finished because the checks will disappear from the location boxes)
Select " Exit"
Then Select " Exit" again to close Killbox
If you use Norton AntiVirus 2006
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet
Security, then start that program and click Norton AntiVirus.
2 In the left pane, click Reports.
3 Click View Norton Quarantined and Restore.
4 In the left pane, select the type of risk that you want to remove.
5 In the right pane, select the files that you want to remove.
6 Click Delete Item.
7 When you see the message "Warning! Are you sure that you want to remove this
item from Quarantine," click Yes.
8 Close the Quarantine window, and then exit Norton AntiVirus.
If you use Norton AntiVirus 2005
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet
Security, then start that program and click Norton AntiVirus.
2 In the left pane, click Reports.
3 Click View Quarantined Items.
4 In the right pane, select the files that you want to remove.
5 Click Delete Item.
6 When you see the message "Warning! Are you sure that you want to remove this
item from Quarantine," click Yes.
7 Close the Quarantine window, and then exit Norton AntiVirus.
If you use Norton AntiVirus 2004/2003
If Norton AntiVirus is installed as part of Norton SystemWorks or Norton Internet
Security, then start that program and click Norton AntiVirus.
2 In the left pane, click Reports.
3 In the right pane, click View Report to the right of Quarantined Items.
4 In the right pane, select the files that you want to remove.
5 Click Delete Item.
6 When you see the message "Warning! Are you sure that you want to remove this
item from Quarantine," click Yes.
7 Close the Quarantine window, and then exit Norton AntiVirus.
3. Using Windows Explorer
- (Right click on "Start," select "Explore," and you will see the "tree' of file folders in the left side of the window. Click on the "+" next to any folder name to expand its contents)
Locate this folder and Delete it4. You have some files on your PC that have been damaged by the infection, do you have a copy of the Windows OS (operating System) disk?
MRU Graduate
"The world is what you make of it"
spmad
12 Posts
0
August 15th, 2007 17:00
bamajim
10.4K Posts
0
August 15th, 2007 17:00
MRU Graduate
"The world is what you make of it"
spmad
12 Posts
0
August 16th, 2007 15:00