Post by: skategoodtimes on October 31, 2005, 12:38:59 AM
Logfile of HijackThis v1.99.1
Scan saved at 11:37:53 PM, on 10/30/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\hmfosiw.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\mssearchnet.exe
C:\Program Files\AIM\aim.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\Explorer.EXE
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com (http://\"http://google.com\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/ (http://\"http://skateperception.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://skateperception.com (http://\"http://skateperception.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://google.com (http://\"http://google.com\")
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.com (http://\"http://google.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/ (http://\"http://skateperception.com/\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\nutvga.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [rundll32] C:\Documents and Settings\Aaron\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125824763578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125824763578\")
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O20 - Winlogon Notify: nutvga - C:\WINDOWS\ServicePackFiles\nutvga.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hmfosiw.exe
Post by: Guest on October 31, 2005, 10:00:25 AM
/rolleyes.gif\' class=\'bbc_emoticon\' alt=\':rolleyes:\' />
Post by: skategoodtimes on October 31, 2005, 09:59:21 PM
Post by: guestolo on November 01, 2005, 01:05:06 AM
We're going to work on a couple infections you have then try and get the rest
Please print out all these instructions or save to a text file on your desktop for reference
Please download [color=\"red\"]VundoFix.exe[/color] (http://\"http://www.atribune.org/downloads/VundoFix.exe\")[/url] to your desktop.
- *Double-click
*This will create a VundoFix folder on your desktop.
==Download smitRem.exe (http://\"http://noahdfear.geekstogo.com/click%20counter/click.php?id=1\") and save the file to your desktop.
Double click on the file to extract it to it's own folder on the desktop.
Access your add/remove programs and remove if found
Windows Overlay Components
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\") without networking
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link
I supplied for a more detailed explanation
*Once in safe mode
==Open the SmitRem folder, then double click the RunThis.bat file to start the tool. Follow the prompts on screen.
Wait for the tool to complete and disk cleanup to finish.
Open the VundoFix folder and doubleclick on KillVundo.bat
- You will first be presented with a warning.
It should look like this
Quote
[color=\"blue\"]VundoFix V2.15 by Atri
By using VundoFix you agree that you are doing so at your own risk
Press enter to continue....
[/color]
* At this point press enter one time.
* Next you will see:
Quote
[color=\"blue\"]Please Type in the filepath as instructed by the forum staff
and then press enter:[/color]
*At this point please type the following file path (make sure to enter it exactly as below!):
*Press [color=\"red\"]Enter[/color] to continue with the fix.
*Next you will see:
Quote
[color=\"blue\"]Please type in the second filepath as instructed by the forum*At this point please type the following file path (make sure to enter it exactly as below!):
staff then press enter: [/color]
C:\WINDOWS\ServicePackFiles\agvtun.*
[/list]
- Press [color=\"red\"]Enter[/color] to continue with the fix.
*The fix will run then HijackThis will open, if it does not open automatically please open it manually.
*In HiJackThis, please place a check next to the following items and click FIX CHECKED:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\nutvga.dll
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O4 - HKLM\..\Run: [P.S.Guard] C:\Program Files\P.S.Guard\PSGuard.exe
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [rundll32] C:\Documents and Settings\Aaron\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O20 - Winlogon Notify: nutvga - C:\WINDOWS\ServicePackFiles\nutvga.dll
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hmfosiw.exe
*Press enter to exit the program then manually reboot your computer.
Back in Windows
Then, please run this online virus scan: [color=\"red\"]ActiveScan[/color] (http://\"http://www.pandasoftware.com/products/activescan.htm\")[/url]
Once loaded, choose to Scan "Local Disks"
Once the scan is complete
Save a report of what was found and fixed to desktop
Copy the results of the ActiveScan and paste them here along with a new HijackThis log and the vundofix.txt file from the vundofix folder into this topic.r
and the log from SmitRem, located here>>C:\Smitrem.txt
Post by: skategoodtimes on November 01, 2005, 08:27:21 AM
Post by: skategoodtimes on November 01, 2005, 06:05:50 PM
Post by: skategoodtimes on November 02, 2005, 10:23:31 AM
Post by: skategoodtimes on November 02, 2005, 06:33:41 PM
Post by: skategoodtimes on November 02, 2005, 08:04:26 PM
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: msconfd.dll)
Error #5 - Invalid procedure call or argument
Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
Here is the rest of the stuff though.
NEW HIJACKTHIS LOG
Logfile of HijackThis v1.99.1
Scan saved at 6:51:37 PM, on 11/2/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\hmfosiw.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/ (http://\"http://skateperception.com/\")
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://skateperception.com (http://\"http://skateperception.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/ (http://\"http://skateperception.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\nutvga.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\System32\mstaskm.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [MsSystem] c:\msdos.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [Microsoft Helper Service] C:\WINDOWS\System32\mstaskm.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [loader] C:\WINDOWS\loader.exe
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125824763578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125824763578\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O20 - Winlogon Notify: nutvga - C:\WINDOWS\ServicePackFiles\nutvga.dll (file missing)
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hmfosiw.exe
ACTIVE SCAN REPORT
Incident Status Location
Adware:adware/securityerror No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Center.url
Adware:adware/gator No disinfected C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GStartup.lnk
Possible Virus. No disinfected C:\Program Files\2Wire\sy_apps\dllupdate.exe
Adware:Adware/CommAd No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\423FE045-27B3-4FD7-BCFE-746203\5016609A-178E-4305-82AE-567D22
Adware:Adware/Aurora No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\4C5DF0F9-3E01-4700-84CA-210DE0\78A4A0F7-F51B-44B4-932A-F1406A
Spyware:Spyware/SafeSurf No disinfected C:\Program Files\Microsoft AntiSpyware\Quarantine\A6E6A86B-F2A6-47E2-8F90-E5F5AF\71B02B18-95F4-448C-9194-C5299D
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP693\A0272263.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP693\A0272297.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0273297.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0274297.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP696\A0274461.dll
Adware:Adware/KoolBar No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274624.exe
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274634.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274644.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP698\A0274719.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274755.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274802.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP701\A0274907.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP702\A0275091.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP703\A0275135.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275281.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275295.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275315.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275338.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275350.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275370.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275442.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275540.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275554.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275596.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP709\A0275666.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275805.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275822.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP714\A0275929.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP715\A0275981.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP716\A0276032.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276136.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276191.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276263.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276344.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276439.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276490.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276530.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276557.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276593.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276657.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276875.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0276901.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277899.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277918.dll
Virus:Trojan Horse Disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277928.ini
Adware:Adware/Tubby No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277934.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277945.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277981.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP728\A0278044.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278111.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278292.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278310.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278334.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278369.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278401.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP732\A0278478.dll
Adware:Adware/Aurora No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP735\A0278517.dll
Adware:Adware/SaveNow No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP779\A0287758.exe
Adware:Adware/SaveNow No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP780\A0287932.exe
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0288010.tlb
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289010.tlb
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289021.tlb
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289034.tlb
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289045.tlb
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0289054.tlb
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289079.exe
Adware:Adware/SecurityError No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289080.tlb
Spyware:Spyware/Virtumonde No disinfected C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291768.dll
Virus:Trj/Ldpinch.JD Disinfected C:\WINDOWS\assest.dll
Adware:Adware/Aurora No disinfected C:\WINDOWS\jaaste.dll
Possible Virus. No disinfected C:\WINDOWS\load.exe
Virus:Trj/Downloader.BVH Disinfected C:\WINDOWS\loadk32.exe
Adware:Adware/ISearch No disinfected C:\WINDOWS\MTE3MTU6ODoxNg.exe
Adware:Adware/CommAd No disinfected C:\WINDOWS\QWFyb24A\asappsrv.dll
Dialer:Dialer.CAL No disinfected C:\WINDOWS\sasent.dll
Dialer:Dialer.CAL No disinfected C:\WINDOWS\sasetup.dll
Adware:adware/secure32 No disinfected C:\WINDOWS\secure32.html
Possible Virus. No disinfected C:\WINDOWS\SYSTEM32\msconfd.dll
Adware:Adware/BigTrafficNet No disinfected C:\WINDOWS\SYSTEM32\nss9.dll
Virus:Trj/Agent.AJK Disinfected C:\WINDOWS\SYSTEM32\pmkhg.dll
Dialer:Dialer.TY No disinfected C:\WINDOWS\winmodem.exe
VUNDOFIX TXT FILE
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------
Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------
killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt
--------------------------------------------------------------------------------------
Filepaths entered
--------------------------------------------------------------------------------------
The filepath entered was C:\WINDOWS\ServicePackFiles\nutvga.dll
The second filepath entered was C:\WINDOWS\ServicePackFiles\agvtun
--------------------------------------------------------------------------------------
Log from Process
--------------------------------------------------------------------------------------
Killing PID 196 'smss.exe'
Error, Cannot find a process with an image name of explorer.exe
Killing PID 268 'winlogon.exe'
Killing PID 268 'winlogon.exe'
--------------------------------------------------------------------------------------
C:\WINDOWS\ServicePackFiles\nutvga.dll Deleted sucessfully.
C:\WINDOWS\ServicePackFiles\agvtun Deleted sucessfully.
Fixing Registry
--------------------------------------------------------------------------------------
SMITREM
smitRem © log file
version 2.7
by noahdfear
The current date is: Wed 11/02/2005
The current time is: 16:41:08.96
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
checking for ShudderLTD key
ShudderLTD key not present!
checking for PSGuard.com key
PSGuard.com key present!
Running LTDFix/PSGuard.com fix!
PSGuard.com key was successfully removed!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' />~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Existing Pre-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
PSGuard.com
~~~ Favorites ~~~
~~~ system32 folder ~~~
msvol.tlb
mssearchnet.exe
ncompat.tlb
nvctrl.exe
mscornet.exe
oleext.dll
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Remaining Post-run Files
~~~ Program Files ~~~
~~~ Shortcuts ~~~
~~~ Favorites ~~~
~~~ system32 folder ~~~
oleext.dll
~~~ Icons in System32 ~~~
~~~ Windows directory ~~~
~~~ Drive root ~~~
~~~ Miscellaneous Files/folders ~~~
~~~ Wininet.dll ~~~
wininet.dll INFECTED!!
/sad.gif\' class=\'bbc_emoticon\' alt=\':(\' /> Starting replacement procedure.~~~~ Looking for C:\WINDOWS\system32\dllcache\wininet.dll ~~~~
~~~~ C:\WINDOWS\system32\dllcache\wininet.dll Present! ~~~~
~~~~ Checking dllcache\wininet.dll for infection ~~~~
~~~~ dllcache\wininet.dll Clean! ~~~~
~~~ Replaced wininet.dll from dllcache ~~~
~~~ Upon reboot ~~~
wininet.old present!
oleadm.dll not present!
oleext.dll present!
~~~ Upon completion ~~~
wininet.old not present!
oleadm.dll not present!
oleext.dll not present!
~~~~ Rechecking C:\WINDOWS\system32\wininet.dll for infection ~~~~
~~~~ C:\WINDOWS\system32\wininet.dll Clean!
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> ~~~~
Post by: guestolo on November 02, 2005, 09:58:27 PM
Download and InstallAd-Aware SE Personal 1.06 (http://\"ftp://ftp.download.com/pub/win95/utilities/aawsepersonal.exe\")
In the event you have an older version of Ad-Aware, allow this version to remove the older version
Open Ad-Aware, ensure to click the check for updates now link and Connect to download the latest updates
Don't run a scan yet
Download and save too desktop the Standalone version of CWShredder (http://\"http://www.trendmicro.com/ftp/products/online-tools/cwshredder.exe\")
Next: Download and save to desktop
Stinger.exe (http://\"http://download.nai.com/products/mcafee-avert/s_t_i_n_g_e_r.exe\") from McAfee's
Don't run this yet
Print the rest of these instructions or save to notepad for reference
Close Down all Browsers, including this one
Access your add/remove programs and remove
Windows Overlay Components
Gator
KeenValue
P2PNetworking
Run CWShredder.exe and click the FIX button
Let it fix whatever it finds
Reboot in SAFE MODE
In safe mode, run STINGER.exe
and click the "Scan Now" button
Let this finish, it will scan your hard drive
When it's done
Run CWShredder.exe again
In safe mode
Set Windows To Show Hidden Files and Folders
* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Uncheck the Hide Extensions for known file types
* Click Yes to confirm.
* Click OK.
In the Event "Windows Overlay Components" was not found in Add/Remove programs
Go to START>>>RUN>>>type in services.msc
Hit OK
In the next window, look on the right hand side for this service
name---- Windows Overlay Components
Double click on it--- STOP the service--If running
In the drop down menu, change the startup type to Disabled
Find and delete the following files or folders if found
C:\WINDOWS\System32\svcinit.exe <-file
C:\WINDOWS\System32\mstaskm.exe <-file
C:\WINDOWS\SYSTEM32\msconfd.dll <-file
C:\WINDOWS\SYSTEM32\nss9.dll <-file
C:\WINDOWS\jaaste.dll <-file
C:\WINDOWS\load.exe <-file
C:\WINDOWS\MTE3MTU6ODoxNg.exe <-file
C:\WINDOWS\sasent.dll <-file
C:\WINDOWS\sasetup.dll <-file
C:\WINDOWS\secure32.html <-file
C:\WINDOWS\hmfosiw.exe <-file
C:\windows\rundll32.exe <-file, DON'T touch rundll32.exe in your System32 folder
C:\WINDOWS\iedll.exe <-file
c:\msdos.exe <-file
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Online Security Center.url <-file
C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\GStartup.lnk <-file
C:\WINDOWS\QWFyb24A <-folder
C:\Program Files\Common Files\CMEII <-folder
C:\Program Files\Common Files\GMT <-folder
C:\Program Files\Common files\updater <-folder
Try and run Hijackthis again
Do another scan with Hijackthis and put a check next to these entries:
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchAssistant = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,SearchURL = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://skateperception.com (http://\"http://skateperception.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/ (http://\"http://skateperception.com/\")
F2 - REG:system.ini: UserInit=C:\WINDOWS\System32\userinit.exe,C:\WINDOWS\System32\svcinit.exe
O2 - BHO: MSEvents Object - {827DC836-DD9F-4A68-A602-5812EB50A834} - C:\WINDOWS\ServicePackFiles\nutvga.dll (file missing)
O3 - Toolbar: REALBAR - {4E7BD74F-2B8D-469E-C0FF-FD60B590A87D} - C:\PROGRA~1\COMMON~1\Real\Toolbar\realbar.dll (file missing)
O4 - HKLM\..\Run: [XoftSpy] C:\Program Files\XoftSpy\XoftSpy.exe -s
O4 - HKLM\..\Run: [windows auto update] msblast.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [updater] C:\Program Files\Common files\updater\wupdater.exe
O4 - HKLM\..\Run: [QD FastAndSafe] C:\WINDOWS\System32\mstaskm.exe
O4 - HKLM\..\Run: [P2P Networking] C:\WINDOWS\System32\P2P Networking\P2P Networking.exe /AUTOSTART
O4 - HKLM\..\Run: [Online Service] C:\WINDOWS\SYSTEM32\DLLCACHE\svchost.exe
O4 - HKLM\..\Run: [MsSystem] c:\msdos.exe
O4 - HKLM\..\Run: [Microsoft Helper Service] C:\WINDOWS\System32\mstaskm.exe
O4 - HKLM\..\Run: [CMESys] "C:\Program Files\Common Files\CMEII\CMESys.exe"
O4 - HKLM\..\RunServices: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - HKCU\..\Run: [loader] C:\WINDOWS\loader.exe
O4 - HKCU\..\Run: [iedll] C:\WINDOWS\iedll.exe
O4 - Global Startup: GStartup.lnk = C:\Program Files\Common Files\GMT\GMT.exe
O9 - Extra button: WeatherBug - {AF6CABAB-61F9-4f12-A198-B7D41EF1CB52} - C:\Program Files\AWS\WeatherBug\Weather.exe (file missing) (HKCU)
O19 - User stylesheet: (file missing)
O20 - AppInit_DLLs: msconfd.dll
O20 - Winlogon Notify: nutvga - C:\WINDOWS\ServicePackFiles\nutvga.dll (file missing)
O23 - Service: Windows Overlay Components - Unknown owner - C:\WINDOWS\hmfosiw.exe
After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
NOTE: If you have problems running Hijackthis again, try one more time but omit this entry
O20 - AppInit_DLLs: msconfd.dll
Open Ad-Aware
Click START
Click the radio button to Perform a Full system scan then click NEXT
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button
RESTART your computer back to Normal mode
Post back a fresh Hijackthis log
Post by: skategoodtimes on November 03, 2005, 01:04:56 AM
Logfile of HijackThis v1.99.1
Scan saved at 12:03:46 AM, on 11/3/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\AIM\aim.exe
C:\WINDOWS\system32\wuauclt.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/ (http://\"http://skateperception.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125824763578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125824763578\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O20 - AppInit_DLLs: msconfd.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Post by: guestolo on November 03, 2005, 11:29:00 PM
===Open Notepad (START>>>RUN>>>type in notepad)
Hit OK
Copy the contents of the CODE box to notepad, not including the word "code"
In Notepad click FILE>>SAVE AS
IMPORTANT>>>Change the Save as Type to All Files.
Name the file as fix.reg
Save this file on the desktop, well need this later, don't run it yet
Code: [Select]
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""==Download and Install this small program
to help clean your temp folders,cookies, etc...
Windows Cleanup! 4.0 (http://\"http://downloads.stevengould.org/cleanup/CleanUp40.exe\")
==Download and then Install
Ewido Security Suite (http://\"http://download.ewido.net/ewido-setup.exe\")
When installing, under "Additional Options" Uncheck "Install background guard" and "Install scan via context menu".
When you run ewido for the first time, IF you get a warning "Database could not be found!". Click OK. We'll fix that next
From the main ewido screen, click on Update in the left menu, then click the Start update button.
After the update finishes (the status bar at the bottom will display "Update successful")
Close out Ewido for now, we'll need it later
If for some reason the Updater won't work can you manually download the
Updates from this link after you have Ewido installed
http://www.ewido.net/en/download/updates/ (http://\"http://www.ewido.net/en/download/updates/\")
Please Print this out or save these instructions to a Notepad file and save it to your Desktop
Do another scan with Hijackthis and put a check next to these entries:
O4 - HKCU\..\Run: [rundll32] C:\windows\rundll32.exe
O4 - HKCU\..\Run: [Microsoft Windows DLL Services Configuration] windir32.exe
After you have ticked the above entries, close All other open windows, including this one
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis
RESTART your Computer in SAFE MODE (http://\"http://service1.symantec.com/SUPPORT/tsgeninfo.nsf/docid/2001060608000039?OpenDocument&ExpandSection=4#_Section4\")
You can do this by tapping the F8 key as the system is restarting, just before Windows loads, or use the link I supplied for a more detailed explanation
==Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
Set the program up as follows:
Click "Options..."
Move the arrow down to "Custom CleanUp!"
Put a check next to the following (Make sure nothing else is checked!):
* Empty Recycle Bins
* Delete Cookies
* Delete Prefetch files
* Cleanup! All Users
Click OK
Close down your browser window
Press the CleanUp! button to start the program.
When it's done, decline to log off or restart the computer
==Open Ewido Security Suite
Click on the Scanner button on the left menu
Select Complete System Scan
*If Ewido finds something it will prompt you with "Infected Object found"
Ensure the following are Selected
*1. Perform Action = Remove
*2. Create Encrypted Backup in Quarantine (Recommended)
*3. Perform action with all infections
Then click OK
When Ewido has finished it's scan click the "Save Report" button
Save the report to desktop
Exit Ewido
Double click on fix.reg and allow to merge to the registry
Restart back to Normal mode
Back in Windows
Post a fresh hijackthis log and the report from Ewidos
Post by: skategoodtimes on November 04, 2005, 02:01:43 AM
Scan saved at 1:00:12 AM, on 11/4/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe
C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Dell AIO Printer A940\dlbabmon.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
http://skateperception.com/ (http://\"http://skateperception.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE
C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common
Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe"
startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer
A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec
Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator
5\DirectCD\DirectCD.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common
Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat
7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program
Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program
Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) -
http://update.microsoft.com/microsoftupdat.../muweb_site.cab (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab\")?
1125824763578
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -
http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O20 - AppInit_DLLs: msconfd.dll
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd -
C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program
Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation -
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. -
C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc.
- C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. -
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network
Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:\WINDOWS\System32\nvsvc32.exe
---------------------------------------------------------
ewido security suite - Scan report
---------------------------------------------------------
+ Created on: 12:53:02 AM, 11/4/2005
+ Report-Checksum: 5093A8C2
+ Scan result:
HKLM\SOFTWARE\Classes\CLSID\{2B96D5CC-C5B5-49A5-A69D-CC0A30F9028C} -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4}\Control\\CI -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{9F95F736-0F62-4214-A4B4-CAA6738D4C07} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\CLSID\{CF021F40-3E14-23A5-CBA2-7173706D1316} -> Spyware.MakeMeSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{C285D18D-43A2-4AEF-83FB-BF280E660A97} -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CF021F3F-3E14-23A5-CBA2-7173706D1316} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{CF021F3F-3E14-23A5-CBA2-7173706D1316}\TypeLib\\ -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\Interface\{D6188A7D-376C-4970-91AD-675BFCF3762E}\TypeLib\\ -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MiniBugTransporter.MiniBugTransporterX.1\CLSID\\ -> Spyware.MiniBug : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CLSID -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents\CurVer -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\MSEvents.MSEvents.1 -> Spyware.VirtuMonde : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\RunMSC.Loader.1\CLSID\\ -> Spyware.SaveNow : Cleaned with backup
HKLM\SOFTWARE\Classes\SPM1316.SPM1316 -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SPM1316.SPM1316\CurVer -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SPM1316.SPM1316.1 -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\SPM1316.SPM1316.1\CLSID\\ -> Spyware.MakeMeSearch : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{8EA362BD-39CB-40F5-9226-73CD40999095} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Classes\TypeLib\{CF021F32-3E14-23A5-CBA2-7173706D1316} -> Spyware.CoolWebSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\ins -> Spyware.WebRebates : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/version.txt\\.Owner -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\C:/WINDOWS/System32/version.txt\\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
HKLM\SOFTWARE\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
HKLM\SOFTWARE\Need2Find\bar\Partner -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CF021F40-3E14-23A5-CBA2-7173706D1316} -> Spyware.MakeMeSearch : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1C78AB3F-A857-482E-80C0-3A1E5238A565} -> Spyware.iSearch : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0519A9C9-064A-4CBC-BC47-D0EACD581477} -> Spyware.Icoo : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{38D4D5D0-423E-4220-B6F9-30918C2AE4A4} -> Spyware.BetterInternet : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{465A59EC-20E5-4FCA-A38A-E5EC3C480218} -> Spyware.Icoo : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CF021F40-3E14-23A5-CBA2-7173706D1316} -> Spyware.MakeMeSearch : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Need2Find -> Spyware.Need2Find : Cleaned with backup
HKU\S-1-5-21-527237240-879983540-839522115-1003\Software\Need2Find\bar -> Spyware.Need2Find : Cleaned with backup
[268] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Cleaned with backup
[312] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
[324] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
[476] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
[540] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
[588] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
[792] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
[1060] C:\WINDOWS\system32\msconfd.dll -> Spyware.Hijacker.Generic : Error during cleaning
:mozilla.6:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.7:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.8:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Pointroll : Cleaned with backup
:mozilla.17:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.18:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.19:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Casalemedia : Cleaned with backup
:mozilla.91:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Tradedoubler : Cleaned with backup
:mozilla.92:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.93:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.94:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.95:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.96:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Trafficmp : Cleaned with backup
:mozilla.98:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.99:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.100:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Adserver : Cleaned with backup
:mozilla.102:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.103:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.104:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.105:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
:mozilla.106:C:\Documents and Settings\Aaron\Application Data\Phoenix\Profiles\default\agpc3ldc.slt\cookies.txt -> Spyware.Cookie.Yieldmanager : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\423FE045-27B3-4FD7-BCFE-746203\5016609A-178E-4305-82AE-567D22 -> Adware.CommAd : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\4C5DF0F9-3E01-4700-84CA-210DE0\78A4A0F7-F51B-44B4-932A-F1406A -> Trojan.Agent.fc : Cleaned with backup
C:\Program Files\Microsoft AntiSpyware\Quarantine\A6E6A86B-F2A6-47E2-8F90-E5F5AF\71B02B18-95F4-448C-9194-C5299D -> Spyware.SafeSurfing : Cleaned with backup
C:\quarantine\A0281826.exe.Vir -> Adware.BetterInternet : Error during cleaning
C:\quarantine\thin-137-3-x-x.exe.Vir -> Adware.BetterInternet : Error during cleaning
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0273297.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP694\A0274297.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP696\A0274461.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274624.exe -> TrojanDropper.VB.fv : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274634.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP697\A0274644.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP698\A0274719.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274755.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP699\A0274802.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP701\A0274907.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP702\A0275091.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP703\A0275135.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275281.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275295.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP706\A0275315.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275338.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275350.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275370.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP707\A0275442.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275540.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275554.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP708\A0275596.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP709\A0275666.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275805.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP712\A0275822.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP714\A0275929.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP715\A0275981.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP716\A0276032.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276136.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP719\A0276191.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276263.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP721\A0276344.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276439.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP723\A0276490.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276530.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276557.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP724\A0276593.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276657.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP725\A0276875.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0276901.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277899.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277918.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277927.ini -> TrojanSpy.Tofger.ini : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277934.dll -> TrojanDownloader.Agent.ga : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277945.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP726\A0277981.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP728\A0278044.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278111.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278254.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278264.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278274.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278277.dll -> Spyware.WildTangent : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278292.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278310.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP730\A0278334.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278369.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP731\A0278401.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP732\A0278478.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP735\A0278517.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP781\A0288024.dll -> TrojanDownloader.Agent.yb : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289079.exe -> Trojan.Small.ge : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP782\A0289151.dll -> TrojanDownloader.Agent.yb : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP783\A0289225.dll -> Spyware.Wheaterbug : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP786\A0290579.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291759.exe -> TrojanDownloader.Zlob.ap : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291761.exe -> Spyware.Hijacker.Generic : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0291768.dll -> Spyware.Virtumonde : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292815.dll -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292816.exe -> TrojanDownloader.Harnig.a : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292817.dll -> TrojanDownloader.ConHook.k : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292873.dll -> Spyware.HotSearchBar : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292874.dll -> Trojan.Agent.fc : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292876.exe -> Spyware.ISearch : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292877.dll -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292878.dll -> Dialer.Generic : Cleaned with backup
C:\System Volume Information\_restore{862561A0-41E5-4A97-BCEF-AED6DCD8E1F0}\RP787\A0292881.dll -> Spyware.CommAd : Cleaned with backup
C:\WINDOWS\SYSTEM32\msconfd.dll -> Spyware.Hijacker.Generic : Cleaned with backup
C:\WINDOWS\SYSTEM32\netlanm.dll -> Spyware.SafeSurfing : Cleaned with backup
::Report End
Post by: guestolo on November 05, 2005, 12:47:39 AM
Run another scan with Hijackthis and put a tick next to this entry
O20 - AppInit_DLLs: msconfd.dll
Then close all open windows and click FIX CHECKED
Run CWShredder.exe and run the FIX
Reboot your computer and post a fresh hijackthis log
Post by: skategoodtimes on November 05, 2005, 10:21:36 AM
An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: msconfd.dll)
Error #5 - Invalid procedure call or argument
Please email me at [email protected], reporting the following:
* What you were trying to fix when the error occurred, if applicable
* How you can reproduce the error
* A complete HijackThis scan log, if possible
Windows version: Windows NT 5.01.2600
MSIE version: 6.0.2900.2180
HijackThis version: 1.99.1
This message has been copied to your clipboard.
Click OK to continue the rest of the scan.
Post by: skategoodtimes on November 05, 2005, 10:23:31 AM
Scan saved at 9:23:12 AM, on 11/5/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\ewido\security suite\ewidoctrl.exe
C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
C:\Program Files\Network Associates\VirusScan\Mcshield.exe
C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\BCMSMMSG.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\HJT\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://skateperception.com/ (http://\"http://skateperception.com/\")
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = http://mysa.com (http://\"http://mysa.com\")
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [diagent] "C:\Program Files\Creative\SBLive\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [Dell AIO Printer A940] "C:\Program Files\Dell AIO Printer A940\dlbabmgr.exe"
O4 - HKLM\..\Run: [ccRegVfy] C:\Program Files\Common Files\Symantec Shared\ccRegVfy.exe
O4 - HKLM\..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204 (http://\"http://go.microsoft.com/fwlink/?linkid=39204\")
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1125824763578 (http://\"http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1125824763578\")
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab (http://\"http://acs.pandasoftware.com/activescan/as5free/asinst.cab\")
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido\security suite\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Post by: guestolo on November 05, 2005, 12:36:40 PM
/smile.gif\' class=\'bbc_emoticon\' alt=\':)\' /> Some final cleanup, you still have bad guys in your System restore folder
If everything is running better, please do the following
You should disable system restore>>Reboot your computer>>and then reenable it
This will clear all your restore points and ensure you don't restore any nasties
How to Disable and Re-enable System Restore feature (http://\"http://vil.nai.com/vil/SystemHelpDocs/DisableSysRestore.htm\")
Once System Restore is reenabled
You should set up protection against future attacks
SpywareBlaster 3.4 by JavaCool (http://\"http://www.javacoolsoftware.com/spywareblaster.html\")
*Will block bad ActiveX Controls
*Block Malevolent cookies in Internet Explorer and Firefox
*Restrict actions of potentially dangerous sites in Internet Explorer
After installation, Check for updates and then click the "Enable all protection"
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial (http://\"http://www.bleepingcomputer.com/forums/index.php?showtutorial=53\")
Download link (http://\"https://netfiles.uiuc.edu/ehowes/www/resource.htm#IESPYAD\")
With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply click the "enable all protection"
IE-Spyad is compatible with SP2
Let me know how things are running
Post by: skategoodtimes on November 06, 2005, 09:02:55 PM
Post by: guestolo on November 06, 2005, 11:27:36 PM
Can you do the following please, I wasn't sure if it was bad or not
Can you run the below file thru
Jotti's Online Malware scan (http://\"http://virusscan.jotti.org/\")
Give this site time to load if busy
Use the browse button and navigate to the file on your hard drive
Right click on it and choose Select
Then use the Submit button
Let it finish scanning
Could you post back the results of the scans back here please
C:\WINDOWS\winmodem.exe <-this file
Post by: skategoodtimes on November 07, 2005, 12:43:11 AM
Status:
MIGHT BE INFECTED/MALWARE (Sandbox emulation took a long time and/or runtime packers were found, this is suspicious. Normally programs aren't packed and don't force the sandbox into lengthy emulation. Do realize no scanner issued any warning, the file can very well be harmless. Caution is advised, however.)
MD5 918ddfd8bc911a72967aa0d78642fe43
Packers detected:
UPX
Scanner results
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
Fortinet
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
UNA
Found nothing
VBA32
Found nothing
Post by: guestolo on November 07, 2005, 12:49:50 AM
It looks harmless, but Panda's labelled it as a possible bad guy
Can you navigate to winmodem.exe
Right click on it and left click properties
Let me know what it's related too
If unsure, can you right click on it and rename it too winmodem.ex_
This should disable it, leave it there for now until your sure you don't need it
Post by: skategoodtimes on November 07, 2005, 01:06:18 AM