1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

oh god another virus...i have ran a hijack this scan,avg anti virus report,and kaspersky report

Discussion in 'Windows - Virus and spyware problems' started by nm7956, Oct 8, 2006.

  1. nm7956

    nm7956 Member

    Jun 11, 2013
    Likes Received:
    Trophy Points:
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    c:\program files\common files\mcafee\mna\mcnasvc.exe
    C:\Program Files\McAfee\MSK\MskSrver.exe
    C:\Program Files\McAfee\MPS\mpsevh.exe
    C:\Program Files\SoftCodec\isamonitor.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    C:\Program Files\McAfee.com\VSO\oasclnt.exe
    C:\Program Files\SoftCodec\isamini.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\McAfee\MSK\MskAgent.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Messenger\msmsgs.exe
    c:\program files\mcafee\msc\mcshell.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\Documents and Settings\nikki\Desktop\HijackThis_v1.99.1.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.co.uk/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: (no name) - {202a961f-23ae-42b1-9505-ffe3c818d717} - C:\Program Files\SoftCodec\isaddon.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O2 - BHO: McAfee Popup Blocker - {C68AE9C0-0909-4DDC-B661-C1AFB9F5AE53} - c:\program files\mcafee\mps\mcpopup.dll
    O3 - Toolbar: McAfee VirusScan - {BA52B914-B692-46c4-B683-905236F6F655} - c:\progra~1\mcafee.com\vso\mcvsshl.dll
    O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
    O4 - HKLM\..\Run: [VSOCheckTask] "C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" /checktask
    O4 - HKLM\..\Run: [VirusScan Online] C:\Program Files\McAfee.com\VSO\mcvsshld.exe
    O4 - HKLM\..\Run: [OASClnt] C:\Program Files\McAfee.com\VSO\oasclnt.exe
    O4 - HKLM\..\Run: [MPFExe] C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKLM\..\Run: [MskAgentexe] C:\Program Files\McAfee\MSK\MskAgent.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - Global Startup: Adobe Gamma Loader.lnk = ?
    O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
    O8 - Extra context menu item: Open in new background tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/229?94c25e86a41f4686b73ef7a69742328b
    O8 - Extra context menu item: Open in new foreground tab - res://C:\Program Files\Windows Live Toolbar\Components\en-gb\msntabres.dll.mui/230?94c25e86a41f4686b73ef7a69742328b
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
    O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
    O21 - SSODL: hydrodictyon - {b166be07-30a4-4d38-b781-44528a630706} - (no file)
    O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
    O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
    O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
    O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
    O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
    O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
    O23 - Service: McAfee Redirector Service (McRedirector) - Unknown owner - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe (file missing)
    O23 - Service: McAfee.com McShield (McShield) - McAfee Inc. - c:\PROGRA~1\mcafee.com\vso\mcshield.exe
    O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
    O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
    O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee Corporation - C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
    O23 - Service: McAfee Privacy Service (MPS9) - McAfee, Inc. - C:\PROGRA~1\McAfee\MPS\mps.exe
    O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
    O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

    Sunday, October 08, 2006 12:27:34 PM
    Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky Online Scanner version:
    Kaspersky Anti-Virus database last update: 8/10/2006
    Kaspersky Anti-Virus database records: 216643

    Scan Settings
    Scan using the following antivirus database standard
    Scan Archives true
    Scan Mail Bases true

    Scan Target My Computer

    Scan Statistics
    Total number of scanned objects 28283
    Number of viruses found 1
    Number of infected objects 3 / 0
    Number of suspicious objects 0
    Duration of the scan process 00:24:35

    Infected Object Name Virus Name Last Action
    C:\Documents and Settings\All Users\Application Data\McAfee\MNA\NAData Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\Logs\Events.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSC\McUsers.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSK\APH.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSK\MSKWMDB.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSK\RBLDB.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee\MSK\settingsdb.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\McAfee.com\VSO\OASLogs\OAS.log Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped

    C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped

    C:\Documents and Settings\nikki\Cookies\index.dat Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Messenger\niknak_80@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Messenger\niknak_80@hotmail.com\SharingMetadata\pending.dat Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Messenger\niknak_80@hotmail.com\SharingMetadata\Working\database_C3C_C647_3CC6_2C10\dfsr.db Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Messenger\niknak_80@hotmail.com\SharingMetadata\Working\database_C3C_C647_3CC6_2C10\fsr.log Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Messenger\niknak_80@hotmail.com\SharingMetadata\Working\database_C3C_C647_3CC6_2C10\fsrtmp.log Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Messenger\niknak_80@hotmail.com\SharingMetadata\Working\database_C3C_C647_3CC6_2C10\tmp.edb Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Windows Live Contacts\niknak_80@hotmail.com\real\members.stg Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Application Data\Microsoft\Windows Live Contacts\niknak_80@hotmail.com\shadow\members.stg Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\History\History.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\History\History.IE5\MSHist012006100820061009\index.dat Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Temp\Perflib_Perfdata_5d8.dat Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Temp\~DF5556.tmp Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Temp\~DF5575.tmp Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Temp\~DF8DD5.tmp Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Temp\~DF8E95.tmp Object is locked skipped

    C:\Documents and Settings\nikki\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped

    C:\Documents and Settings\nikki\NTUSER.DAT Object is locked skipped

    C:\Documents and Settings\nikki\ntuser.dat.LOG Object is locked skipped

    C:\Program Files\SoftCodec\pmmon.exe Infected: Trojan-Downloader.Win32.Zlob.aon skipped

    C:\Program Files\SoftCodec\pmsngr.exe Infected: Trojan-Downloader.Win32.Zlob.aon skipped

    C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped

    C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped

    C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped

    C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped

    C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped

    C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped

    C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped

    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped

    C:\System Volume Information\_restore{3DB1C15F-67D1-48C5-B93D-16C611B99729}\RP16\A0001088.exe Infected: Trojan-Downloader.Win32.Zlob.aon skipped

    C:\System Volume Information\_restore{3DB1C15F-67D1-48C5-B93D-16C611B99729}\RP19\change.log Object is locked skipped

    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

    C:\WINDOWS\SchedLgU.Txt Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb Object is locked skipped

    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped

    C:\WINDOWS\Sti_Trace.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped

    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped

    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\default Object is locked skipped

    C:\WINDOWS\system32\config\default.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SAM Object is locked skipped

    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY Object is locked skipped

    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped

    C:\WINDOWS\system32\config\software Object is locked skipped

    C:\WINDOWS\system32\config\software.LOG Object is locked skipped

    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped

    C:\WINDOWS\system32\config\system Object is locked skipped

    C:\WINDOWS\system32\config\system.LOG Object is locked skipped

    C:\WINDOWS\system32\h323log.txt Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped

    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped

    C:\WINDOWS\Temp\sqlite_0UbbgPgbkoPrjO6 Object is locked skipped

    C:\WINDOWS\Temp\sqlite_4VI6dbdL9tDFkYg Object is locked skipped

    C:\WINDOWS\Temp\sqlite_7JE375JxWHnSNE0 Object is locked skipped

    C:\WINDOWS\Temp\sqlite_BmZN8VKxQ8dkk4W Object is locked skipped

    C:\WINDOWS\Temp\sqlite_bodYYfzGyK0wFQA Object is locked skipped

    C:\WINDOWS\Temp\sqlite_BotIrYjtT4bXTCg Object is locked skipped

    C:\WINDOWS\Temp\sqlite_DUksWARwhFShrNl Object is locked skipped

    C:\WINDOWS\Temp\sqlite_GLSoR15ecHEtXMc Object is locked skipped

    C:\WINDOWS\Temp\sqlite_Hawk4dpsiMrFGKV Object is locked skipped

    C:\WINDOWS\Temp\sqlite_ny7G9FDGkk8PqR4 Object is locked skipped

    C:\WINDOWS\Temp\sqlite_S4dnZ8swniiwdBb Object is locked skipped

    C:\WINDOWS\Temp\sqlite_WezmFjUa0BerCs6 Object is locked skipped

    C:\WINDOWS\wiadebug.log Object is locked skipped

    C:\WINDOWS\wiaservc.log Object is locked skipped

    C:\WINDOWS\WindowsUpdate.log Object is locked skipped

    Scan process completed.
    AVG Anti-Spyware - Scan Report

    + Created at: 13:13:48 08/10/2006

    + Scan result:

    C:\Program Files\SoftCodec\pmmon.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{3DB1C15F-67D1-48C5-B93D-16C611B99729}\RP16\A0001088.exe -> Downloader.Zlob.aon : Cleaned with backup (quarantined).

    ::Report end
  2. Niobis

    Niobis Active member

    Jan 30, 2005
    Likes Received:
    Trophy Points:
    Unless you have already fixed the problem.

    Download SmitfraudFix.zip to the desktop from here
    * Extrat the files to the desktop.
    * Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
    * Double-click smitfraudfix.cmd
    * Select 2 and hit Enter to delete infect files.
    * You will be prompted: Do you want to clean the registry ? answer Y (yes) and hit Enter in order to remove the Desktop background and clean registry keys associated with the infection.
    * The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found): Replace infected file ? answer Y (yes) and hit Enter to restore a clean file.
    * A reboot may be needed to finish the cleaning process. The report can be found at the root of the system drive, usually at C:\rapport.txt.

    Post back with the contents of rapport.txt and a new HijackThis log.

Share This Page