Trojan Vundo help please

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Hi,
Yes, yet another victim of the darn Trojan Vundo virus!!! As it seems to be the pattern I will post my "Hijack This" log and hopefully will receive back instructions on how to rid my computer of this nasty lil bugga! Thanx in advance for everyone's help. Thank God for forums such as this.

Logfile of HijackThis v1.99.1
Scan saved at 3:14:57 PM, on 1/10/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\MsgSys.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Samsung\Digimax Viewer 2.1\STImgBrowser.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Program Files\Robin Sharma TheLIFELINE\TheLIFELINE.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.alexa.com/?p=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mlljk.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [IST Service] C:\Program Files\ISTsvc\istsvc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Startup: Sunshine.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0985547d6056c97d4600/netzip/RdxIE601.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rc.messenger.msn.com/rockstar.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://www.tenspot.com/wabctrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Com
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Welcome to TSG :)

* Copy these instructions to notepad and save them to your desktop. You will need them to refer to.

*
Click here to download Please download VundoFix.exe.
  • Save the VundoFix.exe file to your desktop.
  • Double-click VundoFix.exe to extract the files.
  • This will create a VundoFix folder on your desktop.
  • After the files are extracted, please reboot your computer into Safe Mode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight Safe Mode then hit enter.
  • Once in safe mode open the VundoFix folder and doubleclick on KillVundo.bat
  • You will first be presented with a warning that should look like this
    VundoFix V2.13 by Atri
    By using VundoFix you agree that you are doing so at your own risk
    Press enter to continue....
  • At this point press the Enter key on your keyboard one time.
  • Next you will see:
    Please Type in the filepath as instructed by the forum staff and then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\mlljk.dll
  • Press Enter to continue with the fix.
  • Next you will see:
    Please type in the second filepath as instructed by
    the forum staff then press enter:
  • At this point please type the following file path (make sure to enter it exactly as below!):
    • C:\WINDOWS\system32\kjllm.*
  • Press Enter to continue with the fix.

  • If you have a script blocker running, you may get a warning about a malicious script. Allow the script to run. It is not malicious.

  • The fix will run then HijackThis will open, if it does not open automatically please open it manually.

  • In HiJackThis, please place a check next to the following items and
    click FIX CHECKED:

    • O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mlljk.dll



      [*]O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll

  • After you have fixed these items, close Hijackthis.

  • Press enter to exit the program then manually reboot your computer.

  • Once your machine reboots please continue with the instructions below.

*Download Cleanup from Here
  • Open Cleanup! by double-clicking the icon on your desktop (or from the Start > All Programs menu).
  • Click the Options... button on the right.
  • Move the arrow down to "Custom CleanUp!"
  • Put a check next to the following (Make sure nothing else is checked!):
    • Empty Recycle Bins
    • Delete Cookies
    • Cleanup! All Users
    Click OK
  • Press the CleanUp! button to start the program.
  • It may ask you to reboot at the end, click NO.

* Run ActiveScan online virus scan here
  • When the scan is finished, anything that it cannot clean have it delete it.
  • Save the results from the scan!
  • Copy the results of the ActiveScan and paste them here along with a new HiJackThis log and the vundofix.txt file from the vundofix folder into this topic.
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Hi and thank you for your speedy reply. However, I cannot continue through with the instructions as I cannot get into safe mode. Instead a black screen with safe mode written in white in both the left and right hand bottom corners of my screen appears. This hapened last time I apptenpted to fix this viurs and had to call someone in to get me back to normal working conditions. Any suggestions?
Thanx so much
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
If you cannot get into safe mode & get a black screen that says "safe mode" in all 4 corners and no desktop appears then try this.

It appears that the code in the Vundo trojan is so badly written, that many users cant go into safe mode because "explorer.exe" is occupied trying to execute these codes and occupies 100% of the CPU capacity.

Try this procedure:

When you come to the point where the black screen appears and the text "safe mode" is displayed in the corners,open the taskmanager (Ctrl+Alt+Del) and find "explorer.exe . Click on it in the list and click "Terminate". This will probably take several minutes.
Once Explorer is terminated, navigating with the mouse will be easy, however you will have a desktop without icons.

Now, remember where you installed the "VundoFix" . Open the taskmanager again, and click "File>Run" in the toolbar. Type in the filepath to the VundoFix in the scrollbar and hit enter.
The default location of the VundoFix is here :
C:\Documents and Settings\YOUR USERNAME\Desktop\VundoFix\KillVundo.bat . Replace "your username" with your actual one.
Then click "ok" and if everything work as planned, you will now be able to run the VundoFix and go on with the procedure I already posted.

Since you during this operation cant navigate via Explorer, its important that you print those instructions, both the ones here and the entire cleaning procedure for the Vundo.
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Okay, after a little bit of problems I believe i managed to do what you suggested. However, after the Activescan it wouldn't send my results to it's "laboratory"..as it said my internet connection wsan't good...which is strange cause I am always connected. Anyway, here are the results of the scan, Highjakc and vundo.fix....Hopefully we can go form there...

Logfile of HijackThis v1.99.1
Scan saved at 9:44:31 PM, on 1/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\WINDOWS\system32\LVComsX.exe
C:\Program Files\SurfAccuracy\SAcc.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\WISPTIS.EXE
C:\Documents and Settings\Jen\My Documents\The LAWS OF ATTRACTION\Outrageous Mastery\OM_2-YOU-Xpdf.exe
C:\Program Files\Adobe\Acrobat 6.0\Acrobat\Acrobat.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.alexa.com/?p=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mlljk.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Startup: Sunshine.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: (no name) - {6685509E-B47B-4f47-8E16-9A5F3A62F683} - file://C:\Program Files\Ebates_MoeMoneyMaker\Sy350\Tp350\scri350a.htm (file missing) (HKCU)
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {15AD4789-CDB4-47E1-A9DA-992EE8E6BAD6} - http://static.windupdates.com/cab/CDT/ie/bridge-c6.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.imgfarm.com/images/nocache/funwebproducts/ei/SmileyCentralFWBInitialSetup1.0.0.15.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0985547d6056c97d4600/netzip/RdxIE601.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {79849612-A98F-45B8-95E9-4D13C7B6B35C} (Loader2 Control) - http://static.topconverting.com/activex/loader2.ocx
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rc.messenger.msn.com/rockstar.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://www.tenspot.com/wabctrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe

---------------------------------------
REST TO FOLLOW
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
VundoFix V2.15 by Atri
--------------------------------------------------------------------------------------

Listing files contained in the vundofix folder.
--------------------------------------------------------------------------------------

killvundo.bat
process.exe
ReadMe.txt
vundo.reg
vundofix.txt

--------------------------------------------------------------------------------------

Filepaths entered
--------------------------------------------------------------------------------------

The filepath entered was C:\WINDOWS\system32\mlljk.dll

The second filepath entered was C:\WINDOWS\system32\kjllm.*

--------------------------------------------------------------------------------------

Log from Process
--------------------------------------------------------------------------------------


Killing PID 156 'smss.exe'

Killing PID 784 'explorer.exe'
Killing PID 784 'explorer.exe'


Killing PID 232 'winlogon.exe'
Killing PID 232 'winlogon.exe'
--------------------------------------------------------------------------------------

C:\WINDOWS\system32\mlljk.dll Deleted sucessfully.
C:\WINDOWS\system32\kjllm.* Deleted sucessfully.

Fixing Registry
--------------------------------------------------------------------------------------
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Incident Status Location

Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\Prcheck.dll
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\SurfAccuracy\SAcc.exe
Spyware:spyware/new.net Not disinfected C:\PROGRAM FILES\NEWDOTNET\newdotnet6_38.dll
Adware:adware/cws Not disinfected C:\Documents and Settings\Jen\Favorites\LIVING\Dating.lnk
Adware:adware/fastvideoplayer Not disinfected C:\WINDOWS\SYSTEM32\fastvideoplayer.dll
Spyware:spyware/marketscore Not disinfected C:\WINDOWS\SYSTEM32\osconfig.dll
Potentially unwanted tool:application/funweb Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\f3initialsetup1.0.0.15.inf
Adware:adware/topconvert Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\loader2.ocx
Adware:adware/wupd Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\MediaPassX.dll
Adware:adware/ist.yoursitebar Not disinfected C:\WINDOWS\DOWNLOADED PROGRAM FILES\YSBactivex.dll
Adware:adware/tvmedia Not disinfected C:\Documents and Settings\Jen\Application Data\tvmknwrd.dll
Adware:adware/iemenuextension Not disinfected C:\WINDOWS\IEMenuExtension.exe
Adware:adware/exact.bargainbuddy Not disinfected C:\WINDOWS\installer_SIAC.exe
Adware:adware/dyfuca Not disinfected C:\WINDOWS\optimize.exe
Adware:adware/twain-tech Not disinfected C:\WINDOWS\preInsTT.exe
Spyware:application/bestoffer Not disinfected C:\WINDOWS\smdat32a.sys
Adware:adware/alexa-toolbar Not disinfected C:\PROGRAM FILES\Alexa Toolbar
Spyware:spyware/altnet Not disinfected C:\PROGRAM FILES\Altnet
Potentially unwanted tool:application/mywebsearch Not disinfected C:\PROGRAM FILES\MyWebSearch
Adware:adware/surfaccuracy Not disinfected C:\PROGRAM FILES\SurfAccuracy
Potentially unwanted tool:application/winfixer2005 Not disinfected C:\PROGRAM FILES\WinFixer 2005
Adware:adware/dealhelper Not disinfected C:\WINDOWS\SYSTEM32\DealHelper
Adware:adware/ncase Not disinfected C:\WINDOWS\FLEOK
Spyware:spyware/clearsearch Not disinfected Windows Registry
Potentially unwanted tool:application/myway Not disinfected HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\MY WAY SPEEDBAR UNINSTALL
Adware:adware/powerscan Not disinfected Windows Registry
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jen\Cookies\[email protected][1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jen\Cookies\[email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected C:\Documents and Settings\Jen\Cookies\[email protected][1].txt
Spyware:Cookie/Reliablestats Not disinfected C:\Documents and Settings\Jen\Cookies\[email protected][1].txt
Spyware:Cookie/WinFixer Not disinfected C:\Documents and Settings\Jen\Cookies\[email protected][2].txt
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Jen\Desktop\VundoFix\VundoFix\process.exe
Adware:Adware/Alexa-Toolbar Not disinfected C:\Documents and Settings\Jen\My Documents\AlexaInstaller.exe
Adware:Adware/WUpd Not disinfected C:\Documents and Settings\Jen\temp.exe
Possible Virus. Not disinfected C:\gta.exe
Possible Virus. Not disinfected C:\gtw.exe
Adware:Adware/IST.ISTBar Not disinfected C:\inns.exe
Adware:Adware/IST.ISTBar Not disinfected C:\innstal.exe
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\FCrXML.dll
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\Program Files\Common Files\WinSoftware\Prcheck.dll
Spyware:Spyware/New.net Not disinfected C:\Program Files\NewDotNet\newdotnet6_38.dll
Adware:Adware/WUpd Not disinfected C:\Program Files\Preview AdService\PrevAdComm.dll
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\SurfAccuracy\SAcc.exe
Adware:Adware/SurfAccuracy Not disinfected C:\Program Files\SurfAccuracy\SAccU.exe
Possible Virus. Not disinfected C:\WINDOWS\Downloaded Program Files\CLOActiveXInstallerProj1.ocx
Adware:Adware/EasySearch Not disinfected C:\WINDOWS\Downloaded Program Files\ESBAdultInstaller.ocx
Potentially unwanted tool:Application/FunWeb Not disinfected C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15.inf
Adware:Adware/TopConvert Not disinfected C:\WINDOWS\Downloaded Program Files\loader2.ocx
Adware:Adware/WinAD Not disinfected C:\WINDOWS\Downloaded Program Files\MediaPassX.dll
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\Downloaded Program Files\YSBactivex.dll
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\frlun.exe
Adware:Adware/Ucmore Not disinfected C:\WINDOWS\IEMenuExtension.exe
Adware:Adware/Exact.BargainBuddy Not disinfected C:\WINDOWS\installer_SIAC.exe
Spyware:Spyware/New.net Not disinfected C:\WINDOWS\NDNuninstall6_38.exe
Adware:Adware/Dyfuca Not disinfected C:\WINDOWS\optimize.exe
Adware:Adware/IST.ISTBar Not disinfected C:\WINDOWS\orcqku.exe
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\phg16189.exe
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Adware:Adware/Transponder Not disinfected C:\WINDOWS\polmx3.exe
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\preInsMt.exe
Adware:Adware/Twain-Tech Not disinfected C:\WINDOWS\preInsTT.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\qrap.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\saap.exe
Adware:Adware/nCase Not disinfected C:\WINDOWS\saaphook.dll
Adware:Adware/SpecialOffers Not disinfected C:\WINDOWS\specialoffers.exe
Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\system32\AlxRes.dll.bak
Adware:Adware/Alexa-Toolbar Not disinfected C:\WINDOWS\system32\AlxTB2.dll
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\bxkovtfp.exe
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\cljzpjiq.exe
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\system32\drivers\dfdr.sys
Potentially unwanted tool:Application/Winfixer2005 Not disinfected C:\WINDOWS\system32\drivers\df_kmd.sys
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\system32\dun.exe
Adware:Adware/Fastvideoplayer Not disinfected C:\WINDOWS\system32\fastvideoplayer.dll
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\gcetffts.exe
Adware:Adware/DealHelper Not disinfected C:\WINDOWS\system32\Gurowp.exe
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\hdsedsto.exe
Possible Virus. Not disinfected C:\WINDOWS\system32\Hovaft.exe
Hacktool:HackTool/SRunner.B Not disinfected C:\WINDOWS\system32\instsrv.exe
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\jqiwiklh.exe
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\kpogpndv.exe
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\lpdrnqza.exe
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\mqusduja.exe
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\osconfig.dll
Spyware:Spyware/MarketScore Not disinfected C:\WINDOWS\system32\osmim.dll
Spyware:Spyware/Virtumonde Not disinfected C:\WINDOWS\system32\ssqpm.dll
Spyware:Spyware/BetterInet Not disinfected C:\WINDOWS\system32\stmtreco.exe
Adware:Adware/WUpd Not disinfected C:\WINDOWS\system32\temp.exe
Spyware:Spyware/Dluca Not disinfected C:\WINDOWS\system32\ulaexbgo.exe
Adware:Adware/P2PNetworking Not disinfected D:\WINDOWS\SYSTEM\P2P Networking\MARSHAL.DLL
Adware:Adware/P2PNetworking Not disinfected D:\WINDOWS\SYSTEM\P2P Networking v124.cpl
Spyware:Spyware/New.net Not disinfected D:\WINDOWS\TEMP\newnet\kazaa-298.exe
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt Spyware:Cookie/Mediaplex Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Tribalfusion Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/FastClick Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Zedo Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/QkSrv Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/2o7.net Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Bfast Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Server.iad.Liveperson Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Humanclick Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Kount Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Findwhat Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/did-it Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Advertising Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected D:\WINDOWS\TEMP\Cookies\jennifer [email protected][2].txt
Spyware:Spyware/Altnet Not disinfected D:\WINDOWS\TEMP\asmfiles.cab[asm.exe]
Spyware:Spyware/Altnet Not disinfected D:\WINDOWS\TEMP\Altnet\admdata.dll
Spyware:Spyware/Altnet Not disinfected D:\WINDOWS\TEMP\Altnet\admdloader.dll
Spyware:Spyware/Altnet Not disinfected D:\WINDOWS\TEMP\Altnet\admfdi.dll
Spyware:Spyware/Altnet Not disinfected D:\WINDOWS\TEMP\Altnet\Setup.exe
Spyware:Spyware/Altnet Not disinfected D:\WINDOWS\TEMP\Altnet\adm25.dll
Possible Virus. Not disinfected D:\WINDOWS\Application Data\ofqcrkllg.dll
Adware:Adware/P2PNetworking Not disinfected D:\WINDOWS\Downloaded Program Files\WebP2PInstaller.dll
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Atlas DMT Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Humanclick Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Rn11 Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Doubleclick Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Overture Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/HotLog Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Santa Monica networks inc Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Tribalfusion Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Spyware:Cookie/Bs.serving-sys Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Buzztone Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/QuestionMarket Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Clicktracks Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/WebPower Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/web-stat Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/bravenetA Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Adserver Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Abetterinternet Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Kount Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Advertising Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Mediaplex Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Hitbox Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Bs.serving-sys Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Xiti Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/2o7.net Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/CWS Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Kount Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Cookie/Rn11 Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Serving-sys Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/DomainSponsor Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/DomainSponsor Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Tickle Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/web-stat Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Cookie/Gorillanation Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/go Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Cookie/GoStats Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/Barelylegal Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Overture Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/888 Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Seeq Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/go Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][4].txt
Spyware:Cookie/web-stat Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][4].txt
Spyware:Cookie/Com.com Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][4].txt
Spyware:Cookie/Kazaa Networks Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][1].txt
Spyware:Cookie/Tickle Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Cookie/Kount Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][4].txt
Spyware:Cookie/Serving-sys Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Cookie/BurstBeacon Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/DomainSponsor Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][2].txt
Spyware:Cookie/DomainSponsor Not disinfected D:\WINDOWS\Cookies\jennifer [email protected][3].txt
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\asm.exe
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\admdloader.dll
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\admdata.dll
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\admfdi.dll
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\adm25.dll
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\adm.exe
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\adm4.dll
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\admprog.dll
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\asmend.exe
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Download Manager\altnetuninstall.exe
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Points Manager\sysdetect.dll
Spyware:Spyware/Altnet Not disinfected D:\Program Files\Altnet\Points Manager\Points Manager.exe
Adware:Adware/KeenValue Not disinfected D:\Program Files\PerfectNav\BHO\Tipb.exe
Adware:Adware/KeenValue Not disinfected D:\Program Files\PerfectNav\BHO\PerfectNav150.dll
Adware:Adware/Gator.Weather Not disinfected D:\Program Files\COMMON FILES\GMT\GMT.exe
 

Cheeseball81

Retired Moderator
Joined
Mar 3, 2004
Messages
84,315
Click here to download the trial version of Ewido Security Suite:
http://www.ewido.net/en/download/

· Install Ewido.
· During the installation, under "Additional Options" uncheck "Install background guard" and "Install scan via context menu".
· Launch ewido.
· It will prompt you to update click the OK button and it will go to the main screen.
· On the left side of the main screen click update.
· Click on Start and let it update.
· DO NOT run a scan yet.

Restart your computer into Safe Mode now.
(Start tapping the F8 key at Startup, before the Windows logo screen).
Perform the following steps in Safe Mode:

* Run Ewido:
Click on scanner
Click Complete System Scan and the scan will begin.
During the scan it will prompt you to clean files, click OK.
When the scan is finished, look at the bottom of the screen and click the Save report button.
Save the report to your desktop.

Reboot.

Post a new Hijack This log and the results of the Ewido scan.
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Okay, here is the Ewido scan and new hijack this scan:::

ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 1:51:45 PM, 1/14/2006
+ Report-Checksum: 89E089E5

+ Scan result:

C:\Documents and Settings\Jen\Cookies\[email protected][1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
C:\Documents and Settings\Jen\Cookies\[email protected][2].txt -> Spyware.Cookie.Atdmt : Cleaned with backup
C:\Documents and Settings\Jen\Cookies\[email protected][1].txt -> Spyware.Cookie.Doubleclick : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002472.exe -> Spyware.BargainBuddy : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002473.exe/cd_clint.dll -> Spyware.Cydoor : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002474.dll -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002475.dll -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002476.exe -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002477.dll -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002478.dll -> Downloader.WebP2PInstaller : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002479.exe -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002480.dll -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002481.dll -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002482.dll -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002483.dll -> Adware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002484.exe -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002485.exe -> Spyware.Altnet : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002486.dll -> Adware.BrilliantDigital : Cleaned with backup
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002487.exe -> Downloader.Keenval.e : Cleaned with backup


::Report End

--------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 2:01:33 PM, on 1/14/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\pcAnywhere\awhost32.exe
C:\Program Files\NavNT\defwatch.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\NavNT\rtvscan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\MsgSys.EXE
C:\WINDOWS\Explorer.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\PROGRA~1\NavNT\vptray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\NetAssistant\bin\mpbtn.exe
C:\WINDOWS\system32\LVComsX.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Logitech\Video\FxSvr2.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer,(Default) = www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://www.alexa.com/?p=home
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R3 - URLSearchHook: (no name) - _{20EC3D2D-33C1-4C9D-BC37-C2D500688DA2} - (no file)
R3 - URLSearchHook: (no name) - _{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: MSEvents Object - {B313D637-F405-4052-AC37-E2119AB3C8F8} - C:\WINDOWS\system32\mlljk.dll (file missing)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\NavNT\vptray.exe
O4 - HKLM\..\Run: [SurfAccuracy] C:\Program Files\SurfAccuracy\SAcc.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKLM\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKLM\..\RunServices: [CTHelper] cthelper.exe
O4 - HKLM\..\RunServices: [PcSync] PCsync.exe
O4 - HKCU\..\Run: [WeatherEye] C:\program files\TheWeatherNetwork\WeatherEye\WeatherEye
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\RunServices: [CPQHotkeys] hotkeysvc.exe
O4 - HKCU\..\RunServices: [CTHelper] cthelper.exe
O4 - HKCU\..\RunServices: [PcSync] PCsync.exe
O4 - Startup: Sunshine.lnk = ?
O4 - Global Startup: Digimax Viewer 2.1.lnk = ?
O4 - Global Startup: NetAssistant.lnk = C:\Program Files\NetAssistant\bin\matcli.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://C:\Program Files\Google\GoogleToolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O8 - Extra context menu item: Write a Review... - http://client.alexa.com/holiday/script/actions/review.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra 'Tools' menuitem: Yahoo! Login - {2499216C-4BA5-11D5-BD9C-000103C116D5} - C:\Program Files\Yahoo!\Common\ylogin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {17D72920-7A15-11D4-921E-0080C8DA7A5E} (AimSp32 Class) - http://makeover.ivillage.com/save/makeover.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {42F2C9BA-614F-47C0-B3E3-ECFD34EED658} (Installer Class) - http://www.ysbweb.com/ist/softwares/v4.0/ysb_1002952.cab
O16 - DPF: {4C39376E-FA9D-4349-BACC-D305C1750EF3} (EPUImageControl Class) - http://tools.ebayimg.com/eps/wl/activex/EPUWALControl_v1-0-3-24.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by102fd.bay102.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {56336BCB-3D8A-11D6-A00B-0050DA18DE71} (RdxIE Class) - http://software-dl.real.com/0985547d6056c97d4600/netzip/RdxIE601.cab
O16 - DPF: {6F750200-1362-4815-A476-88533DE61D0C} (Ofoto Upload Manager Class) - http://www.kodakgallery.com/downloads/BUM/BUM_WIN_IE_1/axofupld.cab
O16 - DPF: {6FDB0065-2787-11D6-B1D8-0001023916FC} (CLOActiveXInstaller Control) - http://www.igl.net/clo/install/CLOActiveXInstallerProj1.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {8E28B3A9-FE83-45D1-B657-D5426B81A121} (CustomerCtrl Class) - http://cs2b.instantservice.com/jars/customerxsigned42.cab
O16 - DPF: {8F24DE00-0D66-4F93-9405-3F21E97AEE99} (TestingCtl Control) - http://esb.alcena.com/ESBAdultInstaller.ocx
O16 - DPF: {9122D757-5A4F-4768-82C5-B4171D8556A7} (PhotoPickConvert Class) - http://appdirectory.messenger.msn.com/AppDirectory/P4Apps/PhotoSwap/PhtPkMSN.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {C852B12E-3F08-4099-AF8E-32FD327B88EA} (msnloader Class) - http://rc.messenger.msn.com/rockstar.cab
O16 - DPF: {FA9740A2-5802-42E2-B509-81186EEB3C42} (WABControl Class) - http://www.tenspot.com/wabctrl.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: mlljk - C:\WINDOWS\system32\mlljk.dll (file missing)
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\system32\NavLogon.dll
O20 - Winlogon Notify: PCANotify - C:\WINDOWS\SYSTEM32\PCANotify.dll
O23 - Service: pcAnywhere Host Service (awhost32) - Symantec Corporation - C:\Program Files\Symantec\pcAnywhere\awhost32.exe
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\NavNT\defwatch.exe
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Norton AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\NavNT\rtvscan.exe
 

Cookiegal

Karen
Administrator
Malware Specialist Coordinator
Joined
Aug 27, 2003
Messages
120,892
Cheeseball81 asked me to help out here as she is not feeling too well.


Download the LSP Fix just in case you lose your Internet connection as a result of removing New.Net. It shouldn’t happen and this is just a precaution but if it does, run the LPS Fix to get the connection back and click the "I know what I'm doing" checkbox. (Don't do anything else). Only run this tool if you lose your Internet connection.

Then click Finish.

http://cexx.org/lspfix.htm



Go to Control Panel - Add/Remove programs and remove any of these you find there:

SurfAccuracy
NewdotNet
WinFixer 2005
MyWay
Preview Ad Service
P2P Networking



Do this on-line virus scan:

Housecall


Kaspersky

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.

  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
  • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
  • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:
  • Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.


Also, please run another Panda scan and post the log again. Hopefully, some of the stuff it found before will have been weeded out.
 

imajen

Thread Starter
Joined
Jan 3, 2006
Messages
9
Couldn't get into Housecall. Why is it when I run my Norton scan it doesn't detect anything but the Kapersky scan detected a bunch of viruses? How many scans do I have to do?? Shoul dmy Norton not protect me? Here is the Kapersky scan
------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Tuesday, January 17, 2006 15:47:58
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 16/01/2006
Kaspersky Anti-Virus database records: 171539
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 102500
Number of viruses found: 54
Number of infected objects: 113
Number of suspicious objects: 4
Duration of the scan process: 7504 sec

Infected Object Name - Virus Name
C:\data Infected: Trojan-Downloader.Win32.IstBar.ja
C:\Documents and Settings\All Users\Application Data\Setup\Setup.dll Infected: Trojan.Win32.StartPage.ku
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\01140000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\02500000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\026C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\041C0000.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04800000.VBN Infected: Trojan-Downloader.Win32.ConHook.r
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\04C40000.VBN Infected: Trojan-Downloader.Win32.ConHook.r
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08C00000.VBN Infected: not-a-virus:AdWare.Win32.EliteBar.z
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\08C00002.VBN Infected: Trojan.Win32.StartPage.nk
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D700000.VBN/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D700000.VBN/data0002 Infected: Trojan-Downloader.Win32.Keenval.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D700000.VBN Infected: Trojan-Downloader.Win32.Keenval.f
C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\0D700002.VBN Infected: not-a-virus:AdWare.Win32.Virtumonde.gen
C:\Documents and Settings\Jen\My Documents\ICONS\farm.exe/WISE0019.BIN Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\Documents and Settings\Jen\My Documents\ICONS\farm.exe/WISE0020.BIN Infected: not-a-virus:AdWare.Win32.Gator.3103
C:\Documents and Settings\Jen\My Documents\ICONS\farm.exe/WISE0021.BIN Infected: not-a-virus:AdWare.Win32.EZula.z
C:\Documents and Settings\Jen\My Documents\ICONS\farm.exe/WISE0022.BIN Infected: Trojan-Dropper.Win32.Agent.pd
C:\Documents and Settings\Jen\My Documents\ICONS\farm.exe Infected: Trojan-Dropper.Win32.Agent.pd
C:\Program Files\wordreferenceENES.exe/stream/data0016 Infected: not-a-virus:AdWare.Win32.SearchIt.o
C:\Program Files\wordreferenceENES.exe/stream Infected: not-a-virus:AdWare.Win32.SearchIt.o
C:\Program Files\wordreferenceENES.exe Infected: not-a-virus:AdWare.Win32.SearchIt.o
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP2\A0001309.exe Infected: Trojan-Dropper.Win32.Agent.gk
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP2\A0001311.exe Infected: Trojan-Dropper.Win32.Agent.gk
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002361.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002429.exe Infected: not-a-virus:AdWare.Win32.WinAD.ab
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002430.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002431.exe Infected: Trojan-Downloader.Win32.IstBar.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002433.exe/stream/data0007 Infected: not-a-virus:AdWare.Win32.AlexaBar.a
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002433.exe/stream/data0008 Infected: not-a-virus:AdWare.Win32.AlexaBar.a
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002433.exe/stream Infected: not-a-virus:AdWare.Win32.AlexaBar.a
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002433.exe Infected: not-a-virus:AdWare.Win32.AlexaBar.a
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002434.dll Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002435.dll Infected: not-a-virus:AdWare.Win32.WinAD.ab
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002438.exe Infected: not-a-virus:AdWare.Win32.SurfAccuracy.d
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002440.exe Infected: Trojan-Downloader.Win32.IstBar.ij
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002441.exe/unknown2.bin Infected: not-a-virus:AdWare.Win32.Ucmore.e
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002441.exe/UCMTSAIE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore.a
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002441.exe/IUCMORE.DLL Infected: not-a-virus:AdWare.Win32.Ucmore
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002441.exe Infected: not-a-virus:AdWare.Win32.Ucmore
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002442.exe Infected: Trojan-Downloader.Win32.Adload.a
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002443.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002444.exe Infected: Trojan-Downloader.Win32.Dyfuca.dk
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002445.exe Infected: Trojan-Downloader.Win32.IstBar.hh
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002446.exe Infected: Trojan-Downloader.Win32.Agent.ab
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002447.exe Infected: Trojan-Downloader.Win32.Agent.ae
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002448.exe Infected: not-a-virus:AdWare.Win32.BiSpy.q
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002449.exe Infected: not-a-virus:AdWare.Win32.BiSpy.f
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002450.exe Infected: not-a-virus:AdWare.Win32.180Solutions
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002451.exe Infected: not-a-virus:AdWare.Win32.180Solutions
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002452.dll Infected: not-a-virus:AdWare.Win32.180Solutions
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002453.dll Infected: not-a-virus:AdWare.Win32.AlexaBar.b
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002454.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002455.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002457.exe Infected: not-a-virus:AdWare.Win32.DealHelper.x
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002458.dll Infected: Trojan-Downloader.Win32.Dyfuca.dn
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002459.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002460.exe Infected: not-a-virus:AdWare.Win32.DealHelper.x
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002461.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002462.exe Infected: not-a-virus:AdWare.Win32.DealHelper.aa
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002464.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002465.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002466.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002467.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002469.exe Infected: not-a-virus:AdWare.Win32.BetterInternet
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002470.exe Infected: not-a-virus:AdWare.Win32.WinAD.ab
C:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP3\A0002471.exe Infected: Trojan-Downloader.Win32.Dluca.gen
C:\WINDOWS\esba-4.exe/WISE0007.BIN Infected: Backdoor.Win32.Ruledor.e
C:\WINDOWS\esba-4.exe/WISE0008.BIN Infected: Trojan-Downloader.Win32.Agent.ab
C:\WINDOWS\esba-4.exe/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.SpecialOffers.a
C:\WINDOWS\esba-4.exe/WISE0010.BIN Infected: Trojan-Dropper.Win32.Small.gj
C:\WINDOWS\esba-4.exe/WISE0011.BIN Infected: Trojan-Downloader.Win32.IstBar.er
C:\WINDOWS\esba-4.exe Infected: Trojan-Downloader.Win32.IstBar.er
C:\WINDOWS\specialoffers.exe Infected: not-a-virus:AdWare.Win32.SpecialOffers.a
C:\WINDOWS\system32\osconfig.dll Infected: not-a-virus:Server-Proxy.Win32.MarketScode.c
C:\WINDOWS\Temp\ASHeuristic\ofqcrkllg_dll.vir Infected: not-a-virus:AdWare.Win32.Lop.d
D:\WINDOWS\TEMP\newnet\kazaa-298.exe Infected: not-a-virus:AdWare.Win32.NewDotNet
D:\WINDOWS\TEMP\Adware\Setup_PerfectNav.exe/data0002/data0003 Infected: Trojan-Downloader.Win32.Keenval
D:\WINDOWS\TEMP\Adware\Setup_PerfectNav.exe/data0002/data0004 Infected: Trojan-Downloader.Win32.Keenval
D:\WINDOWS\TEMP\Adware\Setup_PerfectNav.exe/data0002/data0005 Infected: Trojan-Downloader.Win32.Keenval
D:\WINDOWS\TEMP\Adware\Setup_PerfectNav.exe/data0002 Infected: Trojan-Downloader.Win32.Keenval
D:\WINDOWS\TEMP\Adware\Setup_PerfectNav.exe/data0008 Infected: Trojan-Downloader.Win32.Keenval.f
D:\WINDOWS\TEMP\Adware\Setup_PerfectNav.exe/data0009 Infected: not-a-virus:AdWare.Win32.Perfnav.c
D:\WINDOWS\TEMP\Adware\Setup_PerfectNav.exe Infected: not-a-virus:AdWare.Win32.Perfnav.c
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From "Network Mail Service" <[email protected]>][Date 20 Nov 2003 19:42:39 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From "Network Mail Service" <[email protected]>][Date 20 Nov 2003 19:42:39 +0100]/UNNAMED/fzqysr.exe Infected: Email-Worm.Win32.Swen
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From "Network Mail Service" <[email protected]>][Date 20 Nov 2003 19:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Swen
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From [email protected]][Date Fri, 30 Jan 2004 18:36:14 -0600]/UNNAMED/text.zip/text.htm .scr Infected: Email-Worm.Win32.Mydoom.a
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From [email protected]][Date Fri, 30 Jan 2004 18:36:14 -0600]/UNNAMED/text.zip Infected: Email-Worm.Win32.Mydoom.a
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From [email protected]][Date Fri, 30 Jan 2004 18:36:14 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From "Network Mail Service" <[email protected]>][Date 20 Nov 2003 19:42:39 +0100]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From "Network Mail Service" <[email protected]>][Date 20 Nov 2003 19:42:39 +0100]/UNNAMED/fzqysr.exe Infected: Email-Worm.Win32.Swen
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From "Network Mail Service" <[email protected]>][Date 20 Nov 2003 19:42:39 +0100]/UNNAMED Infected: Email-Worm.Win32.Swen
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From [email protected]][Date Fri, 30 Jan 2004 18:36:14 -0600]/UNNAMED/text.zip/text.htm .scr Infected: Email-Worm.Win32.Mydoom.a
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From [email protected]][Date Fri, 30 Jan 2004 18:36:14 -0600]/UNNAMED/text.zip Infected: Email-Worm.Win32.Mydoom.a
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx/[From [email protected]][Date Fri, 30 Jan 2004 18:36:14 -0600]/UNNAMED Infected: Email-Worm.Win32.Mydoom.a
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Inbox.dbx Infected: Email-Worm.Win32.Mydoom.a
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Deleted Items.dbx/[From "MS Corporation Security Division" <[email protected]_msn.com>][Date Sat, 20 Mar 2004 16:28:38 +0900 (JST)]/pack8831.exe Infected: Email-Worm.Win32.Swen
D:\WINDOWS\Application Data\Microsoft\Outlook Express\Deleted Items.dbx Infected: Email-Worm.Win32.Swen
D:\WINDOWS\Application Data\ofqcrkllg.dll Infected: not-a-virus:AdWare.Win32.Lop.d
D:\WINDOWS\Downloaded Program Files\ieatgpc.dll Infected: not-a-virus:AdWare.Win32.WebEx
D:\My Documents\MY ONLINE BUSINESS\Auction Info\atclient.exe//Disk1/ieatgpc.dll Infected: not-a-virus:AdWare.Win32.WebEx.b
D:\My Documents\MY ONLINE BUSINESS\Auction Info\atclient.exe Infected: not-a-virus:AdWare.Win32.WebEx.b
D:\Program Files\Altnet\Download Manager\adm.exe Infected: not-a-virus:AdWare.Win32.Altnet.p
D:\Program Files\Altnet\Download Manager\adm4.dll Infected: not-a-virus:AdWare.Win32.Altnet.a
D:\Program Files\PerfectNav\BHO\PerfectNav150.dll Infected: not-a-virus:AdWare.Win32.Perfnav.c
D:\Program Files\COMMON FILES\GMT\EGGCEngine.dll Infected: not-a-virus:AdWare.Win32.Gator.5017
D:\Program Files\COMMON FILES\GMT\EGIEProcess.dll Infected: not-a-virus:AdWare.Win32.Gator.5115
D:\Program Files\COMMON FILES\GMT\EGNSEngine.dll Infected: not-a-virus:AdWare.Win32.Gator.5017
D:\Program Files\COMMON FILES\GMT\GatorRes.dll Infected: not-a-virus:AdWare.Win32.Gator.5115
D:\Program Files\COMMON FILES\GMT\GMT.exe Infected: not-a-virus:AdWare.Win32.Gator.5112
D:\Program Files\Norton AntiVirus\Quarantine\31CB43EA/[From [email protected]][Date Sat, 1 May 2004 15:41:33 -0500]/UNNAMED/html Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Program Files\Norton AntiVirus\Quarantine\31CB43EA/[From [email protected]][Date Sat, 1 May 2004 15:41:33 -0500]/UNNAMED Suspicious: Exploit.HTML.Iframe.FileDownload
D:\Program Files\Norton AntiVirus\Quarantine\31CB43EA/[From [email protected]][Date Sat, 1 May 2004 15:41:33 -0500]/message.scr Infected: Email-Worm.Win32.NetSky.q
D:\Program Files\Norton AntiVirus\Quarantine\31CB43EA Infected: Email-Worm.Win32.NetSky.q
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP2\A0001312.exe/data0003 Infected: Trojan-Downloader.Win32.Keenval.f
D:\System Volume Information\_restore{97F140B0-F6CE-41D4-8B36-2DF2C92A05C2}\RP2\A0001312.exe Infected: Trojan-Downloader.Win32.Keenval.f

Scan process completed.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Members online

Top