1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Solved: i have got viruses but cant remove them

Discussion in 'Virus & Other Malware Removal' started by afvang, Feb 5, 2007.

Thread Status:
Not open for further replies.
Advertisement
  1. afvang

    afvang Thread Starter

    Joined:
    Mar 14, 2006
    Messages:
    45
    After a scan by symantic it gave the following report
    C:\Program Files\LCP\Data\pwdump3e\LsaExt.dll is geïnfecteerd met Hacktool.LSADump
    C:\Program Files\LCP\Data\pwdump2\samdump.dll is geïnfecteerd met Hacktool.Pwdump
    C:\Documents and Settings\Koen Oude Kempers\Local Settings\Temp\2.dllb is geïnfecteerd met [email protected]
    C:\Documents and Settings\Koen Oude Kempers\Local Settings\Temp\6.dllb is geïnfecteerd met [email protected]
    C:\Documents and Settings\Koen Oude Kempers\Local Settings\Temp\7.dllb is geïnfecteerd met [email protected]
    C:\Documents and Settings\All Users\Documenten\cwginst.exe is geïnfecteerd met Trackware.WebGuardian

    my hijackthis log gave the following
    Logfile of HijackThis v1.99.1
    Scan saved at 22:03:28, on 5-2-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\system32\VNICMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TextBridge Pro Millennium BE\Bin\InstantAccess.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Image\Monitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\TextBridge Pro Millennium BE\Bin\Ereg\Remind32.exe
    C:\Program Files\SpeedFan\speedfan.exe
    C:\Program Files\Shareaza\Shareaza.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 212.72.51.204 test
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~2\TweakBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium BE\Bin\InstantAccess.exe /h
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro Millennium BE\Bin\Ereg\Remind32.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Image Monitor.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www1.pcpitstop.com/antivirus/PitPav.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

    Can anybody help?
     
  2. escalader

    escalader

    Joined:
    Feb 5, 2007
    Messages:
    123
    This is a bit flying blind but it sounds like you ran a Norton on line scan with zero removal function. If not, then something is horribly wrong with your Norton AV.
    Why not just update Norton with latest definitions and run it or am I missing something here?

    If you have no paid for license for it then there are a host of free AV's that can serve you well!

    BitDefender will let you download V8 free it does update and that should get rid of them.

    Or Anti_Vir from Germany personal use version is an excellent freebie.

    No reason for you to suffer these pests at all!

    Let us know how you do!

    Regards

    Escalader
     
  3. afvang

    afvang Thread Starter

    Joined:
    Mar 14, 2006
    Messages:
    45
    first i scanned with trend micro, then i've strated up in safe mode, and ran mcafee, spybot and adware, followed by ccleaner. It looks like i got rid of the lot:D
     
  4. escalader

    escalader

    Joined:
    Feb 5, 2007
    Messages:
    123
    Great news! Well done another victory for the good guys!
     
  5. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
  6. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    afvang

    You may or may not be clean here. I'd like to do a few things before we give this the all clear.

    * First please open Hijack This and click on the "Open the Misc Tools section" button. Click on the "Open Uninstall Manager" button. Click the "Save List" button. After you click the "Save List" button, you will be asked where to save the file. Pick a place to save it then the list should open in notepad. Copy and paste that list here.


    * Also run ActiveScan online virus scan here

    When the scan is finished, click on the "Save Report" button an save the results of the scan to your desktop.

    Note: You have to use Internet Explorer to do the online scan.

    Post a new HiJackThis log along with the results from ActiveScan
     
  7. escalader

    escalader

    Joined:
    Feb 5, 2007
    Messages:
    123
    yep, I sent you private message re getting approved or training, thanks a lot... I'm new here but not new to the field!
     
  8. afvang

    afvang Thread Starter

    Joined:
    Mar 14, 2006
    Messages:
    45
    This is the hijack file


    @Home Components
    3D-FTP 7.01
    A4 EPP Flatbed Scanner v4.31
    ABBYY FineReader 5.0 Sprint
    ABBYY ScanTo Office 1.0
    AcePlayer 1.24
    Acoustica CD/DVD Label Maker
    Ad-Aware SE Personal
    Adobe Acrobat - Reader 6.0.2 Update
    Adobe Acrobat 6.0.1 Professional
    Adobe Acrobat and Reader 6.0.3 Update
    Adobe Acrobat and Reader 6.0.4 Update
    Adobe Acrobat and Reader 6.0.5 Update
    Adobe Acrobat and Reader 6.0.6 Update
    Adobe Atmosphere Player for Acrobat and Adobe Reader
    Adobe Download Manager 2.0 (alleen verwijderen)
    Adobe Photoshop Album 2.0 Starter Edition
    Adobe Reader 7.0 - Nederlands
    Advanced PDF Password Recovery
    Anti-Blaxx 1.17
    Any Password 1.3
    ArcSoft PhotoImpression 4
    ATI - Software-verwijderprogramma
    ATI Control Panel
    ATI Display Driver
    avi2divx
    AviSynth 2.5
    Barbie(TM) Horse Adventures(TM)
    Beveiligingsupdate for Windows Media Player 10 (KB911565)
    Beveiligingsupdate for Windows Media Player 10 (KB917734)
    Beveiligingsupdate for Windows XP (KB923689)
    Beveiligingsupdate voor Windows Media Player (KB911564)
    Beveiligingsupdate voor Windows Media Player 6.4 (KB925398)
    Beveiligingsupdate voor Windows XP (KB883939)
    Beveiligingsupdate voor Windows XP (KB890046)
    Beveiligingsupdate voor Windows XP (KB893756)
    Beveiligingsupdate voor Windows XP (KB896358)
    Beveiligingsupdate voor Windows XP (KB896422)
    Beveiligingsupdate voor Windows XP (KB896423)
    Beveiligingsupdate voor Windows XP (KB896424)
    Beveiligingsupdate voor Windows XP (KB896428)
    Beveiligingsupdate voor Windows XP (KB896688)
    Beveiligingsupdate voor Windows XP (KB899587)
    Beveiligingsupdate voor Windows XP (KB899588)
    Beveiligingsupdate voor Windows XP (KB899591)
    Beveiligingsupdate voor Windows XP (KB900725)
    Beveiligingsupdate voor Windows XP (KB901017)
    Beveiligingsupdate voor Windows XP (KB901214)
    Beveiligingsupdate voor Windows XP (KB902400)
    Beveiligingsupdate voor Windows XP (KB903235)
    Beveiligingsupdate voor Windows XP (KB904706)
    Beveiligingsupdate voor Windows XP (KB905414)
    Beveiligingsupdate voor Windows XP (KB905749)
    Beveiligingsupdate voor Windows XP (KB905915)
    Beveiligingsupdate voor Windows XP (KB908519)
    Beveiligingsupdate voor Windows XP (KB908531)
    Beveiligingsupdate voor Windows XP (KB911562)
    Beveiligingsupdate voor Windows XP (KB911567)
    Beveiligingsupdate voor Windows XP (KB911927)
    Beveiligingsupdate voor Windows XP (KB912812)
    Beveiligingsupdate voor Windows XP (KB912919)
    Beveiligingsupdate voor Windows XP (KB913446)
    Beveiligingsupdate voor Windows XP (KB913580)
    Beveiligingsupdate voor Windows XP (KB914388)
    Beveiligingsupdate voor Windows XP (KB914389)
    Beveiligingsupdate voor Windows XP (KB916281)
    Beveiligingsupdate voor Windows XP (KB917159)
    Beveiligingsupdate voor Windows XP (KB917344)
    Beveiligingsupdate voor Windows XP (KB917422)
    Beveiligingsupdate voor Windows XP (KB917953)
    Beveiligingsupdate voor Windows XP (KB918439)
    Beveiligingsupdate voor Windows XP (KB918899)
    Beveiligingsupdate voor Windows XP (KB919007)
    Beveiligingsupdate voor Windows XP (KB920213)
    Beveiligingsupdate voor Windows XP (KB920214)
    Beveiligingsupdate voor Windows XP (KB920670)
    Beveiligingsupdate voor Windows XP (KB920683)
    Beveiligingsupdate voor Windows XP (KB920685)
    Beveiligingsupdate voor Windows XP (KB921398)
    Beveiligingsupdate voor Windows XP (KB921883)
    Beveiligingsupdate voor Windows XP (KB922616)
    Beveiligingsupdate voor Windows XP (KB922760)
    Beveiligingsupdate voor Windows XP (KB922819)
    Beveiligingsupdate voor Windows XP (KB923191)
    Beveiligingsupdate voor Windows XP (KB923414)
    Beveiligingsupdate voor Windows XP (KB923694)
    Beveiligingsupdate voor Windows XP (KB923980)
    Beveiligingsupdate voor Windows XP (KB924191)
    Beveiligingsupdate voor Windows XP (KB924270)
    Beveiligingsupdate voor Windows XP (KB924496)
    Beveiligingsupdate voor Windows XP (KB925454)
    Beveiligingsupdate voor Windows XP (KB925486)
    Beveiligingsupdate voor Windows XP (KB926255)
    BlindWrite5
    Cacheman 5.50
    CCleaner (remove only)
    ClearType Tuning Control Panel Applet
    CloneCD
    CloneDVD
    CM DiskCleaner
    C-Media WDM Audio Driver
    coverXP (remove only)
    Cucusoft AVI to DVD/VCD/SVCD/MPEG Converter Pro 4.21
    Digital Image
    DiscJuggler
    DiscWizard for Windows
    DivX Codec
    DivX Content Uploader
    DivX Converter
    DivX Player
    DivX Web Player
    DU Meter
    DVD Decrypter (Remove Only)
    DVD Shrink 3.2
    DVD2SVCD 1.2.2 Build 3
    EA SPORTS online 2006
    EasyDivX v0.820 Lite
    Encarta Encyclopedie Winkler Prins
    EVEREST Home Edition v1.51
    ewido anti-malware
    ExamDiff Pro 3.2c
    EZ Mp3 Wav Converter
    Google Toolbar for Internet Explorer
    Google Updater
    GSpot Codec Information Appliance
    HighMAT-uitbreiding voor de wizard Cd branden van Microsoft Windows XP
    Hijackthis 1.99.1
    HijackThis 1.99.1
    Hokus Pokus Pink
    Hotfix for Windows Media Format SDK (KB902344)
    Hotfix for Windows XP (KB909394)
    Hotfix for Windows XP (KB915865)
    Hotfix for Windows XP (KB926239)
    Hotfix voor Windows XP (KB914440)
    Hotfix voor Windows XP (KB928388)
    Hotfix voor Windows XP (KB929120)
    Huffyuv AVI lossless video codec (Remove Only)
    HydraVision
    Ice Age 2 The Meltdown
    Informatie over uw PC
    InstantCopy
    InterVideo FilterSDK
    iPhoto Plus 4
    iTunes
    J2SE Runtime Environment 5.0 Update 10
    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment Standard Edition v1.3.1_15
    KB898458: Beveiligingsupdate voor Step by Step Interactive Training
    Kruidvat - Fotoboek
    Kruidvat Fotoservice
    LCP 5.04
    Lexmark X1100 Series
    LiveUpdate 1.6 (Symantec Corporation)
    LQfix 2.1
    Macromedia Flash Player 8
    MAGIX Online Druck Service
    Matroska Pack (remove only)
    McAfee VirusScan Enterprise
    [email protected]
    Medion Flash XL
    Microsoft .NET Framework (Dutch) v1.0.3705
    Microsoft .NET Framework 1.0 Hotfix (KB886906)
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Dutch Language Pack
    Microsoft .NET Framework 1.1 Hotfix (KB886903)
    Microsoft .NET Framework 2.0
    Microsoft .NET Framework 2.0 Language Pack - NLD
    Microsoft ActiveSync 4.0
    Microsoft AutoRoute v11.0
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft Data Access Components KB870669
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Office Professional Editie 2003
    Microsoft Office XP Web Components
    Microsoft Picture It! Photo Standard 9
    Microsoft Plus! for Windows XP
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Windows Journal Viewer
    Microsoft Windows Media Video 9 VCM
    Microsoft Windows Vista Upgrade Advisor
    Microsoft Works
    Microsoft Works 2004 Setup starten
    Mobile Music Polyphonic
    Mp3 Knife 3.0
    MP3 Splitter & Joiner
    MP3-Slicer
    Mpeg Layer3 Codec FHG-Radium v1.263
    MSN Messenger 7.0
    MSXML 4.0 SP2 (KB925672)
    MSXML 4.0 SP2 (KB927978)
    MUSICMATCH® Jukebox
    MyAlbum version 2.3
    Nero Digital
    Nero Media Player
    Nero OEM
    NeroMIX
    NetDiag
    Network Stumbler 0.4.0 (remove only)
    Norton Ghost 9.0
    NTREGOPT 1.1i
    Opera 9 Beta
    Pakket voor de provider van Microsoft Base-smartcardcryptografieservice
    PCast
    PCPitstop Panda AntiVirus Scan (remove only)
    Photo Story 3 voor Windows
    Poi Edit v4.5.1
    PowerArchiver 2006 v9.50 Dutch
    PowerArchiver 2006 v9.62 Dutch
    PowerArchiver 2006 v9.63 Dutch
    PowerCinema 2.0
    PowerDirector
    PowerDVD
    PowerProducer
    PPLive 1.0.9.5
    ppStream 1.0.0.98
    Programma voor het verwijderen van metagegevens
    QuickTime
    Rabo Telebankieren
    Rainbow iKey Driver v3.4.5.108
    Rainbow NetSwift iGate Plug-in 3.2.0.215
    RAR Password Recovery v1.1 RC16 (remove only)
    RealPlayer
    Registry Workshop
    RegistryFix v5.5
    RM to MP3 WAV Converter
    Security Update for Microsoft .NET Framework 2.0 (KB917283)
    Security Update voor Microsoft .NET Framework 2.0 (KB922770)
    SFV Checker
    Shareaza versie 2.2.1.0
    Shockwave
    SiSoftware Sandra Lite 2005 (Win64/32/CE)
    SLD Codec Pack
    SpeedFan (remove only)
    SpeedXP
    Spy Sweeper 4.x.x FIX
    Spybot - Search & Destroy 1.4
    Symantec LiveUpdate LOTS Manager
    Synacast Plug-in 1.0.9.5
    Synchronization
    Techfacts XP <unregistered>
    Terugwaartse compatibiliteit van Windows Rights Management Client SP2
    TextBridge Pro Millennium Business Edition
    Total Commander (Remove or Repair)
    TV/FM Tuner
    Tweak Manager 2.1
    Tweak UI
    TweakNow RegCleaner
    Update voor Windows XP (KB894391)
    Update voor Windows XP (KB896727)
    Update voor Windows XP (KB898461)
    Update voor Windows XP (KB900485)
    Update voor Windows XP (KB900930)
    Update voor Windows XP (KB904942)
    Update voor Windows XP (KB910437)
    Update voor Windows XP (KB911280)
    Update voor Windows XP (KB912945)
    Update voor Windows XP (KB916595)
    Update voor Windows XP (KB920342)
    Update voor Windows XP (KB920872)
    Update voor Windows XP (KB922582)
    USB Wireless Keyboard Driver Ver1.24M
    Van Dale Groot woordenboek hedendaags Nederlands
    Van Dale Groot woordenboek van de Nederlandse taal 14
    VIA NICSET
    VIA Rhine-Family Fast-Ethernet Adapter
    VideoLAN VLC media player 0.8.4a
    VideoLive Mail
    Vingervlug Trainingssoftware
    VisualRoute
    VisualRoute Lite Edition
    VNC 4.0
    VobSub v2.23 (Remove Only)
    VSO CopyToDVD 4
    What's Running 2.1
    Winamp (remove only)
    WinAVI VideoConverter
    WinBackup
    Window Washer 5
    Windows Back-up
    Windows Defender Signatures
    Windows Genuine Advantage v1.3.0254.0
    Windows Installer 3.1 (KB893803)
    Windows Installer 3.1 (KB893803)
    Windows Installer Clean Up
    Windows Internet Explorer 7
    Windows Media Connect
    Windows Media Format 11 runtime
    Windows Media Format 11 runtime
    Windows Media Player 10 Hotfix - KB894476
    Windows Media Player 11
    Windows Media Player 11
    Windows Media Player 9 Series Winter Fun Pack
    Windows Rights Management Client met Service Pack 2
    Windows XP Hotfix - KB834707
    Windows XP Hotfix - KB867282
    Windows XP Hotfix - KB873333
    Windows XP Hotfix - KB873339
    Windows XP Hotfix - KB884020
    Windows XP Hotfix - KB885250
    Windows XP Hotfix - KB885835
    Windows XP Hotfix - KB885836
    Windows XP Hotfix - KB885884
    Windows XP Hotfix - KB886185
    Windows XP Hotfix - KB887472
    Windows XP Hotfix - KB887742
    Windows XP Hotfix - KB887797
    Windows XP Hotfix - KB888113
    Windows XP Hotfix - KB888302
    Windows XP Hotfix - KB890047
    Windows XP Hotfix - KB890175
    Windows XP Hotfix - KB890859
    Windows XP Hotfix - KB890923
    Windows XP Hotfix - KB891781
    Windows XP Hotfix - KB893066
    Windows XP Hotfix - KB893086
    Windows XP Service Pack 2
    WinMPG Video Convert 5.6
    WinRAR
    X Access
    X10 Hardware(TM)
    XoftSpy
    XoftSpySE
     
  9. afvang

    afvang Thread Starter

    Joined:
    Mar 14, 2006
    Messages:
    45
    Here is the Panda report


    Incident Status Location

    Adware:adware/beginto Not disinfected c:\windows\system32\cache32_rtneg3
    Adware:adware/popupsearches Not disinfected Windows Registry
    Adware:adware/powerstrip Not disinfected Windows Registry
    Spyware:spyware/safesurf Not disinfected Windows Registry
    Spyware:Cookie/Lop Not disinfected C:\Documents and Settings\Ellis Oude Kempers\Cookies\ellis oude [email protected][1].txt
    Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Tonny Oude Kempers\Cookies\[email protected][2].txt
    Spyware:Cookie/Doubleclick Not disinfected C:\Documents and Settings\Tonny Oude Kempers\Cookies\[email protected][1].txt
    Spyware:Cookie/Hitbox Not disinfected C:\Documents and Settings\Tonny Oude Kempers\Cookies\[email protected][2].txt
    Spyware:Cookie/onestat.com Not disinfected C:\Documents and Settings\Tonny Oude Kempers\Cookies\[email protected][2].txt
    Hacktool:HackTool/Samdump Not disinfected Archiefmappen\Verzonden items\aardg\pwdump2.zip[pwdump2/pwdump2.exe]
    Hacktool:HackTool/Samdump Not disinfected Archiefmappen\Verzonden items\aardg\pwdump2.zip[pwdump2/samdump.dll]
    Potentially unwanted tool:Application/PassRock Not disinfected Archiefmappen\Verzonden items\rocks\Kopie van RockXP3.doc
    Potentially unwanted tool:Application/PassRock Not disinfected Persoonlijke mappen\Verzonden items\rocks\Kopie van RockXP3.doc
    Potentially unwanted tool:Application/KillApp.B Not disinfected C:\EasyDivX\softs\ck.exe
    Hacktool:HackTool/EvID Not disinfected C:\Program Files\PPLive TV\SynaLiveSetup.exe[EvID4226Patch.exe]
    Potentially unwanted tool:Application/PassRock Not disinfected Persoonlijke mappen\Verzonden items\rocks\Kopie van RockXP3.doc
    Hacktool:HackTool/Samdump Not disinfected Archiefmappen\Verzonden items\aardg\pwdump2.zip[pwdump2/pwdump2.exe]
    Hacktool:HackTool/Samdump Not disinfected Archiefmappen\Verzonden items\aardg\pwdump2.zip[pwdump2/samdump.dll]
    Potentially unwanted tool:Application/PassRock Not disinfected Archiefmappen\Verzonden items\rocks\Kopie van RockXP3.doc
    Potentially unwanted tool:Application/PassRock Not disinfected Lokale mappen\Verzonden items\rocks\Kopie van RockXP3.doc
    :mad:
     
  10. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * Go to Add/Remove programs and uninstall these old versions of Java:

    J2SE Runtime Environment 5.0 Update 9
    Java 2 Runtime Environment Standard Edition v1.3.1_15



    * Start Ccleaner and click Run Cleaner


    * Click Here and download Killbox and save it to your desktop.

    * Double-click on Killbox.exe to run it.
    • Put a tick by Delete on Reboot.
    • In the "Full Path of File to Delete" box, copy and paste the following line:

      c:\windows\system32\cache32_rtneg3

    • Click on the button that has the red circle with the X in the middle.
    • It will ask for confimation to delete the file on next reboot and ask you if you want to reboot now.
    • Click Yes and let the computer reboot.
    * After it reboots, go here and do the BitDefender online virus scan.
    • Click "I Agree" to agree to the EULA.
    • Allow the ActiveX control to install when prompted.
    • Click "Click here to scan" to begin the scan.
    • Please refrain from using the computer until the scan is finished.
    • When the scan is finished, click on "Click here to export the scan results"
    • Save the report to your desktop then come back here and attach it to your next reply along with a new Hijack This log..
     
  11. afvang

    afvang Thread Starter

    Joined:
    Mar 14, 2006
    Messages:
    45
    My bitdefender file is:

    <HTML>
    <HEAD>
    <TITLE>BitDefender Online Scanner -Scan Report</TITLE>
    <META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=iso-8859-1">
    <meta name="generator" content="Namo WebEditor v5.0(Trial)">
    </HEAD>
    <BODY BGCOLOR=#FFFFFF leftmargin="10" marginwidth="0" topmargin="20" marginheight="0" >


    <table align="center" border="0" cellpadding="0" cellspacing="0" width="90%">
    <tr>
    <td width="458">
    <p><font face="Arial" color=red><span style="font-size:14pt;"><b>BitDefender
    Online Scanner</b></span></font></p>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>
    <tr>
    <td colspan="3" width="912">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Scan report generated
    at: Thu, Feb 08, 2007 - 22:46:41</b></span></font></p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>Scan
    path: </b></span><span style="font-size:10pt;">C:\;D:\;E:\;F:\;H:\;J:\;K:\;L:\;M:\;N:\;P:\;</span></font></p>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Statistics</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Time</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">02:11:21</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Files</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">815370</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Folders</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">8639</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Boot Sectors</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">19336</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Packed Files</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">92308</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>



    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Results</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Identified Viruses </font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Infected Files </font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Suspect&nbsp;Files </font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Warnings</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Disinfected</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">0</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Deleted Files</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">4</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Engines Info</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Virus Definitions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">419420</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Engine build</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">AVCORE v1.0 (build 2371) (i386) (Dec 13 2006 11:16:42)</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Scan plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">14</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Archive plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">38</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Unpack plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">E-mail plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">6</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">System&nbsp;plugins</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">1</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="451" colspan="2" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Scan Settings</b></font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">First Action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Disinfect</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Second Action</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Delete</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Heuristics</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Yes</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Enable Warnings</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Yes</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Scanned Extensions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">*;</font></p>
    </td>
    </tr>

    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Exclude Extensions</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">&nbsp;</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Scan Emails</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Yes</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Scan Archives</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Yes</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Scan Packed</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Yes</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Scan Files</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Yes</font></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">Scan Boot</font></p>
    </td>
    <td width="43%" align="right">
    <p><font face="Arial" size="2">Yes</font></p>
    </td>
    </tr>
    </table>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td colspan=2> &nbsp;
    <table border="1" cellspacing="0" bordercolordark="white" bordercolorlight="black" width="100%">
    <tr>
    <td width="252" bgcolor="#CCCCCC">
    <p><font face="Arial" size="2"><B>Scanned File</b></font></p>
    </td>
    <td width="195" bgcolor="#CCCCCC" align="right">
    <p align="left"><b><font size="2" face="Arial">&nbsp;Status</font></b></p>
    </td>
    </tr>
    <tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip=>pwdump2/pwdump2.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infected with: Virtool.Pwdump.2.0</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip=>pwdump2/pwdump2.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Disinfection failed</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip=>pwdump2/pwdump2.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Deleted</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Updated</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip=>pwdump2/samdump.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infected with: Trojan.Hacktool.Pwdump.A</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip=>pwdump2/samdump.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Disinfection failed</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip=>pwdump2/samdump.dll</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Deleted</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst=>[Subject: aardg][From: Tonny Oude Kempers]=>pwdump2.zip</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Updated</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\Documents and Settings\Tonny Oude Kempers\Local Settings\Application Data\Microsoft\Outlook\archive.pst</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Update failed</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{34169A92-5B53-42FE-BD65-FA51F056D750}\RP684\A0591203.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infected with: Trojan.Peed.Gen</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{34169A92-5B53-42FE-BD65-FA51F056D750}\RP684\A0591203.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Disinfection failed</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{34169A92-5B53-42FE-BD65-FA51F056D750}\RP684\A0591203.exe</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Deleted</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{34169A92-5B53-42FE-BD65-FA51F056D750}\RP694\A0595183.EXE</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Infected with: Trojan.Pws.Banker.FX</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{34169A92-5B53-42FE-BD65-FA51F056D750}\RP694\A0595183.EXE</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Disinfection failed</font></p>
    </td>
    </tr><tr>
    <td width="57%">
    <p><font face="Arial" size="2">C:\System Volume Information\_restore{34169A92-5B53-42FE-BD65-FA51F056D750}\RP694\A0595183.EXE</font></p>
    </td>
    <td width="43%" align="left">
    <p><font face="Arial" size="2">Deleted</font></p>
    </td>
    </tr>
    </table>
    </td>

    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    <tr>
    <td width="458">
    <p><font face="Arial"><span style="font-size:11pt;"><B>&nbsp;</b></span></font></p>
    </td>
    <td width="40%">
    <p>&nbsp;</p>
    </td>
    <td width="10%">
    <p>&nbsp;</p>
    </td>
    </tr>

    </table>
    <p>&nbsp;</p>

    </body>
    </html>
     
  12. afvang

    afvang Thread Starter

    Joined:
    Mar 14, 2006
    Messages:
    45
    my hijackthis file is

    Logfile of HijackThis v1.99.1
    Scan saved at 22:47:54, on 8-2-2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\WINDOWS\System32\GEARSec.exe
    C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\WINDOWS\CNYHKey.exe
    C:\WINDOWS\system32\VNICMon.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\TextBridge Pro Millennium BE\Bin\InstantAccess.exe
    C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE
    C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe
    C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe
    C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\WINDOWS\system32\RunDll32.exe
    C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Microsoft ActiveSync\wcescomm.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
    C:\Program Files\Windows Media Player\WMPNSCFG.exe
    C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    C:\Program Files\Digital Image\Monitor.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Program Files\TextBridge Pro Millennium BE\Bin\Ereg\Remind32.exe
    C:\PROGRA~1\MI3AA1~1\rapimgr.exe
    C:\Program Files\Outlook Express\msimn.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Hijackthis\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.nl/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
    O1 - Hosts: 212.72.51.204 test
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O2 - BHO: TweakMASTER PRO Component - {7DAAC7DE-9EF0-4FF0-BFA5-AFF3E899054C} - C:\PROGRA~1\TWEAKM~2\TweakBHO.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
    O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [ledpointer] CNYHKey.exe
    O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\System32\PSDrvCheck.exe
    O4 - HKLM\..\Run: [InstantAccess] C:\Program Files\TextBridge Pro Millennium BE\Bin\InstantAccess.exe /h
    O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\Network Associates\VirusScan\SHSTAT.EXE" /STANDALONE
    O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\Network Associates\Common Framework\UpdaterUI.exe" /StartedFromRunKey
    O4 - HKLM\..\Run: [Network Associates Error Reporting Service] "C:\Program Files\Common Files\Network Associates\TalkBack\TBMon.exe"
    O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
    O4 - HKLM\..\Run: [Startup Cleaner] C:\Program Files\CM Data Software\CM DiskCleaner\Startup Cleaner.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.2480\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Startup: reminder-ScanSoft Product Registration.lnk = C:\Program Files\TextBridge Pro Millennium BE\Bin\Ereg\Remind32.exe
    O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe
    O4 - Global Startup: Adobe Reader Snelle start.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O4 - Global Startup: Digital Image Monitor.lnk = ?
    O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O9 - Extra button: Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra 'Tools' menuitem: VisualRoute Trace - {04849C74-016E-4a43-8AA5-1F01DE57F4A1} - C:\Program Files\VisualRoute\vrie.dll
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
    O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra 'Tools' menuitem: Mobiele favorieten maken - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MI3AA1~1\INetRepl.dll
    O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
    O9 - Extra button: Onderzoek - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O11 - Options group: [INTERNATIONAL] International*
    O14 - IERESET.INF: START_PAGE_URL=http://start.home.nl/
    O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - http://pcpitstop.com/pcpitstop/PCPitStop.CAB
    O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
    O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
    O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
    O16 - DPF: {C4925E65-7A1E-11D2-8BB4-00A0C9CC72C3} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/1d/player.virtools.com/downloads/player/Install2.1/Installer.exe
    O16 - DPF: {EFAEF0E4-F044-4D57-9900-1C3FF18524C9} (AV Class) - http://www1.pcpitstop.com/antivirus/PitPav.cab
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O20 - Winlogon Notify: WRNotifier - C:\WINDOWS\SYSTEM32\WRLogonNTF.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: CA License Client (CA_LIC_CLNT) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmt.exe
    O23 - Service: CA License Server (CA_LIC_SRVR) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\lic98rmtd.exe
    O23 - Service: GEARSecurity - GEAR Software - C:\WINDOWS\System32\GEARSec.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: iPod-service (iPodService) - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
    O23 - Service: Event Log Watch (LogWatch) - Computer Associates - C:\Program Files\CA\SharedComponents\CA_LIC\LogWatNT.exe
    O23 - Service: McAfee Framework Service (McAfeeFramework) - Network Associates, Inc. - C:\Program Files\Network Associates\Common Framework\FrameworkService.exe
    O23 - Service: Network Associates McShield (McShield) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\Mcshield.exe
    O23 - Service: Network Associates Task Manager (McTaskManager) - Network Associates, Inc. - C:\Program Files\Network Associates\VirusScan\VsTskMgr.exe
    O23 - Service: Norton Ghost - Symantec Corporation - C:\Program Files\Symantec\Norton Ghost\Agent\PQV2iSvc.exe
    O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcDataSrv.exe
    O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2005\RpcSandraSrv.exe
    O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
     
  13. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    How is everything now?
     
  14. afvang

    afvang Thread Starter

    Joined:
    Mar 14, 2006
    Messages:
    45
    Looks good:D
    I think we made it;)
     
  15. Flrman1

    Flrman1

    Joined:
    Jul 26, 2002
    Messages:
    46,329
    * If I had you use Killbox to delete any files, go ahead and delete the C:\!Killbox folder then empty the Recycle Bin.


    * Check this out for info on how to tighten your security settings and some good free tools to help prevent this from happening again.


    * Go to Windows update and install all "High Priority Updates".


    * Now turn off System Restore:

    On the Desktop, right-click My Computer.
    Click "Properties".
    Click the "System Restore" tab.
    Put a check by "Turn off System Restore on all drives".
    Click Apply, and then click OK.

    Restart your computer, turn System Restore back on and create a restore point.

    To turn System Restore back on:

    On the Desktop, right-click My Computer.
    Click "Properties".
    Click the "System Restore" tab.
    Remove the check by "Turn off System Restore on all drives".
    Click Apply, and then click OK.

    To create a restore point:

    Single-click "Start" and point to "All Programs".
    Mouse over "Accessories", then "System Tools", and select "System Restore".
    In the System Restore wizard, select the box next the text labeled "Create a restore point" and click the "Next" button.
    Type a description for your new restore point. Something like "After trojan/spyware cleanup". Click "Create" and you're done.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/541516

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice