Trojan-Clicker
Hi!
Sorry for the inconvinience. Strange why I get these virus - don't visit forbidden pages or download bad stuff.
Anyways, will be glad, if u are able to help.
I have done the eight steps. Thank u - regards from Orest
first my hijack an then kaspersky:
Logfile of HijackThis v1.99.1
Scan saved at 17:52:40, on 24-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\scanner.exe\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dr.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163627954423
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163629580442
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Kaspersky:
Wednesday, January 24, 2007 4:58:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/01/2007
Kaspersky Anti-Virus database records: 261415
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 25903
Number of viruses found 9
Number of infected objects 17 / 0
Number of suspicious objects 2
Duration of the scan process 01:04:07
Infected Object Name Virus Name Last Action
C:\ckib.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jan Laugsen\.housecall6.6\Quarantine\MGSBAR.DLL.bac_a02976 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\Jan Laugsen\.housecall6.6\Quarantine\wdbdcuqt.exe.bac_a02976 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Jan Laugsen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\dfsr.db Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\fsr.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\tmp.edb Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows Live Contacts\janlaugesen@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows Live Contacts\janlaugesen@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\History\History.IE5\MSHist012007012420070125\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\Perflib_Perfdata_d0.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DF275C.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFB9B6.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFB9C3.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFC282.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFC28F.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jan Laugsen\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\nlwqd.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Jan Laugsen.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Jan Laugsen.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Jan Laugsen.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0007837.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0007871.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0008018.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0008045.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP27\A0008412.dll Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP39\A0013175.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0015269.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016385.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016386.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016441.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP46\A0016450.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP58\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{476E24D3-8639-4024-A6A7-FE71A103149C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\awtustt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ej skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ctpmon.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\WINDOWS\system32\rpcc.dll Object is locked skipped
C:\WINDOWS\system32\rqrstqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ej skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
Sorry for the inconvinience. Strange why I get these virus - don't visit forbidden pages or download bad stuff.
Anyways, will be glad, if u are able to help.
I have done the eight steps. Thank u - regards from Orest
first my hijack an then kaspersky:
Logfile of HijackThis v1.99.1
Scan saved at 17:52:40, on 24-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\scanner.exe\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dr.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163627954423
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163629580442
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Kaspersky:
Wednesday, January 24, 2007 4:58:50 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 24/01/2007
Kaspersky Anti-Virus database records: 261415
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 25903
Number of viruses found 9
Number of infected objects 17 / 0
Number of suspicious objects 2
Duration of the scan process 01:04:07
Infected Object Name Virus Name Last Action
C:\ckib.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jan Laugsen\.housecall6.6\Quarantine\MGSBAR.DLL.bac_a02976 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\Jan Laugsen\.housecall6.6\Quarantine\wdbdcuqt.exe.bac_a02976 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Jan Laugsen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\dfsr.db Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\fsr.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\tmp.edb Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows Live Contacts\janlaugesen@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows Live Contacts\janlaugesen@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\History\History.IE5\MSHist012007012420070125\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\Perflib_Perfdata_d0.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DF275C.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFB9B6.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFB9C3.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFC282.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFC28F.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jan Laugsen\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\nlwqd.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Yahoo!\Messenger\logs\billing_Jan Laugsen.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\client_Jan Laugsen.log Object is locked skipped
C:\Program Files\Yahoo!\Messenger\logs\network_Jan Laugsen.log Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0007837.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0007871.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0008018.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0008045.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP27\A0008412.dll Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP39\A0013175.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0015269.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016385.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016386.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016441.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP46\A0016450.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP58\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{476E24D3-8639-4024-A6A7-FE71A103149C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\awtustt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ej skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\ctpmon.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\WINDOWS\system32\rpcc.dll Object is locked skipped
C:\WINDOWS\system32\rqrstqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ej skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
Scan process completed.
0
This discussion has been closed.
Comments
Please Download VundoFix.exe to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo buttonYou will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please Post: Vundofix.txt & HJT log.
Here is my hjt-log. U ask for vundofix.txt, but don't know how to do it?
My internet is running very slowly an im not able to play wow as well
Logfile of HijackThis v1.99.1
Scan saved at 23:51:46, on 24-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\ctpmon.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\scanner.exe\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctpmon] ctpmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163627954423
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163629580442
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
C:\Vundofix.txt
here it is:
VundoFix V6.3.2
Checking Java version...
Java version is 1.5.0.9
Scan started at 23:32:11 24-01-2007
Listing files found while scanning....
C:\WINDOWS\system32\byxwv.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\byxwv.dll
C:\WINDOWS\system32\byxwv.dll Has been deleted!
Performing Repairs to the registry.
Done!
Double-click SmitfraudFix.exe
Select option #1 - Search by typing 1 and press "Enter"; a text file will appear, which lists infected files (if present).
Please copy/paste the content of that report into your next reply.
If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (usually C:), and launch from there.
NOTE : process.exe is detected by some antivirus programs (AntiVir, Dr.Web, Kaspersky) as a "RiskTool"; it is not a virus, but a program used to stop system processes. Antivirus programs cannot distinguish between "good" and "malicious" use of such programs, therefore they may alert the user.
http://www.beyondlogic.org/consulting/proc...processutil.htm
NOTE: Do not run any other options from SmitfraudFix until I tell you to do so!
hmm, the link to smitfraud-homepage doesn't work. Have tried to search on google, but get the message: page cannot be displayed?
Orest
Tried to download from about 10 different links, but page cannot be displayed. At the end I found a page, where i could download from.
So, here is the report:
Run from C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
C:\WINDOWS\system32\autosys.exe FOUND !
C:\WINDOWS\system32\ctpmon.exe FOUND !
C:\WINDOWS\system32\RegistryCleanerSetup.exe FOUND !
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jan Laugsen
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Jan Laugsen\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\JANLAU~1\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Next, please reboot your computer in Safe Mode by doing the following :
Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the first option, to run Windows in Safe Mode, then press "Enter".
Choose your usual account.
Once in Safe Mode, open the SmitfraudFix folder again and double-click smitfraudfix.cmd
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, usually at C:\rapport.txt
Warning : running option #2 on a non infected computer will remove your Desktop background.
Please Post Smitfraudfix txt & HJT-log
Rapport follows:
SmitFraudFix v2.135
Scan done at 20:00:57,38, 26-01-2007
Run from C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
C:\WINDOWS\system32\autosys.exe Deleted
C:\WINDOWS\system32\ctpmon.exe Deleted
C:\WINDOWS\system32\RegistryCleanerSetup.exe Deleted
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End
Logfile of HijackThis v1.99.1
Scan saved at 21:10:02, on 26-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\scanner.exe\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Startup: Reboot.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163627954423
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163629580442
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Note! In the event you already have Killbox, this is a new version that I need you to download.
Save it to your desktop.
Please double-click Killbox.exe to run it.
Please copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy):
C:\WINDOWS\SYSTEM32\rpcc.dll
Return to Killbox, go to the File menu, and choose Paste from Clipboard.
Select Delete on Reboot
then Click on the Single File button.
Click the red-and-white Delete File button. Click Yes at the Delete on Reboot prompt. Click OK at any PendingFileRenameOperations prompt (and please let me know if you receive this message!).
If your computer does not restart automatically, please restart it manually.
If you receive a message such as: "Component 'MsComCtl.ocx' or one of its dependencies not correctly registered: a file is missing or invalid." when trying to run Killbox,
Click here. to download and run missingfilesetup.exe. Then try Killbox again.
Open HijackThis and scan. When it finishes, put an X in the box next to these following item(s) and click fix checked.
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - Startup: Reboot.exe <- fix this item if it was not set by you
O20 - Winlogon Notify: rpcc - C:\WINDOWS\system32\rpcc.dll
O20 - Winlogon Notify: winfvx32 - winfvx32.dll (file missing)
delete Reboot.exe from your startup folder.
Download ATF-Cleaner by Atribune to your desktop.
Do not run it yet.
Run ATF Cleaner Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browser Click Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browser Click Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
Kaspersky On-line Scanner
When you are prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then begin downloading the latest definition files
When the files finish downloading click on NEXT
Now click on Scan Settings
In Scan Settings make sure that the following are selected:
Scan using the following Anti-Virus database:
Extended (if available otherwise Standard)
Scan Options:
Scan Archives
Scan Mail Bases
Click OK
Now under select a target to scan:
Select My Computer
This program will start and scan your system.
Online scan can take a long time to complete and the time is impacted by the speed of your internet connection. Be patient and let it run. It is best not to do anything else while the scan is running. This will help it to complete faster.
When the scan has completed, it will display whether your system has been infected or not
Click on the Save as Text button:
Save the file to your desktop or another folder where you can locate it later.
Attach this file to your next message.
Please Post a Fresh HJT-Log & Kaspersky Report
Let me know how things are running
What do u mean with deleting reboot.exe from startfolder? I'm not sure, how to do that....
My internet-connection runs faster now
Now the Kapersky rapport says 11 viruses found - the last time I ran Kaspersky it said 9 viruses found, I think.
Hjt-log :
Logfile of HijackThis v1.99.1
Scan saved at 13:27:58, on 27-01-2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\htpatch.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\scanner.exe\scanner.exe.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.dk/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_10\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.908.8472\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1163627954423
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1163629580442
O16 - DPF: {D8575CE3-3432-4540-88A9-85A1325D3375} (e-Safekey) - https://netbank.danskebank.dk/html/activex/e-Safekey/DB/e-Safekey.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
Kaspersky:
Saturday, January 27, 2007 1:27:30 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 27/01/2007
Kaspersky Anti-Virus database records: 262661
Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true
Scan Target My Computer
A:\
C:\
D:\
E:\
Scan Statistics
Total number of scanned objects 30990
Number of viruses found 11
Number of infected objects 22 / 0
Number of suspicious objects 2
Duration of the scan process 00:58:32
Infected Object Name Virus Name Last Action
C:\ckib.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Documents and Settings\All Users\Application Data\avg7\Log\emc.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Grisoft\Avg7Data\avg7log.log.lck Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip/ishost.exe Suspicious: Password-protected-EXE skipped
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC8.zip ZIP: suspicious - 1 skipped
C:\Documents and Settings\Jan Laugsen\.housecall6.6\Quarantine\MGSBAR.DLL.bac_a02976 Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\Documents and Settings\Jan Laugsen\.housecall6.6\Quarantine\wdbdcuqt.exe.bac_a02976 Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\Documents and Settings\Jan Laugsen\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Documents and Settings\Jan Laugsen\Desktop\SmitfraudFix.exe PE_Patch.UPX: infected - 2 skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\dfsr.db Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\fsr.log Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Messenger\janlaugesen@hotmail.com\SharingMetadata\Working\database_AA98_2BA8_982B_71CD\tmp.edb Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows Live Contacts\janlaugesen@hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Application Data\Microsoft\Windows Live Contacts\janlaugesen@hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\History\History.IE5\MSHist012007012720070128\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\History\History.IE5\MSHist012007012720070128\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DF369A.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DF36AE.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFEF71.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temp\~DFEFAF.tmp Object is locked skipped
C:\Documents and Settings\Jan Laugsen\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Jan Laugsen\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Jan Laugsen\NTUSER.DAT.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\nlwqd.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\debug.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\error.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\hips.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\ids.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\network.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\system.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\warning.log.idx Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log Object is locked skipped
C:\Program Files\Sunbelt Software\Personal Firewall\logs\web.log.idx Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0007837.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0007871.exe Object is locked skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP25\A0008018.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP39\A0013175.exe Infected: not-a-virus:AdTool.Win32.WhenU.a skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0015269.exe Infected: not-a-virus:AdWare.Win32.Agent.at skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016385.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.l skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016386.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.i skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP45\A0016441.DLL Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP46\A0016450.dll Infected: not-a-virus:AdTool.Win32.MyWebSearch.ak skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP59\A0020023.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP60\A0020058.exe Infected: Trojan-Downloader.Win32.Obfuscated.bh skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP60\A0020059.exe Infected: Trojan-Clicker.Win32.Agent.is skipped
C:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP61\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{8C32D4AB-F305-4F8B-BDAA-1EE4045829C6}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\system32\awtustt.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ej skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\rqrstqo.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.ej skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
D:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
D:\System Volume Information\_restore{C80906CE-CF79-482E-870E-1C1F8C524233}\RP61\change.log Object is locked skipped
E:\Utility\PCDJ\setupsilver.exe Infected: not-a-virus:AdWare.Win32.TimeSink.d skipped
Scan process completed.
C:\Documents and Settings\Jan Laugsen\Start Menu\Startup\Reboot.exe
Empty this folder:
C:\Documents and Settings\Jan Laugsen\.housecall6.6\Quarantine
Please go Here to see how to show hidden files in windows.
Please Delete the follwing files, if found.
C:\ckib.exe
C:\nlwqd.exe
C:\WINDOWS\system32\awtustt.dll
C:\WINDOWS\system32\ctpmon.exe
C:\WINDOWS\system32\rqrstqo.dll
E:\Utility\PCDJ\setupsilver.exe
Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.
Restart your computer.
Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check Turn off System Restore.
Click Apply, and then click OK.
Click Create a Restore Point, and then click Next.
Name your restore point.
Now that you seem to be clean, please follow these simple steps in order to keep your computer clean and secure
Use ATF Cleaner
Download and install ATF Cleaner. Clean your temporary files & folders with it regularly.
Use AVG Anti-Spyware
Update it and scan your computer regularly with it.
Use CCleaner
It removes unused files from your system - allowing Windows to run faster and freeing up valuable hard disk space.
Install SpywareBlaster
SpywareBlaster will prevent spyware from being installed.
Install MVPS Hosts file
This prevents your computer from connecting to harmful sites.
Use Firefox browser
Firefox is faster, safer and better browser than Internet Explorer.
Keep your system up-to-date
Visit Windows Update regularly.
Keep your antivirus and firewall up-to-date
Scan your computer regularly with your antivirus.
Please let me know how things are running.
Have another question, but dunno, if u are able to answer it....
Since I got viruses I'm not able to play world of warcraft. U think the virus has infected the game. When I start running the game this message appears:
Maybe I have to uninstall the game
This application has encountered a critical error:
ERROR #131 (0x85100083) File Corrupt
Program: D:\Games\World of Warcraft\World of Warcraft\WoW.exe
File: DBFilesClient\Spell.dbc
WoWBuild: 6337
Stack Trace (Manual)
Address Frame Logical addr Module
006A566F 0012FDBC 0001:002A466F D:\Games\World of Warcraft\World of Warcraft\WoW.exe
006A9CB0 0012FDE0 0001:002A8CB0 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
006A6995 0012FE08 0001:002A5995 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
0069DAF8 0012FE18 0001:0029CAF8 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
00590B72 0012FE40 0001:0018FB72 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
00584330 0012FE70 0001:00183330 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
00581F55 0012FEB0 0001:00180F55 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
004232FA 0012FF18 0001:000222FA D:\Games\World of Warcraft\World of Warcraft\WoW.exe
004230A1 0012FF30 0001:000220A1 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
00404B0E 0012FFC0 0001:00003B0E D:\Games\World of Warcraft\World of Warcraft\WoW.exe
7C816FD7 0012FFF0 0001:00015FD7 C:\WINDOWS\system32\kernel32.dll
Stack Trace (Using DBGHELP.DLL)
Loaded Modules
0x00400000 - 0x00D9B000 D:\Games\World of Warcraft\World of Warcraft\WoW.exe
0x00DA0000 - 0x00E30000 D:\Games\World of Warcraft\World of Warcraft\fmod.dll
0x01530000 - 0x01648000 D:\Games\World of Warcraft\World of Warcraft\dbghelp.dll
0x10000000 - 0x10069000 D:\Games\World of Warcraft\World of Warcraft\DivxDecoder.dll
0x4FDD0000 - 0x4FF76000 C:\WINDOWS\system32\d3d9.dll
0x5AD70000 - 0x5ADA8000 C:\WINDOWS\system32\uxtheme.dll
0x5D090000 - 0x5D12A000 C:\WINDOWS\system32\COMCTL32.dll
0x5ED00000 - 0x5EDCC000 C:\WINDOWS\system32\OPENGL32.dll
0x68B20000 - 0x68B40000 C:\WINDOWS\system32\GLU32.dll
0x6D990000 - 0x6D996000 C:\WINDOWS\system32\d3d8thk.dll
0x71AA0000 - 0x71AA8000 C:\WINDOWS\system32\WS2HELP.dll
0x71AB0000 - 0x71AC7000 C:\WINDOWS\system32\WS2_32.dll
0x71AD0000 - 0x71AD9000 C:\WINDOWS\system32\WSOCK32.dll
0x71BF0000 - 0x71C03000 C:\WINDOWS\system32\SAMLIB.dll
0x73760000 - 0x737A9000 C:\WINDOWS\system32\DDRAW.dll
0x73BC0000 - 0x73BC6000 C:\WINDOWS\system32\DCIMAN32.dll
0x74720000 - 0x7476B000 C:\WINDOWS\system32\MSCTF.dll
0x76390000 - 0x763AD000 C:\WINDOWS\system32\IMM32.dll
0x76B40000 - 0x76B6D000 C:\WINDOWS\system32\WINMM.dll
0x76F60000 - 0x76F8C000 C:\WINDOWS\system32\WLDAP32.dll
0x77120000 - 0x771AC000 C:\WINDOWS\system32\OLEAUT32.dll
0x771B0000 - 0x77256000 C:\WINDOWS\system32\WININET.dll
0x773D0000 - 0x774D3000 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
0x774E0000 - 0x7761D000 C:\WINDOWS\system32\ole32.dll
0x77690000 - 0x776B1000 C:\WINDOWS\system32\NTMARTA.DLL
0x77A80000 - 0x77B14000 C:\WINDOWS\system32\CRYPT32.dll
0x77B20000 - 0x77B32000 C:\WINDOWS\system32\MSASN1.dll
0x77BE0000 - 0x77BF5000 C:\WINDOWS\system32\MSACM32.dll
0x77C00000 - 0x77C08000 C:\WINDOWS\system32\VERSION.dll
0x77C10000 - 0x77C68000 C:\WINDOWS\system32\msvcrt.dll
0x77D40000 - 0x77DD0000 C:\WINDOWS\system32\USER32.dll
0x77DD0000 - 0x77E6B000 C:\WINDOWS\system32\ADVAPI32.dll
0x77E70000 - 0x77F01000 C:\WINDOWS\system32\RPCRT4.dll
0x77F10000 - 0x77F57000 C:\WINDOWS\system32\GDI32.dll
0x77F60000 - 0x77FD6000 C:\WINDOWS\system32\SHLWAPI.dll
0x77FE0000 - 0x77FF1000 C:\WINDOWS\system32\Secur32.dll
0x7C800000 - 0x7C8F4000 C:\WINDOWS\system32\kernel32.dll
0x7C900000 - 0x7C9B0000 C:\WINDOWS\system32\ntdll.dll
0x7C9C0000 - 0x7D1D5000 C:\WINDOWS\system32\SHELL32.dll
Memory Dump
Stack: 1024 bytes starting at (ESP = 0012EFAC)
* = addr ** *
0012EFA0: 70 21 00 00 8C 08 6C 00 AC EF 12 00 70 21 00 00 p!....l.....p!..
0012EFB0: A8 F1 12 00 00 00 00 00 AC EF 12 00 C4 EF 12 00 ................
0012EFC0: 8C 08 6C 00 D8 EF 12 00 98 19 6A 00 70 21 00 00 ..l.......j.p!..
0012EFD0: 03 00 00 00 00 00 00 00 54 FD 12 00 22 12 6A 00 ........T...".j.
0012EFE0: 00 00 00 00 00 00 00 00 08 28 C7 01 DF 10 7D 01 .........(....}.
0012EFF0: 20 F4 12 00 26 F3 12 00 44 00 61 00 74 00 61 00 ...&...D.a.t.a.
0012F000: 5C 00 65 00 6E 00 47 00 42 00 5C 00 20 00 00 00 \.e.n.G.B.\. ...
0012F010: F0 55 77 AC 4D 1A C7 01 90 E0 9B A5 0B 42 C7 01 .Uw.M........B..
0012F020: 00 81 10 51 06 40 C7 01 00 00 00 00 D7 CC 00 00 ...Q.@..........
0012F030: 63 00 73 00 5C 00 57 00 74 00 6F 00 73 00 2E 00 c.s.\.W.t.o.s...
0012F040: 68 00 74 00 6D 00 6C 00 00 00 72 00 74 00 2E 00 h.t.m.l...r.t...
0012F050: 75 00 72 00 6C 00 00 00 00 00 90 7C 40 FF 18 00 u.r.l......|@...
0012F060: A0 FF 18 00 00 00 00 00 5C F0 12 00 6F F0 80 7C ........\...o..|
0012F070: D4 F0 12 00 18 EE 90 7C 40 FF 18 00 12 00 00 00 .......|@.......
0012F080: 90 F0 12 00 82 93 80 7C 12 00 00 00 A0 FF 18 00 .......|........
0012F090: 56 F0 80 7C 54 FF 18 00 31 F0 80 7C 26 F3 12 00 V..|T...1..|&...
0012F0A0: 08 D8 C3 01 79 C3 C4 01 06 00 00 80 00 00 00 00 ....y...........
0012F0B0: A0 FF 18 00 00 F0 FD 7F 06 00 00 80 A0 DC C3 01 ................
0012F0C0: 00 00 00 00 40 FF 18 00 A0 DC C3 01 9C F0 12 00 ....@...........
0012F0D0: 00 00 00 00 B0 FF 12 00 A8 9A 83 7C 38 F0 80 7C ...........|8..|
0012F0E0: FF FF FF FF 31 F0 80 7C 0F C7 6B 00 40 FF 18 00 ....1..|..k.@...
0012F0F0: 54 68 69 73 20 61 70 70 6C 69 63 61 74 69 6F 6E This application
0012F100: 20 68 61 73 20 65 6E 63 6F 75 6E 74 65 72 65 64 has encountered
0012F110: 20 61 20 63 72 69 74 69 63 61 6C 20 65 72 72 6F a critical erro
0012F120: 72 3A 0A 0A 45 52 52 4F 52 20 23 31 33 31 20 28 r:..ERROR #131 (
0012F130: 30 78 38 35 31 30 30 30 38 33 29 20 46 69 6C 65 0x85100083) File
0012F140: 20 43 6F 72 72 75 70 74 0A 50 72 6F 67 72 61 6D Corrupt.Program
0012F150: 3A 09 44 3A 5C 47 61 6D 65 73 5C 57 6F 72 6C 64 :.D:\Games\World
0012F160: 20 6F 66 20 57 61 72 63 72 61 66 74 5C 57 6F 72 of Warcraft\Wor
0012F170: 6C 64 20 6F 66 20 57 61 72 63 72 61 66 74 5C 57 ld of Warcraft\W
0012F180: 6F 57 2E 65 78 65 0A 46 69 6C 65 3A 09 44 42 46 oW.exe.File:.DBF
0012F190: 69 6C 65 73 43 6C 69 65 6E 74 5C 53 70 65 6C 6C ilesClient\Spell
0012F1A0: 2E 64 62 63 0A 0A 0A 0A 00 F1 12 00 D4 F1 12 00 .dbc............
0012F1B0: 7F 56 41 00 FC 3F 02 00 00 F2 12 00 5A 30 41 00 .VA..?......Z0A.
0012F1C0: 00 00 00 00 00 00 00 00 24 F2 12 00 0C F2 12 00 ........$.......
0012F1D0: A1 38 41 00 00 F2 12 00 00 F2 12 00 18 F2 12 00 .8A.............
0012F1E0: 00 F2 12 00 00 F2 12 00 22 F2 12 00 5E F2 12 00 ........"...^...
0012F1F0: 66 F5 12 00 CC CC CC CC CC CC CC CC CC CC FB 3F f..............?
0012F200: 00 00 00 00 E3 F2 12 00 01 00 00 00 44 F2 12 00 ............D...
0012F210: 6E C8 40 00 E3 F2 12 00 E2 F2 12 00 E2 F2 12 00 n.@.............
0012F220: 61 C7 40 00 E2 F2 12 00 30 00 00 00 01 00 00 00 a.@.....0.......
0012F230: E2 F2 12 00 01 00 00 00 E0 F2 12 00 06 00 00 00 ................
0012F240: 66 F5 12 00 A4 F2 12 00 BB C6 40 00 E0 F2 12 00 f.........@.....
0012F250: 01 00 00 00 94 F2 12 00 00 00 00 00 00 00 00 00 ................
0012F260: 05 00 00 00 94 F2 12 00 00 F3 12 00 00 00 00 00 ................
0012F270: 00 F3 12 00 32 55 41 00 88 F2 12 00 00 0A D7 A3 ....2UA.........
0012F280: F0 70 8D 00 E4 70 8D 00 00 00 00 00 00 00 00 00 .p...p..........
0012F290: 80 CC CC CC 00 00 00 00 00 00 00 00 05 00 00 00 ................
0012F2A0: F6 70 8D 00 0A F3 12 00 96 F2 12 00 D4 F2 12 00 .p..............
0012F2B0: 7F 56 41 00 FC 3F 02 00 00 F3 12 00 5A 30 41 00 .VA..?......Z0A.
0012F2C0: 00 00 BD 00 00 40 2F 00 24 F3 12 00 0C F3 12 00 .....@/.$.......
0012F2D0: A1 38 41 00 00 F3 12 00 00 F3 12 00 18 F3 12 00 .8A.............
0012F2E0: 00 F3 12 00 00 F3 12 00 22 F3 12 00 5E F3 12 00 ........"...^...
0012F2F0: 66 F6 12 00 CC CC CC CC CC CC CC CC CC CC FB 3F f..............?
0012F300: 00 00 00 00 E3 F3 12 00 01 00 00 00 44 F3 12 00 ............D...
0012F310: 6E C8 40 00 E3 F3 12 00 E2 F3 12 00 E2 F3 12 00 n.@.............
0012F320: 61 C7 40 00 E2 F3 12 00 30 00 00 00 01 00 00 00 a.@.....0.......
0012F330: E2 F3 12 00 01 00 00 00 E0 F3 12 00 06 00 00 00 ................
0012F340: 66 F6 12 00 A4 F3 12 00 BB C6 40 00 E0 F3 12 00 f.........@.....
0012F350: 01 00 00 00 94 F3 12 00 00 00 00 00 00 00 00 00 ................
0012F360: 05 00 00 00 94 F3 12 00 00 00 00 40 E1 7A 94 3F ...........@.z.?
0012F370: 94 F3 12 00 FC F5 12 00 48 D9 40 00 66 00 00 00 ........H.@.f...
0012F380: 14 F6 12 00 E8 F5 12 00 5E FC 12 00 F0 FF FF FF ........^.......
0012F390: 00 00 00 00 69 D8 40 00 E0 F7 CD 00 10 00 00 00 ....i.@.........
0012F3A0: 14 F6 12 00 E8 F5 12 00 5C FC 12 00 00 00 00 00 ........\.......
======================================================================
Hardware/Driver Information:
Processor: 0x0
Page Size: 4096
Min App Address: 0x10000
Max App Address: 0x7ffeffff
Processor Mask: 0x1
Number of Processors: 1
Processor Type: 586
Allocation Granularity: 65536
Processor Level: 6
Processor Revision: 2049
Percent memory used: 68
Total physical memory: 536330240
Free Memory: 169295872
Page file: 1311068160
Total virtual memory: 2147352576
I Suggest you reinstall WoW and try again.
Have installed wow again, but get the message, that there is not enough space on the harddisk....I use 10,2 GB but only got 1,69 GB free space.
But i worry, because I don't use all that space. Have looked at "add/remove" programs - the only things installed are virusscanner and that stuff.
Have tried a disc-cleanup, but it's only possible to clean up the temporary internet files.
u know whats wrong? Dunno, if the viruses have stolen my free space...
Thanks, Orestus
No problem, im just glad that u could help:p
wow is installed again an everything runs perfect.
Thanks - Orest
This topic is now closed. If you wish it reopened, please send a Private Message (PM) to one of the Spyware Mods with a link to your thread.
Do not bother contacting us if you are not the topic starter. A valid, working link to the closed topic is required.
If you are not the user who started this thread, you must start a new Thread instead
Would you also be interested to join Short-Media (Team #93) with the Folding@Home Project? More information available here