« previous next »
Pages: [1]

Author Topic: cannot delete a .dlr  (Read 4393 times)

Offline bagdaddy

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cannot delete a .dlr
« on: March 20, 2005, 12:35:29 PM »
While surfing porn like most of the posts I've read with similar problems, my browser was reset to quickmetasearch and I have a shortcut "sex" on my desktop.  At first I went to add/remove and it did not work.
when IE goes on it has also replaced my yahoo toolbar , so my popup blocker and antispy do not work.
In my program files there is a file named 127021.dlr and an icon with the same name.  
How can i get rid of it and restore my laptop to normal operation?


Logfile of HijackThis v1.98.2
Scan saved at 7:39:46 PM, on 3/20/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\prvdi.exe
C:\windows\system32\rjvgdfdk.exe
C:\windows\system32\calc.exe
C:\Program Files\WebSiteViewer\127021.dlr
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,HomeOldSP = http://www.the-huns-yellow-pages.com/hp.html
O1 - Hosts: 207.68.176.250 auto.search.msn.com
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [rjvgdfdk] c:\windows\system32\rjvgdfdk.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKCU\..\Run: [xpsystem] C:\WINDOWS\System32\services\services.exe
O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeTools.hta
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O19 - User stylesheet: c:\windows\my.css (file missing)
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot delete a .dlr
« Reply #1 on: March 20, 2005, 05:14:32 PM »
From my signature below, download and save to Desktop CWShredder.exe

With only CWShredder open, can you click ONLY the FIX button
Let it fix what it finds and then restart your computer

Back in windows
Unfortunately you posted a hijackthis log from an old version
Can you update Hijackthis please to Hijackthis 1.99.1

Delete your version and download the latest from my signature below

Do a SCAN and Save a Log file---Save the log----copy and paste the WHOLE contents of the log  here... Don't try and fix anything yet----It is all important
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot delete a .dlr
« Reply #2 on: March 20, 2005, 05:16:40 PM »
Also, to help identify other bad files

Download this virus checker from eScan
Mwav.exe
There's nothing to install, save it and then double click to run
It will self extract

Select all local drives, scan all files, press 'SCAN' and when it is completed, anything found will be displayed in the lower pane.
In the Virus Log Information Pane
Left click and Highlight all the info in the Lower pane---  Use "CTRL and the  C" keys  on your Keyboard to copy all found in the lower pane  and save it too a notepad file

****If prompted that a Virus was found and you need to purchase the product  to remove the malware, just close out the prompt and let it continue scanning
We just want to see where the bad guys are
« Last Edit: March 20, 2005, 05:17:17 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bagdaddy

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cannot delete a .dlr
« Reply #3 on: March 21, 2005, 12:16:57 PM »
I scanned with the cwshredder and windows nt authority restarted on its own here is the hijack this log.Logfile of HijackThis v1.99.1
Scan saved at 8:11:18 PM, on 3/21/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\WINDOWS\system32\RUNDLL32.exe
C:\WINDOWS\system32\prvdi.exe
C:\windows\system32\rjvgdfdk.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\windows\system32\packager.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\WebSiteViewer\127021.dlr
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - HKLM\..\Run: [RegistryMechanic] C:\Program Files\Registry Mechanic\RegMech.exe /QS
O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [rjvgdfdk] c:\windows\system32\rjvgdfdk.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: OfficeTools.hta
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot delete a .dlr
« Reply #4 on: March 21, 2005, 08:37:11 PM »
CWShredder was just for one infection you had
Can you also take the time to run the MWav scan from eScan I linked you too and supply the log, thanks

I may as well write a fix and try and get everything at once
« Last Edit: March 21, 2005, 08:37:54 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bagdaddy

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cannot delete a .dlr
« Reply #5 on: March 22, 2005, 11:39:14 AM »
here are the results from the mwav scan.  It looks like a lot.  I scanned with symantec earlier on the 10 layers deep setting and it returned with no threats then i used mwav and got the following.

File C:\WINDOWS\system32\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\windows\system32\rjvgdfdk.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cerbmod.dll infected by "not-a-virus:AdWare.BHO.NoName.l" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\STHOME~1\STHOME~1.DLL infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\WEBSIT~1\127021.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\cerbmod.dll infected by "not-a-virus:AdWare.BHO.NoName.l" Virus. Action Taken: No Action Taken.
File C:\PROGRA~1\STHOME~1\STHOME~1.DLL infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File c:\windows\system32\rjvgdfdk.exe infected by "Trojan.Win32.Agent.ay" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeTools.hta infected by "Trojan-Dropper.VBS.Inor.bt" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\0cyp.exe infected by "not-a-virus:AdWare.ToolBar.STIEBar.b" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\bho_prob.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\INTLRECO.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\DrTemp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\sthp.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\DOCUME~1\EARMYU~1\LOCALS~1\Temp\stl.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\034C0000.VBN infected by "Trojan-Downloader.Win32.Small.se" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\09500000.VBN infected by "Exploit.HTML.Mht" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0CD40000.VBN infected by "Trojan-Downloader.VBS.Iwill.g" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0000.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0002.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0004.VBN infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0006.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0008.VBN infected by "Trojan.Java.ClassLoader.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC000A.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC000C.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC000E.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DCC0010.VBN infected by "Trojan-Dropper.Java.Small.d" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine\0DE80000.VBN infected by "Trojan-Downloader.Java.OpenConnection.l" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeTools.hta infected by "Trojan-Dropper.VBS.Inor.bt" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\0cyp.exe infected by "not-a-virus:AdWare.ToolBar.STIEBar.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\bho_prob.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\farmmext.cab infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\INTLRECO.exe infected by "not-a-virus:AdWare.BetterInternet" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\pynix.cab infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\DrTemp\Pynix.dll infected by "not-a-virus:AdWare.DlMax.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\prvdi.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\sthp.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Temp\stl.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\gde.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\IBMTOOLS\APPS\PCDRWIN\SETUP2.EX2 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\STHomePage\uninst.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\WebSiteViewer\127021.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\Program Files\WebSiteViewer\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Xpoint\PE\regpe.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\rmvmpc.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\hotview.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\omnithread_rt.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.g. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\VNCHooks.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp infected by "Trojan-Downloader.Win32.IstBar.ep" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp\10297024temp.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp\127021.dlr infected by "not-a-virus:PornWare.Dialer.Tibs" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp infected by "not-a-virus:Porn-Tool.Win32.MaConnect" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp infected by "Trojan-Downloader.Win32.IstBar.gen" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp infected by "Trojan-Downloader.Win32.Krepper.a" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp infected by "Trojan-Downloader.Win32.Krepper.b" Virus. Action Taken: No Action Taken.
File C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP264\A0069465.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP273\A0071941.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP274\A0071969.dll infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP274\A0071979.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0071998.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0071999.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072002.exe infected by "not-a-virus:AdWare.Cydoor" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072004.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072005.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072007.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072008.exe infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072009.dll infected by "not-a-virus:AdWare.MetaSearch.a" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072076.exe infected by "Trojan-Downloader.Win32.Small.rd" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072077.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072078.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072085.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072096.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072103.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP275\A0072105.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072140.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072142.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072148.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072157.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072162.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072164.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072172.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072173.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072179.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072184.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP276\A0072189.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072203.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072209.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072210.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072226.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072231.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\System Volume Information\_restore{FC61CBF3-7BC0-449D-97EF-CE4802934D98}\RP277\A0072233.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx infected by "not-a-virus:AdWare.MediaTickets.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll infected by "not-a-virus:AdWare.Gator.1019" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx infected by "not-a-virus:AdWare.MediaTickets.d" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\system32\dload.exe infected by "Trojan-Downloader.Win32.Delf.dg" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\webd\4.1.1\files\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\npwthost.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\wt\wtvh.dll infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot delete a .dlr
« Reply #6 on: March 22, 2005, 11:19:44 PM »
Let's try the following

===Download and Install this small program
to help clean your temp folders,cookies,prefetch folder, recylebin
Windows Cleanup
Install for now, don't run a scan yet

===Download and save to desktop StHome.zip
[attachment=80:attachment]
UNZIP the contents too desktop so you now have StHome.reg on the desktop
We'll need this later to help remove some registry entries

===Download and UNZIP to desktop
HSFIX.zip
HSFix directory will be created
We'll need this later

Set Windows To Show Hidden Files and Folders
    * Click Start.
    * Open My Computer.
    * Select the Tools menu and click Folder Options.
    * Select the View Tab.
    * Under the Hidden files and folders heading select Show hidden files and folders.
    * Uncheck the Hide protected operating system files (recommended) option.
    * Uncheck the Hide Extensions for known file types
    * Click Yes to confirm.
    * Click OK.

Please Print this out or save these instructions to a Notepad file and save it to your Desktop
RESTART your Computer in SAFE MODE

Find and delete these folders if found
FILES
C:\WINDOWS\system32\prvdi.exe <-file
C:\windows\system32\rjvgdfdk.exe
C:\WINDOWS\Pynix.dll
C:\WINDOWS\cerbmod.dll
C:\WINDOWS\sasetup.dll
C:\WINDOWS\winupdate.exe
C:\WINDOWS\System32\iexplore.exe>> iexplore.exe only in the system32 folder
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OfficeTools.hta
C:\WINDOWS\system32\dload.exe
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq14.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq15.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq17.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq19.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1A.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq1B.tmp
C:\Program Files\Yahoo!\YPSR\Quarantine\ppq4C.tmp

If you can't find these next ones too delete, follow the additional instructions I posted  below
C:\WINDOWS\Downloaded Program Files\HDPlugin1019.dll
C:\WINDOWS\Downloaded Program Files\MediaTicketsInstaller.ocx

==================================================
Instructions>>Go to START>>RUN>>Type in
cmd
Hit OK
At the prompt type in
cd C:\WINDOWS\Downloaded Program Files (Hit Enter on keyboard)
del HDPlugin1019.dll (Hit Enter)
del MediaTicketsInstaller.ocx (Hit Enter)
exit (Enter)
===================================================
Notice the single spaces after "cd" and after "del"

Delete these FOLDERS if found
C:\WINDOWS\wt <-folder
C:\Program Files\WebSiteViewer
C:\Program Files\WildTangent
C:\Program Files\STHomePage
C:\Program Files\0CAT YellowPages <--let me know if you find this, delete if you do

You may choose to remove the files quarantined by Norton's in this folder for cleanup purposes
C:\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5\Quarantine

Stay in safe mode
Do another scan with Hijackthis and put a check next to these entries:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://red.clientapps.yahoo.com/customize/...//www.yahoo.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://quickmetasearch.com/?said=acc0000_ho
O2 - BHO: PynixObj Class - {00000000-DD60-0064-6EC2-6E0100000000} - C:\WINDOWS\Pynix.dll

O2 - BHO: (no name) - {0F9561D0-03B2-44a3-89A6-E95E417CBA25} - C:\WINDOWS\cerbmod.dll
O2 - BHO: HomePageCtrl Class - {1B9CB0F8-118B-49C1-956D-B703E976F8E3} - C:\Program Files\STHomePage\STHomePage2.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll

O4 - HKLM\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe

O4 - HKLM\..\Run: [WildTangent CDA] RUNDLL32.exe "C:\Program Files\WildTangent\Apps\CDA\cdaEngine0400.dll",cdaEngineMain
O4 - HKLM\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe

O4 - HKLM\..\Run: [farmmext] C:\WINDOWS\farmmext.exe
O4 - HKLM\..\Run: [rjvgdfdk] c:\windows\system32\rjvgdfdk.exe
O4 - HKCU\..\Run: [Windows Update] C:\WINDOWS\winupdate.exe
O4 - HKCU\..\Run: [iexplore] C:\WINDOWS\System32\iexplore.exe
O4 - HKCU\..\Run: [Windows Service] C:\WINDOWS\system32\prvdi.exe

O4 - Global Startup: OfficeTools.hta

O9 - Extra button: TREND MICRO HouseCall - {2B5EA4F8-620A-4A8B-B003-4C8C5EBEA826} - http://uk.trendmicro-europe.com/enterprise...usecall_pre.php (file missing)
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab

After you have ticked the above entries, close All other open windows,
Leave Hijackthis open and click FIX CHECKED
OK the prompt and exit Hijackthis

Navigate to the HSFix directory>>Open the folder, ensure you unzipped this
 and double-click on HSFix.bat.
* It will produce a log file, located here: C:\hslog.txt. <--we'll need this later

Double click on StHome.reg and allow to merge to the registry

Stay in safe mode
Open Windows CleanUp!>>START>>All programs>>Cleanup!
Click on the CleanUp button, let it finish scanning for files, when it's done
If you didn't install this you should manually navigate to all your temp folders and prefetch folder and delete the whole contents
CleanUp! makes this very easy

Restart your computer back to Normal mode

Don't open a browser yet, instead access Internet Options via Control Panel
Under the Programs tab "Reset Web Settings"
Under the General tab---Reset home page,
Manually type it in
Eg.. www.google.com
You can change it later

If things have improved
Disable System Restore>>Restart your computer>>Enable System Restore
You have some nasties in your Restore folder
We must clean them out
Link will show you how to do this if unsure
How to Disable and Re-enable System Restore feature

Back in Windows and system restore reenabled

Download and Install the free version of Ad-Aware SE Personal 1.05
Ensure you have this version or the paid version
Yours for free>>Hang onto this
Open Ad-Aware, ensure to click the  check for updates now link and Connect to download the latest updates
Perform a Full system scan
When it's finished scanning
At this point you should either right click on the screen and and choose the "Select All" Objects option or individually put a checkmark in each objects checkbox
click on the Next button. Ad-Aware SE will now present you with a confirmation box as to whether or not you would like to remove the objects you have just selected. Press the "OK" button

Restart your computer too finish the cleaning process

Back in Windows
I suggest you try another scan with eScan's mwav scanner and post the log
You may even want to delete your copy and redownload it as it updates quite frequently

Afterwards post back a fresh Hijackthis log, the results from eScan
Could you also post the log from HSFix.bat>>C:\hslog.txt <-this log
« Last Edit: March 22, 2005, 11:21:47 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bagdaddy

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cannot delete a .dlr
« Reply #7 on: March 24, 2005, 01:46:34 AM »
I went through the list checking and deleting.  I could not find a few files.  
C:\windows\system32\iexplore.exe
C:\programfiles\0cat yellowpages

sasetup.dll denied access
winupdate.exe gave an error message when i tried to delete it

here are the logs.
Logfile of HijackThis v1.99.1
Scan saved at 8:40:10 AM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe

The latest mwav log:

File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\127021.exe infected by "not-a-virus:Porn-Downloader.Win32.TibSystems" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\Desktop\HSFix\HSFix\Process.exe tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\eArmyU Student\Desktop\HSFix.zip tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\Documents and Settings\eArmyU Student\Local Settings\Application Data\Wildtangent\Cdacache\00\00\0E.dat infected by "not-a-virus:AdWare.WildTangent.b" Virus. Action Taken: No Action Taken.
File C:\Documents and Settings\eArmyU Student\My Documents\HSFix.zip tagged as not-a-virus:RiskWare.Tool.Processor.20. No Action Taken.
File C:\gde.exe infected by "Trojan.Win32.Agent.bw" Virus. Action Taken: No Action Taken.
File C:\IBMTOOLS\APPS\PCDRWIN\SETUP2.EX2 tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\PE\regpe.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\rmvmpc.exe tagged as not-a-virus:Tool.Win32.Reboot. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\hotview.exe tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\omnithread_rt.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC-based.g. No Action Taken.
File C:\Program Files\Xpoint\SAS\bin\VNCHooks.dll tagged as not-a-virus:RiskWare.RemoteAdmin.WinVNC.333. No Action Taken.
File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.
File C:\WINDOWS\farmmext.exe infected by "Trojan-Downloader.Win32.Stubby.c" Virus. Action Taken: No Action Taken.

 
Horseserver Removal Tool v1.05
      by Atri
-
-
1. Registry Fix Started
-
   Registry fix complete
-
2. Deleted Services
-
-
3. Finding files Located on system
-
msvcrta.dll
w32tm.exe
-
4. Deleting files that were found.
-
-
5. Checking for and Removing Winupdate
-
-
-
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot delete a .dlr
« Reply #8 on: March 24, 2005, 02:03:08 AM »
Let's try and get rid of the rest to ensure you don't get reinfected

Download the Pocket Killbox
UNZIP it to a folder of your choice

Save the rest of these instructions to a Notepad file on your desktop and then close down all other open Windows, including this one

With all other windows closed, do another scan with Hijackthis and fix checked these entries in your log
O2 - BHO: (no name) - {38D4D5D0-423E-4220-B6F9-30918C2AE4A4} - C:\WINDOWS\sasetup.dll

O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/30032a57596419...ip/RdxIE601.cab

Run Pocket KillBox
click on Tools --> Select Delete Temp Files. Click OK.

In Killbox
At the main screen of Pocket Killbox, select the option: Replace on Reboot
Also tick Use Dummy
In the Full Path of File to Delete box, copy and paste this entry:

C:\WINDOWS\farmmext.exe

Press the button with a red circle and a white X
Click Yes to Replace
When asked if you would like to Reboot now, select No.
Until you have added the below files

Do the same for these ones

C:\127021.exe

C:\gde.exe

C:\WINDOWS\winupdate.exe

Finally, in Full Path of File to Delete, copy and paste the following:

C:\WINDOWS\sasetup.dll

Press the button with a red circle and a white X.
When asked to Reboot, select Yes!!

Restart if not prompted

Back in Windows
Delete this folder,
C:\Documents and Settings\eArmyU Student\Local Settings\Application Data\Wildtangent <-folder
Also, make sure this folder is gone
C:\Program Files\WebSiteViewer <-folder

Also ensure that those files we used killbox on are gone

Post back a fresh Hijackthis log and let me know how everythings running
I probably won't see your reply till tomorrow
« Last Edit: March 24, 2005, 02:09:36 AM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Offline bagdaddy

  • Newbie
  • *
  • Posts: 7
  • Karma: +0/-0
    • View Profile
cannot delete a .dlr
« Reply #9 on: March 24, 2005, 01:23:19 PM »
I can't find those files and it seems to be working fine.
 here is the hjtlog.

Logfile of HijackThis v1.99.1
Scan saved at 9:15:05 PM, on 3/24/2005
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\LTSMMSG.exe
C:\WINDOWS\system32\tp4serv.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Xpoint\agent\xicon.exe
C:\WINDOWS\System32\QCONSVC.EXE
C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
C:\PROGRA~1\Xpoint\agent\Xpagent.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfAgent.exe
C:\PROGRA~1\Xpoint\EEClient\xpclient.exe
C:\WINDOWS\system32\cmd.exe
C:\PROGRA~1\Xpoint\SAS\jre\bin\javaw.exe
C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
C:\Documents and Settings\eArmyU Student\Desktop\hijackthis.exe

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [LTSMMSG] LTSMMSG.exe
O4 - HKLM\..\Run: [TrackPointSrv] tp4serv.exe
O4 - HKLM\..\Run: [TP4EX] tp4ex.exe
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [Xicon] C:\PROGRA~1\Xpoint\agent\xicon.exe
O4 - HKLM\..\Run: [PCRecSA] C:\PROGRA~1\Xpoint\PE\PCRECSA.EXE -noshow
O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~2\VPTray.exe
O4 - Global Startup: eArmyU Training.zip
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpeg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/...nst20040510.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) - http://housecall.trendmicro-europe.com/housecall/Xscan53.cab
O16 - DPF: {7ED7005B-4AF6-4CFF-9AE0-F243C4B8260F} (HouseCallButton.setup) - http://de.trendmicro-europe.com/file_downl...eCallButton.CAB
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MPFSERVICE.exe
O23 - Service: Xpoint PCRadmin Server (PCRadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\PE\pcradmin.exe
O23 - Service: QCONSVC - Unknown owner - C:\WINDOWS\System32\QCONSVC.EXE
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec Client Security\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Symantec SecurePort (SymSecurePort) - Symantec Corporation - C:\Program Files\Symantec Client Security\Symantec Client Firewall\SymSPort.exe
O23 - Service: Xpoint Admin Server (XPadminServer) - Unknown owner - C:\PROGRA~1\Xpoint\xpadmin\xpadmin.exe
O23 - Service: Xpoint Agent Server (xpAgentServer) - Unknown owner - C:\PROGRA~1\Xpoint\agent\Xpagent.exe
Logged

Offline guestolo

  • Site Donator
  • Administrator
  • Hero Member
  • *****
  • Posts: 16034
  • Karma: +1/-0
    • View Profile
    • http://
cannot delete a .dlr
« Reply #10 on: March 24, 2005, 07:17:20 PM »
Yup, I would say that's looking a lot better

You can go back and Hide hidden files and folders now

You should set up protection against future attacks

SpywareBlaster by JavaCool---will block bad ActiveX and malevolent cookies
Install---Check for Updates---Enable all protection
http://www.javacoolsoftware.com/spywareblaster.html

IE-Spyad---IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all.
Here is a tutorial and download link
TUTORIAL==Link to Tutorial
Download link

With both, Check for updates every couple of weeks
Keep the link to IE-Spyad bookmarked so you can check for updates
SpywareBlaster, after every update just simply enable all protection
Neither run in the background, consider them Silent Spyware Blockers
FYI>>IE-Spyad works also with Windows XP SP2

Stay safe  http://images.thetechguide.com/forum/public/style_emoticons/<#EMO_DIR#>/biggrin.gif\' class=\'bbc_emoticon\' alt=\':D\' />
« Last Edit: March 24, 2005, 07:17:57 PM by guestolo »
Logged

Do you want to post your own logs from FRST?

Follow the instructions posted http://www.thetechguide.com/forum/index.php/topic/22942-please-read-how-to-post-logs-from-frst/\'>Click Here

Pages: [1]
« previous next »