Options
I have HJT, Panda, and Smit,. plz help
Hey guys I have another virus that i need thelp with destroying! thanks
Logfile of HijackThis v1.99.1
Scan saved at 12:09:36 PM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\lo-2077490182.exe
C:\lo1761549668.exe
C:\WINDOWS\Downloaded Program Files\win32.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\h91746.exe
C:\WINDOWS\System32\vxgamet2.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\slx.exeÛ
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\rsysinit.exe
C:\WINDOWS\System32\vxgame2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskdir.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\moohqncs.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\taskdir~.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\Rar$EX00.796\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\testtestt.exe
O4 - HKLM\..\Run: [ca0aafa2.exe] C:\WINDOWS\System32\ca0aafa2.exe
O4 - HKLM\..\Run: [ÿ_zsk] C:\WINDOWS\System32\_zskwrkni05F]\JWSA`YFSG^VL\.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe
O4 - HKLM\..\RunServices: [ÿ_zsk] C:\WINDOWS\System32\_zskwrkni05F]\JWSA`YFSG^VL\.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [ca0aafa2.exe] C:\Documents and Settings\Nate\Local Settings\Application Data\ca0aafa2.exe
O4 - HKCU\..\Run: [ÿ_zsk] C:\WINDOWS\System32\_zskwrkni05F]\JWSA`YFSG^VL\.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Nate\LOCALS~1\Temp\1D.tmp3072.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll
O21 - SSODL: szaXOhPdKua - {7C27841C-D68D-2EB6-8BDA-96F887A9C4E0} - C:\WINDOWS\System32\nhqu.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
SmitFraudFix v2.46
Scan done at 12:13:39.71, Thu 07/13/2006
Run from C:\Documents and Settings\Nate\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\desktop.html FOUND !
C:\WINDOWS\xpupdate.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dlh9jkdq?.exe FOUND !
C:\WINDOWS\system32\kernels8.exe FOUND !
C:\WINDOWS\system32\qvxgamet?.exe FOUND !
C:\WINDOWS\system32\taskdir.dll FOUND !
C:\WINDOWS\system32\taskdir.exe FOUND !
C:\WINDOWS\system32\taskdir~.exe FOUND !
C:\WINDOWS\system32\vxgame?.exe FOUND !
C:\WINDOWS\system32\vxgamet?.exe FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nate\Application Data
C:\Documents and Settings\Nate\Application Data\Install.dat FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\BraveSentry\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\2236_27.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\2236_27.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="OLE Automation Module"
[HKEY_CLASSES_ROOT\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\System32\mscdaux.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\System32\mscdaux.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Incident Status Location
Adware:Adware/SpySheriff Not disinfected c:\docume~1\nate\locals~1\temp\1d.tmp3072.exe
Virus:Trj/Alanchum.BJ Disinfected Operating system
Adware:Adware/BraveSentry Not disinfected c:\windows\xpupdate.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\ca0aafa2.exe
Virus:Trj/Monurl.T Disinfected Operating system
Adware:Adware/CWS.Searchmeup Not disinfected C:\WINDOWS\System32\nhqu.dll
Virus:Trj/Spammer.AZ Disinfected Operating system
Virus:Trj/Jupillites.G Disinfected Operating system
Virus:Trj/Exitwin.D Disinfected Operating system
Virus:Trj/Monurl.T Disinfected Operating system
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\System32\vxgamet2.exe
Adware:Adware/SystemDoctor Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\h91746.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\System32\dlh9jkdq2.exe
Adware:adware/adsmart Not disinfected C:\WINDOWS\Downloaded Program Files\win32.exe
Virus:Trj/Jupillites.I Disinfected Operating system
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\artD3AF.tmp
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\art82A5.tmp
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\art7E61.tmp
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\art6046.tmp
Virus:Trj/Jupillites.I Disinfected Operating system
Adware:adware/adsmart Not disinfected c:\windows\system32\dlh9jkdq1.exe
Hacktool:rootkit/taskdirhide Not disinfected c:\windows\system32\taskdir.dll
Potentially unwanted tool:application/bravesentry Not disinfected C:\Documents and Settings\Nate\Desktop\BraveSentry.lnk
Adware:adware/bravesentry Not disinfected c:\windows\desktop.html
Adware:adware/securitytoolbar Not disinfected Windows Registry
Adware:adware/secure32 Not disinfected C:\WINDOWS\System32\drivers\etc\hosts
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll~
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nate\Cookies\nate@2o7[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nate\Cookies\nate@www.myaffiliateprogram[1].txt
Potentially unwanted tool:Application/1stAntiVirus Not disinfected C:\Documents and Settings\Nate\Desktop\downloads\Install_1stAntiVirus.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nate\Desktop\SmitfraudFix\Process.exe
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Nate\Desktop\SmitfraudFix.zip
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Nate\Local Settings\Application Data\ca0aafa2.exe
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1D.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1D.tmp3072.exe
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1E.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1F.tmp
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\2.dlb
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\28.tmp
Adware:Adware/Tibs Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\5.dlb
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\6.dlb
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\art6046.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\art7E61.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\art82A5.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\artD3AF.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\fprvnsob.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\h91746.exe
Dialer:Dialer.HEV Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\maxdd1.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\qvxt2.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\qvxt3.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\qvxt4.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx1.game
Virus:Trj/Jupillites.G Disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx2.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx3.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx4.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx6.game
Virus:Trj/Downloader.IMA Disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt1.game
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt2.game
Virus:Trj/Monurl.T Disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt3.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt4.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\1FNT7HZ8\2236[1].exe
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\1FNT7HZ8\sploit[1].anr
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[Beyond.class]
Virus:Trj/Multidropper.ANY Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\krab03[1].exe
Virus:Trj/Click-Hunter.A Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\runfile[1].exe
Virus:Exploit/Codebase.X Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\targ[1].chm[/target.htm]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[Beyond.class]
Virus:Trj/Alanchum.BJ Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\ipod[1].raw
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\loader6[1].exe
Virus:Trj/Spammer.AZ Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\scane[1].exe
Virus:Exploit/Codebase.X Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\targ[1].chm[/target.htm]
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\F279T9FJ\sploit[1].anr
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\MJ6ZMPYL\WinAntiVirusPro2006FreeInstall[1].cab[UWA6P_0001_N85M0307NetInstaller.exe]
Adware:Adware/BraveSentry Not disinfected C:\Program Files\BraveSentry\BraveSentry.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\BraveSentry\BraveSentry0.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\BraveSentry\BraveSentry2.dll
Adware:Adware/BraveSentry Not disinfected C:\Program Files\BraveSentry\BraveSentry3.dll
Adware:Adware/BraveSentry Not disinfected C:\Program Files\BraveSentry\Uninstall.exe
Virus:W32/Alcan.A.worm Disinfected C:\RECYCLER\S-1-5-21-2052111302-527237240-839522115-1003\Dc3.zip[Setup.exe]
Adware:Adware/Tibs Not disinfected C:\WINDOWS\system32\dlh9jkdq5.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\system32\dlh9jkdq6.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\system32\dlh9jkdq7.exe
Virus:Trj/Alanchum.BJ Disinfected C:\WINDOWS\system32\ipod.raw.exe
Dialer:Dialer.HEV Not disinfected C:\WINDOWS\system32\maxd641.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\qvxgamet2.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\qvxgamet4.exe
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\TheMatrixHasYou.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\vxgame1.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\vxgame3.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgame4.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgame6.exe
Virus:Trj/Downloader.IMA Disinfected C:\WINDOWS\system32\vxgamet1.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgamet4.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05ESKAHBJIECTRNDQG.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05ESKAHBJIECTRNDQG.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05HAR[HPHFB^D`ZU_U.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05HAR[HPHFB^D`ZU_U.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05SWVD^G^HDGQY[NQG.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05SWVD^G^HDGQY[NQG.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05UTCSPYFMAYNCR[^U.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05UTCSPYFMAYNCR[^U.exe
Logfile of HijackThis v1.99.1
Scan saved at 12:09:36 PM, on 7/13/2006
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ewido anti-malware\ewidoctrl.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ICQLite\ICQLite.exe
C:\WINDOWS\System32\RunDll32.exe
C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE
C:\Program Files\MySpace\IM\MySpaceIM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\iTunes\iTunes.exe
C:\lo-2077490182.exe
C:\lo1761549668.exe
C:\WINDOWS\Downloaded Program Files\win32.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\h91746.exe
C:\WINDOWS\System32\vxgamet2.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\slx.exeÛ
C:\WINDOWS\System32\vxgamet3.exe
C:\WINDOWS\System32\dlh9jkdq2.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\vxgamet3.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\rsysinit.exe
C:\WINDOWS\System32\vxgame2.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\taskdir.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\moohqncs.exe
C:\WINDOWS\System32\rundll32.exe
C:\WINDOWS\System32\taskdir~.exe
C:\Program Files\Lavasoft\Ad-Aware SE Personal\Ad-Aware.exe
C:\WINDOWS\explorer.exe
C:\DOCUME~1\Nate\LOCALS~1\Temp\Rar$EX00.796\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
F2 - REG:system.ini: Shell=explorer.exe "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ntos.exe,
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (file missing)
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_03\bin\jusched.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [winupdates] C:\Program Files\winupdates\winupdates.exe /auto
O4 - HKLM\..\Run: [System] C:\WINDOWS\System32\testtestt.exe
O4 - HKLM\..\Run: [ca0aafa2.exe] C:\WINDOWS\System32\ca0aafa2.exe
O4 - HKLM\..\Run: [ÿ_zsk] C:\WINDOWS\System32\_zskwrkni05F]\JWSA`YFSG^VL\.exe
O4 - HKLM\..\RunServices: [SystemTools] C:\WINDOWS\System32\testtestt.exe
O4 - HKLM\..\RunServices: [ÿ_zsk] C:\WINDOWS\System32\_zskwrkni05F]\JWSA`YFSG^VL\.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [EPSON Stylus C80 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_A10IC2.EXE /P23 "EPSON Stylus C80 Series" /O5 "LPT1:" /M "Stylus C80"
O4 - HKCU\..\Run: [MySpaceIM] C:\Program Files\MySpace\IM\MySpaceIM.exe
O4 - HKCU\..\Run: [Windows update loader] C:\Windows\xpupdate.exe
O4 - HKCU\..\Run: [ca0aafa2.exe] C:\Documents and Settings\Nate\Local Settings\Application Data\ca0aafa2.exe
O4 - HKCU\..\Run: [ÿ_zsk] C:\WINDOWS\System32\_zskwrkni05F]\JWSA`YFSG^VL\.exe
O4 - HKCU\..\Run: [taskdir] C:\WINDOWS\System32\taskdir.exe
O4 - HKCU\..\Run: [WinMedia] C:\DOCUME~1\Nate\LOCALS~1\Temp\1D.tmp3072.exe
O4 - HKCU\..\Run: [shell] "C:\Program Files\Common Files\Microsoft Shared\Web Folders\ibm00001.exe"
O4 - HKCU\..\Run: [BraveSentry] C:\Program Files\BraveSentry\BraveSentry.exe
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab
O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab
O16 - DPF: Yahoo! Literati - http://download.games.yahoo.com/games/clients/y/tt4_x.cab
O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab
O16 - DPF: Yahoo! Word Racer - http://download.games.yahoo.com/games/clients/y/wt1_x.cab
O16 - DPF: {6E5A37BF-FD42-463A-877C-4EB7002E68AE} (Housecall ActiveX 6.5) - http://housecall65.trendmicro.com/housecall/applet/html/native/x86/win32/activex/hcImpl.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: artm_newreg - C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll
O21 - SSODL: DCOM Server 2236 - {2C1CD3D7-86AC-4068-93BC-A02304BB2236} - C:\WINDOWS\System32\2236_27.dll
O21 - SSODL: szaXOhPdKua - {7C27841C-D68D-2EB6-8BDA-96F887A9C4E0} - C:\WINDOWS\System32\nhqu.dll
O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: StarWind iSCSI Service (StarWindService) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindService.exe
SmitFraudFix v2.46
Scan done at 12:13:39.71, Thu 07/13/2006
Run from C:\Documents and Settings\Nate\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600]
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
C:\WINDOWS\desktop.html FOUND !
C:\WINDOWS\xpupdate.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\dlh9jkdq?.exe FOUND !
C:\WINDOWS\system32\kernels8.exe FOUND !
C:\WINDOWS\system32\qvxgamet?.exe FOUND !
C:\WINDOWS\system32\taskdir.dll FOUND !
C:\WINDOWS\system32\taskdir.exe FOUND !
C:\WINDOWS\system32\taskdir~.exe FOUND !
C:\WINDOWS\system32\vxgame?.exe FOUND !
C:\WINDOWS\system32\vxgamet?.exe FOUND !
C:\WINDOWS\system32\zlbw.dll FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Nate\Application Data
C:\Documents and Settings\Nate\Application Data\Install.dat FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»»
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
C:\Program Files\BraveSentry\ FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{CA14EE13-ED15-C4A2-17FF-DA4D15C1BC5E}"="Twain"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{64ba30a2-811a-4597-b0af-d551128be340}"="AppManager"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{2C1CD3D7-86AC-4068-93BC-A02304BB2236}"="DCOM Server 2236"
[HKEY_CLASSES_ROOT\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\2236_27.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{2C1CD3D7-86AC-4068-93BC-A02304BB2236}\InProcServer32]
@="C:\WINDOWS\System32\2236_27.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}"="OLE Automation Module"
[HKEY_CLASSES_ROOT\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\System32\mscdaux.dll"
[HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{3F143C3A-1457-6CCA-03A7-7AA23B61E40F}\InProcServer32]
@="C:\WINDOWS\System32\mscdaux.dll"
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Incident Status Location
Adware:Adware/SpySheriff Not disinfected c:\docume~1\nate\locals~1\temp\1d.tmp3072.exe
Virus:Trj/Alanchum.BJ Disinfected Operating system
Adware:Adware/BraveSentry Not disinfected c:\windows\xpupdate.exe
Adware:Adware/SystemDoctor Not disinfected c:\windows\system32\ca0aafa2.exe
Virus:Trj/Monurl.T Disinfected Operating system
Adware:Adware/CWS.Searchmeup Not disinfected C:\WINDOWS\System32\nhqu.dll
Virus:Trj/Spammer.AZ Disinfected Operating system
Virus:Trj/Jupillites.G Disinfected Operating system
Virus:Trj/Exitwin.D Disinfected Operating system
Virus:Trj/Monurl.T Disinfected Operating system
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\System32\vxgamet2.exe
Adware:Adware/SystemDoctor Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\h91746.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\System32\dlh9jkdq2.exe
Adware:adware/adsmart Not disinfected C:\WINDOWS\Downloaded Program Files\win32.exe
Virus:Trj/Jupillites.I Disinfected Operating system
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\artD3AF.tmp
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\art82A5.tmp
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\art7E61.tmp
Adware:Adware/SpySheriff Not disinfected C:\DOCUME~1\Nate\LOCALS~1\Temp\art6046.tmp
Virus:Trj/Jupillites.I Disinfected Operating system
Adware:adware/adsmart Not disinfected c:\windows\system32\dlh9jkdq1.exe
Hacktool:rootkit/taskdirhide Not disinfected c:\windows\system32\taskdir.dll
Potentially unwanted tool:application/bravesentry Not disinfected C:\Documents and Settings\Nate\Desktop\BraveSentry.lnk
Adware:adware/bravesentry Not disinfected c:\windows\desktop.html
Adware:adware/securitytoolbar Not disinfected Windows Registry
Adware:adware/secure32 Not disinfected C:\WINDOWS\System32\drivers\etc\hosts
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\All Users\Documents\Settings\artm_new.dll~
Spyware:Cookie/2o7 Not disinfected C:\Documents and Settings\Nate\Cookies\nate@2o7[2].txt
Spyware:Cookie/myaffiliateprogram Not disinfected C:\Documents and Settings\Nate\Cookies\nate@www.myaffiliateprogram[1].txt
Potentially unwanted tool:Application/1stAntiVirus Not disinfected C:\Documents and Settings\Nate\Desktop\downloads\Install_1stAntiVirus.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\Documents and Settings\Nate\Desktop\SmitfraudFix\Process.exe
Virus:W32/Bagle.pwdzip Disinfected C:\Documents and Settings\Nate\Desktop\SmitfraudFix.zip
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Nate\Local Settings\Application Data\ca0aafa2.exe
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1D.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1D.tmp3072.exe
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1E.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\1F.tmp
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\2.dlb
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\28.tmp
Adware:Adware/Tibs Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\5.dlb
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\6.dlb
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\art6046.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\art7E61.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\art82A5.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\artD3AF.tmp
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\fprvnsob.exe
Adware:Adware/SystemDoctor Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\h91746.exe
Dialer:Dialer.HEV Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\maxdd1.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\qvxt2.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\qvxt3.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\qvxt4.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx1.game
Virus:Trj/Jupillites.G Disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx2.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx3.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx4.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vx6.game
Virus:Trj/Downloader.IMA Disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt1.game
Adware:Adware/BraveSentry Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt2.game
Virus:Trj/Monurl.T Disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt3.game
Adware:Adware/Adsmart Not disinfected C:\Documents and Settings\Nate\Local Settings\Temp\vxt4.game
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\1FNT7HZ8\2236[1].exe
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\1FNT7HZ8\sploit[1].anr
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\count[1].jar[Beyond.class]
Virus:Trj/Multidropper.ANY Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\krab03[1].exe
Virus:Trj/Click-Hunter.A Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\runfile[1].exe
Virus:Exploit/Codebase.X Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\2F8JZ4PS\targ[1].chm[/target.htm]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[BlackBox.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[VerifierBug.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[Dummy.class]
Virus:Exploit/ByteVerify Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\count[1].jar[Beyond.class]
Virus:Trj/Alanchum.BJ Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\ipod[1].raw
Adware:Adware/SpySheriff Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\loader6[1].exe
Virus:Trj/Spammer.AZ Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\scane[1].exe
Virus:Exploit/Codebase.X Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\E8YDBH8O\targ[1].chm[/target.htm]
Virus:Exploit/LoadImage Disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\F279T9FJ\sploit[1].anr
Potentially unwanted tool:Application/ErrorSafe Not disinfected C:\Documents and Settings\Nate\Local Settings\Temporary Internet Files\Content.IE5\MJ6ZMPYL\WinAntiVirusPro2006FreeInstall[1].cab[UWA6P_0001_N85M0307NetInstaller.exe]
Adware:Adware/BraveSentry Not disinfected C:\Program Files\BraveSentry\BraveSentry.exe
Adware:Adware/SpySheriff Not disinfected C:\Program Files\BraveSentry\BraveSentry0.dll
Adware:Adware/SpySheriff Not disinfected C:\Program Files\BraveSentry\BraveSentry2.dll
Adware:Adware/BraveSentry Not disinfected C:\Program Files\BraveSentry\BraveSentry3.dll
Adware:Adware/BraveSentry Not disinfected C:\Program Files\BraveSentry\Uninstall.exe
Virus:W32/Alcan.A.worm Disinfected C:\RECYCLER\S-1-5-21-2052111302-527237240-839522115-1003\Dc3.zip[Setup.exe]
Adware:Adware/Tibs Not disinfected C:\WINDOWS\system32\dlh9jkdq5.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\system32\dlh9jkdq6.exe
Adware:Adware/BraveSentry Not disinfected C:\WINDOWS\system32\dlh9jkdq7.exe
Virus:Trj/Alanchum.BJ Disinfected C:\WINDOWS\system32\ipod.raw.exe
Dialer:Dialer.HEV Not disinfected C:\WINDOWS\system32\maxd641.exe
Potentially unwanted tool:Application/Processor Not disinfected C:\WINDOWS\system32\Process.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\qvxgamet2.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\qvxgamet4.exe
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\TheMatrixHasYou.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\vxgame1.exe
Adware:Adware/SpySheriff Not disinfected C:\WINDOWS\system32\vxgame3.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgame4.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgame6.exe
Virus:Trj/Downloader.IMA Disinfected C:\WINDOWS\system32\vxgamet1.exe
Adware:Adware/Adsmart Not disinfected C:\WINDOWS\system32\vxgamet4.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05ESKAHBJIECTRNDQG.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05ESKAHBJIECTRNDQG.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05HAR[HPHFB^D`ZU_U.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05HAR[HPHFB^D`ZU_U.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05SWVD^G^HDGQY[NQG.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05SWVD^G^HDGQY[NQG.exe
Virus:Trj/Jupillites.I Disinfected C:\WINDOWS\system32\_zskwrkni05UTCSPYFMAYNCR[^U.dll
Virus:Trj/Jupillites.G Disinfected C:\WINDOWS\system32\_zskwrkni05UTCSPYFMAYNCR[^U.exe
0
Comments
Please download Ewido Anti-Malware it is a free version of the program.
- Install Ewido Anti-Malware
- When installing, under "Additional Options" uncheck..
- Install background guard
- Install scan via context menu
- Launch Ewido, there should be an icon on your desktop, double-click it.
- The program will now open to the main screen.
- You will need to update ewido to the latest definition files.
- On the left hand side of the main screen click update.
- Then click on Start Update.
- The update will start and a progress bar will show the updates being installed.
Close Ewido for now.(the status bar at the bottom will display ("Update successful")
==============
Please download ATF Cleaner by Atribune.
This program is for XP and Windows 2000 only
Close the program for now.
==================
Next, please reboot your computer in Safe Mode by doing the following :
- Restart your computer
- After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
- Instead of Windows loading as normal, a menu with options should appear;
- Select the first option, to run Windows in Safe Mode, then press "Enter".
- Choose your usual account.
1) Double-click ATF-Cleaner.exe to run the program.Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser : Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser: Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.
2) Open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it does force a restart, please reboot into Safe Mode again, in order to complete the following step. If it does not reboot, please remain in Safe Mode until further notice.
3) Launch Ewido from your Desktop :
- Click on scanner
- Click on Complete System Scan and the scan will begin.
- You will be prompted to clean the first infection.
- Select "Perform action on all infections", then proceed.
- Once the scan has completed, there will be a button located on the bottom of the screen named Save report
- Click Save report.
- Save the report .txt file to your desktop or a location where you can find it easily.
Close Ewido Anti-Malware.4) Reboot your computer normally.
If SmitfraudFix did not force a reboot, then you should now see a text file appear onscreen with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Note : running option #2 on a non infected computer will remove your Desktop background.
5) Post the content of rapport.txt, the Ewido report and a new HijackThis! log in your next reply.