Trojan Backdoor Agent BA

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Wheatthin77

Thread Starter
Joined
Jul 26, 2006
Messages
22
I ran avenger and cannot seem to remove the trojan backdoor (C:Windows\System32\winhb.dll). Whenever I try to delete the infected file, its say access denied. Any assistance is greatly appreciated.


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ouwanyme

*******************

Script file located at: \??\C:\Documents and Settings\dqpkfcob.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



Could not open file C:Windows\System32\winhb.dll for deletion
Deletion of file C:Windows\System32\winhb.dll failed!

Could not process line:
C:Windows\System32\winhb.dll
Status: 0xc000003a


Completed script processing.

*******************

Finished! Terminate.



HJT:

Logfile of HijackThis v1.99.1
Scan saved at 9:38:47 AM, on 8/12/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {09F4E9B6-4978-120D-FA31-53AD044D9CC9} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsu...?1154652096936
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 
Joined
Jul 8, 2002
Messages
14,681
Save The Avenger to your Desktop

Run HijackThis and click Do a system scan only
Put a checkmark next to each of the following entries that appear:

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\

Click Fix Checked and exit HijackThis

Copy the contents of the following box to your clipboard:
Files to delete:
C:\Windows\System32\winhb.dll
Run The Avenger and click OK
Select Input script manually and click the magnifying glass icon
In the View/edit script box, right-click and choose Paste
Click Done. Press the button with a picture of a green light
Choose Yes when prompted to execute the script and click Yes when asked to reboot your computer
Post the contents of the file C:\Avenger.txt along with a new HijackThis log
 

Wheatthin77

Thread Starter
Joined
Jul 26, 2006
Messages
22
The corrupt file is now gone...I didn't save the log on the first run...When I re-run it, it says that the file is not there. When I run my avg anti virius, it's telling me there are still 50+ infected objects and it will not allow me to remove them. Do you think that I should delete all files through avenger?

Logfile of HijackThis v1.99.1
Scan saved at 11:07:52 PM, on 8/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\devldr32.exe
C:\Program Files\Grisoft\AVG Free\avgwb.dat
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {09F4E9B6-4978-120D-FA31-53AD044D9CC9} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154652096936
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

ogfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ltrkbhlr

*******************

Script file located at: \??\C:\Documents and Settings\bfbimiom.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:



File C:\Windows\System32\winhb.dll not found!
Deletion of file C:\Windows\System32\winhb.dll failed!

Could not process line:
C:\Windows\System32\winhb.dll
Status: 0xc0000034


Completed script processing.

*******************

Finished! Terminate.
 

Wheatthin77

Thread Starter
Joined
Jul 26, 2006
Messages
22
C:\Program Files\America Online 8.0\download\5.dat Trojan horse Downloader.Agent.3.AO Infected
C:\Program Files\America Online 8.0\download\rmtct.exe Trojan horse Clicker.AAS Infected
C:\Program Files\Internet Explorer\a.exe Trojan horse Downloader.Small.40.AK Infected
C:\Recycled\Q375359.exe Trojan horse Downloader.Small.28.AU Infected
C:\RECYCLER\S-1-5-18\Dc1.DAT Trojan horse PSW.Agent.2.AQ Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP331\A0066859.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0067861.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0068862.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0069866.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070861.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070864.dll Trojan horse Startpage.19.AN Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070870.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070882.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0070890.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP336\A0071890.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0072189.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0073185.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0074185.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0074194.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0074208.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP340\A0075208.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP341\A0075217.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP341\A0076217.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0077217.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078217.exe Trojan horse Downloader.Small.28.AU Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078218.exe Trojan horse Downloader.Agent.5.AG Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078219.exe Trojan horse Downloader.Zlob.CHA Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078220.exe Trojan horse Downloader.Zlob.CGY Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078221.exe Trojan horse PSW.Agent.2.W Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078392.exe Trojan horse Downloader.Small.8.R Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078393.exe Trojan horse Clicker.AD Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078395.exe Trojan horse Downloader.Agent.4.AO Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078397.exe Trojan horse Clicker.6.AR Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078398.exe Trojan horse Clicker.6.AT Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078399.exe Trojan horse Downloader.Agent.4.AX Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078400.exe Trojan horse Downloader.Agent.5.C Infected
C:\System Volume Information\_restore{21D7D692-4662-421F-93B0-877BC3820711}\RP342\A0078401.exe Trojan horse Startpage.13.D Infected
C:\WINDOWS\restore.dat Trojan horse Downloader.Agent.6.AR Infected
C:\WINDOWS\srt_iehost.dll Trojan horse Downloader.Agent.5.AF Infected
C:\WINDOWS\Downloaded Program Files\orxmdzyy.exe Trojan horse Downloader.Delf.4.J Infected
C:\WINDOWS\Downloaded Program Files\ProfR1G.exe Trojan horse Downloader.Istbar.4.Q Infected
C:\WINDOWS\Downloaded Program Files\Q375359.exe Trojan horse Downloader.Small.28.AU Infected
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ProfR1G.exe Trojan horse Downloader.Istbar.4.Q Infected
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ProfR1G.exe Trojan horse Downloader.Istbar.4.Q Infected
C:\WINDOWS\SYSTEM\121336.exe Trojan horse Dialer.7.N Infected
C:\WINDOWS\SYSTEM\121690.exe Trojan horse Dialer Infected
C:\WINDOWS\SYSTEM32\DlhR6z5p.exe Trojan horse Downloader.VB.4.AG Infected
C:\WINDOWS\SYSTEM32\EGCOMSERVICE2.dll Trojan horse Dialer.21.AR Infected
C:\WINDOWS\SYSTEM32\EGCOMSERVICE_1053.dll Trojan horse Dialer.12.BN Infected
C:\WINDOWS\SYSTEM32\Kxjno.exe Trojan horse Downloader.VB.4.AG Infected
C:\WINDOWS\SYSTEM32\LjpiOq5.exe Trojan horse Downloader.VB.4.AG Infected
C:\WINDOWS\SYSTEM32\Rbl7x.exe Trojan horse Downloader.VB.4.AG Infected
C:\WINDOWS\SYSTEM32\Rdrc4j1S.exe Trojan horse Downloader.VB.4.AG Infected
C:\WINDOWS\SYSTEM32\YbtiPy8.exe Trojan horse Downloader.VB.4.AG Infected
C:\WINDOWS\SYSTEM32\golumm\services.exe Trojan horse Downloader.Agent.3.AO Infected
C:\WINDOWS\Temp\rccvsm.dat Trojan horse PSW.Agent.2.AQ Infected
 
Joined
Jul 8, 2002
Messages
14,681
Go to Start>>Run. Type msconfig and press Enter
Click Launch System Restore then click System Restore Settings
Put a checkmark next to Turn off system restore on all drives and click Apply>>OK
Close System Restore utility and the System Configuration Utility

Copy the contents of the following box to your clipboard:
Files to delete:
C:\Program Files\America Online 8.0\download\5.dat
C:\Program Files\America Online 8.0\download\rmtct.exe
C:\Program Files\Internet Explorer\a.exe
C:\Recycled\Q375359.exe
C:\RECYCLER\S-1-5-18\Dc1.DAT
C:\WINDOWS\restore.dat
C:\WINDOWS\srt_iehost.dll
C:\WINDOWS\Downloaded Program Files\orxmdzyy.exe
C:\WINDOWS\Downloaded Program Files\ProfR1G.exe
C:\WINDOWS\Downloaded Program Files\Q375359.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ProfR1G.exe
C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ProfR1G.exe
C:\WINDOWS\SYSTEM\121336.exe
C:\WINDOWS\SYSTEM\121690.exe
C:\WINDOWS\SYSTEM32\DlhR6z5p.exe
C:\WINDOWS\SYSTEM32\EGCOMSERVICE2.dll
C:\WINDOWS\SYSTEM32\EGCOMSERVICE_1053.dll
C:\WINDOWS\SYSTEM32\Kxjno.exe
C:\WINDOWS\SYSTEM32\LjpiOq5.exe
C:\WINDOWS\SYSTEM32\Rbl7x.exe
C:\WINDOWS\SYSTEM32\Rdrc4j1S.exe
C:\WINDOWS\SYSTEM32\YbtiPy8.exe
C:\WINDOWS\SYSTEM32\golumm\services.exe
C:\WINDOWS\Temp\rccvsm.dat
Run The Avenger and click OK
Select Input script manually and click the magnifying glass icon
In the View/edit script box, right-click and choose Paste
Click Done. Press the button with a picture of a green light
Choose Yes when prompted to execute the script and click Yes when asked to reboot your computer

Go to Start>>Run. Type msconfig and press Enter
Click Launch System Restore then click System Restore Settings
Uncheck Turn off system restore on all drives and click Apply>>OK
Close System Restore utility and the System Configuration Utility
 

Wheatthin77

Thread Starter
Joined
Jul 26, 2006
Messages
22
I was recently booted by my cable company for having an open proxy. Do you think that its safe enough to go back online to download the service pack.. I have not been back online with that pc since they said that I would be suspended if the proxy is still open...I cant thank you enough for your help with this...
 

Wheatthin77

Thread Starter
Joined
Jul 26, 2006
Messages
22
Thanks! I will now go back online and download the service pack...Attached, is the HJT/Avenger log


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\ojakeafk

*******************

Script file located at: \??\C:\WINDOWS\gqehinfo.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\Program Files\America Online 8.0\download\5.dat deleted successfully.
File C:\Program Files\America Online 8.0\download\rmtct.exe deleted successfully.
File C:\Program Files\Internet Explorer\a.exe deleted successfully.
File C:\Recycled\Q375359.exe deleted successfully.
File C:\RECYCLER\S-1-5-18\Dc1.DAT deleted successfully.
File C:\WINDOWS\restore.dat deleted successfully.
File C:\WINDOWS\srt_iehost.dll deleted successfully.
File C:\WINDOWS\Downloaded Program Files\orxmdzyy.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\ProfR1G.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\Q375359.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ProfR1G.exe deleted successfully.
File C:\WINDOWS\Downloaded Program Files\CONFLICT.2\ProfR1G.exe deleted successfully.
File C:\WINDOWS\SYSTEM\121336.exe deleted successfully.
File C:\WINDOWS\SYSTEM\121690.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\DlhR6z5p.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\EGCOMSERVICE2.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\EGCOMSERVICE_1053.dll deleted successfully.
File C:\WINDOWS\SYSTEM32\Kxjno.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\LjpiOq5.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\Rbl7x.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\Rdrc4j1S.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\YbtiPy8.exe deleted successfully.
File C:\WINDOWS\SYSTEM32\golumm\services.exe deleted successfully.
File C:\WINDOWS\Temp\rccvsm.dat deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 11:39:20 PM, on 8/13/2006
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\WINDOWS\System32\devldr32.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\HijackThis\HijackThis.exe

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {09F4E9B6-4978-120D-FA31-53AD044D9CC9} -
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1154652096936
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\System32\drivers\CDAC11BA.EXE
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs Inc. - C:\WINDOWS\SYSTEM32\ZoneLabs\vsmon.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
 

Wheatthin77

Thread Starter
Joined
Jul 26, 2006
Messages
22
For some odd reason, it's not allowing me to download the service pack...I get an error from Internet explorer...Internet explorer has encountered a problem and needs to to close. We are sorry for any inconvenience.
 

Wheatthin77

Thread Starter
Joined
Jul 26, 2006
Messages
22
Everything seems to be working pretty good....Thank you! Thank you! Thank you!

How do I default my browser to Internet Explorer...it keeps going to AOL and I can't stand it.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top