Help!! Trojen Virus

Discussion in 'Windows - Virus and spyware problems' started by Lindsey7, Jul 1, 2006.

Page 1 of 2
  1. Lindsey7

    Lindsey7 Guest

    I have avast, the free antivirus protection. And it keeps popping up saying I have a trojen virus. I've seen on here where ya'll downloaded that hijack thing. so I did. and here's what mine says:

    Logfile of HijackThis v1.99.1
    Scan saved at 11:17:17 PM, on 7/1/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\License_Manager\license_manager.exe
    C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\SIERRA\CardStudio\PLNRnote.exe
    C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\WINDOWS\system32\regsvr32.exe
    C:\PROGRA~1\EACCEL~1\Station\station.exe
    C:\PROGRA~1\ACCELE~1\ANTI-V~1\STOPSI~1.EXE
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\HJT\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www.yahoo.com/ext/search/search.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www.yahoo.com
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
    O4 - HKLM\..\Run: [f3b1f865.exe] C:\WINDOWS\system32\f3b1f865.exe
    O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
    O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [f3b1f865.exe] C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
    O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g270732171.dll
    O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
    Lindsey7, Jul 1, 2006
    #1
  2. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi Lindsey7.

    You don't have a firewall on your computer. Download and install one firewall.

    These are good (free) firewalls:
    ZoneAlarm --> http://www.zonelabs.com
    Kerio--> http://www.sunbelt-software.com/Kerio.cfm
    Outpost-> http://www.agnitum.com

    If you used windows firewall, disable it after installing new firewall.

    Ok, you got some infections on your computer....

    Cleaning instructions:

    Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

    -> Open Ewido Anti-Spyware
    -> Click the Update icon at the top of the window
    -> Click the Start update button
    -> Wait for the update to download and install
    -> Quit the program, we'll use this later.

    Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
    Do NOT run yet.

    Go to Control Panel -> Add/Remove programs -> Remove eAcceleration, License Manager if found

    Donwload Win32DelfKil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe

    Doubleclick win32delfkil.exe and it extracts itself to win32delfkil-directory.
    Close all other windows and open the win32delfkil-directory. Doubleclick fix.bat. If the computer doesn't restart after the fix, restart it by yourself.

    Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
    R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
    O4 - HKLM\..\Run: [f3b1f865.exe] C:\WINDOWS\system32\f3b1f865.exe
    O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
    O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
    O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
    O4 - HKCU\..\Run: [f3b1f865.exe] C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
    O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
    O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g270732171.dll
    O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll

    Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
    Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

    Delete these folders (if found):
    C:\Program Files\eAcceleration
    C:\Program Files\Acceleration Software
    C:\Program Files\License_Manager

    Delete these files (if found):
    C:\WINDOWS\system32\f3b1f865.exe
    C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
    C:\WINDOWS\SYSTEM32\winrzf32.dll

    Run ATF Cleaner -> Check select all -> Press Empty selected

    -> Open Ewido Anti-Spyware
    -> Click the Scanner icon at the top of the window
    -> Click the Settings tab then select Recommended Options and choose Quarantine
    -> Click the Scan tab
    -> Select Complete System Scan. The scanning begins.

    -> When the scan has completed:
    -> If infections were found you'll be prompted about what to do. Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
    -> Then press Apply all actions and answer yes to all if it asks about something
    -> Click on the Save Scan Report button and save the scan to your Desktop.
    -> Copy and paste the scan results into your next post

    Restart your computer normally.

    Post the following logs to here:
    -> a fresh HijackThis log
    -> Ewido's log
    -> contents of C:\win32delfkil.txt
     
    Last edited: Jul 2, 2006
    JaPK, Jul 2, 2006
    #2
  3. Lindsey7

    Lindsey7 Guest

    I tried to download that http://www.agnitum.com
    and it woulnd't let me connect to the internet.. so I uninstalled it. I'll try another firewall. on the list you gave me.
     
    Lindsey7, Jul 2, 2006
    #3
  4. Lindsey7

    Lindsey7 Guest

    I can't download ATF cleaner because it says Ad blocked here by KPF. I downloaded a different firewall and it let me connect to the internet.. and I downloaded that antispyware.. So I guess I'll proceed down the list of things to do.. hehehhe.. Is that ATF not downloading gonna mess up what I'm trying to do?? do I have to have it?? If so, how can I get it to download.. Lindsey
     
    Lindsey7, Jul 2, 2006
    #4
  5. Lindsey7

    Lindsey7 Guest

    Lindsey7, Jul 2, 2006
    #5
  6. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, when you've downloaded win32delfkil to your desktop:
    -> Doubleclick it
    -> Click "Installeren"
    -> Go to the win32delfkil folder on your desktop
    -> Doubleclick fix.bat
    -> If the computer doesn't restart after the fix, restart it by yourself

    Then just follow the instructions on my list.

    And don't worry, if there is something that you don't understand, don't hesitate to ask me ;)
     
    JaPK, Jul 2, 2006
    #6
  7. Lindsey7

    Lindsey7 Guest

    Ok. I did all that you said and ran the hijack thing.. But, I can't run the ATF thing. It says its blocked. so I'm gonna start my computer in safe mode and delete this stuff. But, I can't run that ATF thing. So i'm gonna stop here. and when you post back, I'll do what you say. hehe..
     
    Lindsey7, Jul 2, 2006
    #7
  8. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, you can just skip the ATF Cleaner part.

    So continue the instructions to the end. Post those logfiles to here when you're ready.
     
    JaPK, Jul 2, 2006
    #8
  9. Lindsey7

    Lindsey7 Guest

    ok. I tried to delete the C:\windows\system32\f3b1f865.exe and the C:\documents and settings\administrator\application data\f3b1f865.exe but I couldn't find those. and the C:\windows\system32\winrzf32.dll wouldn't let me delete it a box popped up and said access is denied. Make sure disk is not full or write-portected and that the file is not currently in use. So I started the anti spyware and it found 200 and something infected files. but it didn't say anything to do with them. On the list you said that if infections were found you'll be prompted about what to do. It didn't say anything to do. It said what the infections were. So I clicked apply all actions and it said done by eveything. so I saved hte log. When I restarted in regular mode.. It kept popping up something bad has hapened to error report. so I clicked ok.
    So, here's the report

    ---------------------------------------------------------
    ewido anti-spyware - Scan Report
    ---------------------------------------------------------

    + Created at: 8:43:01 AM 7/3/2006

    + Scan result:



    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP126\A0023049.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0023132.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0024154.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP134\A0027427.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g103208109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g10358500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g104528265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g105848578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g109578078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g110898093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g112098421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g115939390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g117259250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g118579484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g122420843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g123740531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g125060765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g128787218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g129988218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g131187046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g14201187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g14323343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g14790390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g148956859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g150272343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g151600906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g15402078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g155434828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g156636593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g157957531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g161917281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g163237765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g164438968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g16722250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g168041484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g169362328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g170566328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g174287578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g175492937.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g176690296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g180412125.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g181732453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g183052781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g186897984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g18750625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g188129015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g189312312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g193030171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g194354593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g195675171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g199516203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g20070875.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g200728593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g201918703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g205759828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g20686500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g206961000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g208281390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g212122250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g213442671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g21391562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g214643296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g218487109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g21884468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g219806421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g221009546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g224989703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g226187718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g227508203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g22884515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g231232062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g232557890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g233877781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g237598671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g238918890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g240241906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g243962796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g245282984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g246603796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g250446000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g251646375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g25232375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g252968156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g256813640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g258012640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g259335265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g26022078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g263174640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g264487656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g26552781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g265807750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g26713812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g269537687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g27344156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g27873109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g28034078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g28665984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g31833906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g32322859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g32505250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g33077718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g33154281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g33643109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g33825203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g34397765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g34474437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g34964171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g3510531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g35146484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g35718046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g38315218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g38805406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g38866156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g39558796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g39636703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g40125406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g40186625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g40879218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g40959531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g41446046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g41507468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g42199515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g44679421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g45295375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g45353546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g45921281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g45998828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g46615609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g46670546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g47241468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g47319046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g47935656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g47990828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g48561796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g51159750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g51711828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g52282281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g52480062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g53031968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g53602546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g53800343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g54352484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g54924671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g57760984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g58195625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g58765328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g58964109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g59394718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g60086062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g60162921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g60715015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g60980671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g61406203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g62152484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g63467921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g64010437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g64675796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g65208828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g65249312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g65877093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g66447421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g66529109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g67199296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g67767671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g70489703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g71039656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g71499234.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g71810265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g72240156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g7234765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g72700421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g73011265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g73560593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g74021156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g76971312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g7723328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g77521984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g77981078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g78291640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g78842453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g79301250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g79613859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g80043203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g80502109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g83574750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g84004062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g84462453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g85327859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g8554671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g85662640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g86524828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g86863203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g9039500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g90485406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g90823578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g91805593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g92143890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g93126734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g96846781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g98167015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g9875031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\WINDOWS\g99487203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Local Settings\Temp\winBB.tmp.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\Recycled\Dc510.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0023120.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0023152.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0024146.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0025143.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0026147.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0027145.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP130\A0027167.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP131\A0027190.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP131\A0027199.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
    C:\WINDOWS\TEMP\win340.tmp.exe -> Downloader.Small.cvw : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\ld100.tmp -> Downloader.Zlob.qd : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\regperf.exe -> Downloader.Zlob.qd : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
    C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP134\A0027426.exe -> Trojan.Agent.qg : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\entry.dll -> Trojan.Agent.qg : Cleaned with backup (quarantined).
    C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M141I7B4\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ld205E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ld2700.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ld5978.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ld6361.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ld70AE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ld9720.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ldB1F7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ldBDF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ldCC5E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ldD393.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ldE558.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ldEDF5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
    C:\WINDOWS\SYSTEM32\1024\ldF478.tmp -> Trojan.Small : Cleaned with backup (quarantined).


    ::Report end
     
    Lindsey7, Jul 3, 2006
    #9
  10. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Hi again, please post a fresh HijackThis log to here too and we'll continue the cleaning.

    Post the contents of C:\win32delfkil.txt file to here too.



     
    JaPK, Jul 3, 2006
    #10
  11. Lindsey7

    Lindsey7 Guest

    ok.. here's the hijack this file:

    Logfile of HijackThis v1.99.1
    Scan saved at 9:12:46 AM, on 7/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\ewido anti-spyware 4.0\ewido.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\assist.exe
    C:\WINDOWS\system32\NOTEPAD.EXE
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
    O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
     
    Lindsey7, Jul 3, 2006
    #11
  12. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Looks much better now...

    Ok we'll have to use a stronger tool....

    1. Download Avenger -> http://swandog46.geekstogo.com/avenger.zip and unzip it to desktop
    2. Copy all text in quote box below to Notepad (starting from
    Files to delete:)

    Notice: This script is for this user. If you aren't that user, DON'T follow these instructions, because they might harm your system

    3. Now, open The Avenger
    ->"Below Script file to execute" select "Input Script Manually".
    ->Now click magnifying glass which opens a new window "View/edit script".
    -> Paste the text you earlier copied to Notepad here
    -> Click Done.
    -> Now click green light in order to start script.
    -> Click "Yes" .

    4.Avenger will do the following
    -> Reboot your computer.
    -> While booting, it will open a dos prompt, it's normal
    -> After reboot it will create a logfile which should open . This log is in C:\avenger.txt
    -> Avenger has created a backup here -> C:\avenger\backup.zip.

    5. Copy/paste contents of avenger.txt along with a fresh HjT-log.

    Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Unzip it (folder named SmitFraudFix) to your desktop

    Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
    Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

    Post the contents of this textfile to here.

    (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
     
    JaPK, Jul 3, 2006
    #12
  13. Lindsey7

    Lindsey7 Guest

    Logfile of The Avenger version 1, by Swandog46
    Running from registry key:
    \Registry\Machine\System\CurrentControlSet\Services\qnvxkrfq

    *******************

    Script file located at: \??\C:\WINDOWS\utnpdbia.txt
    Script file opened successfully.

    Script file read successfully

    Backups directory opened successfully at C:\Avenger

    *******************

    Beginning to process script file:

    File C:\WINDOWS\SYSTEM32\winrzf32.dll deleted successfully.


    File C:\WINDOWS\system32\f3b1f865.exe not found!
    Deletion of file C:\WINDOWS\system32\f3b1f865.exe failed!

    Could not process line:
    C:\WINDOWS\system32\f3b1f865.exe
    Status: 0xc0000034



    File C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe not found!
    Deletion of file C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe failed!

    Could not process line:
    C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
    Status: 0xc0000034

     
    Lindsey7, Jul 3, 2006
    #13
  14. Lindsey7

    Lindsey7 Guest

    Logfile of HijackThis v1.99.1
    Scan saved at 9:54:06 AM, on 7/3/2006
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\LEXBCES.EXE
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\LEXPPS.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\ewido anti-spyware 4.0\guard.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\WINDOWS\system32\svchost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wscntfy.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
    C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Messenger\msmsgs.exe
    C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    C:\Program Files\MSN Messenger\MsnMsgr.Exe
    C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    C:\SIERRA\CardStudio\PLNRnote.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Internet Explorer\iexplore.exe
    C:\HJT\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
    O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
    O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
    O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
    O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
    O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
    O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
    O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
    O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
    O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
    O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
    O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
    O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
    O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
    O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

     
    Lindsey7, Jul 3, 2006
    #14
  15. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok good...

    Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

    Unzip it (folder named SmitFraudFix) to your desktop:

    Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
    Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

    Post the contents of this textfile to here.

    (Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
     
    JaPK, Jul 3, 2006
    #15
  16. Lindsey7

    Lindsey7 Guest

    When I double click that smitfraudfix.cmd, it pops up and says Process.exe file missing! Unzip all the archive in a folder. then press any key to continue. so I did and it says something about a archive folder so I clicked yes. And tried it again. Still says same thing.
     
    Lindsey7, Jul 3, 2006
    #16
  17. Lindsey7

    Lindsey7 Guest

    So does this mean the virus is gone? Since it won't let me do anything with that smart fix thing??
     
    Lindsey7, Jul 4, 2006
    #17
  18. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    No, please try to download SmitfraudFix again. If your antivirus warns about a virus inside the file, please do NOT allow it to be removed, this is just a false alarm. Then, remember to unzip the SmitfraudFix before running it.

    You might find better intructions from here -> http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

    Then post its log to here.

     
    JaPK, Jul 4, 2006
    #18
  19. Lindsey7

    Lindsey7 Guest

    When I double click that smitfraudfix.cmd, it pops up and says Process.exe file missing! Unzip all the archive in a folder. then press any key to continue. so I did and it says something about a archive folder so I clicked yes. And tried it again. Still says same thing.
     
    Lindsey7, Jul 4, 2006
    #19
  20. JaPK

    JaPK Regular member

    Joined:
    Feb 23, 2006
    Messages:
    1,269
    Likes Received:
    0
    Trophy Points:
    46
    Ok, is Avast warning you when you download the SmitfraudFix ?
     
    JaPK, Jul 4, 2006
    #20
Page 1 of 2

Share This Page