Software > Computer viruses and spyware
Posting logs after scan.."can't connect to internet..."
Quinness:
here are the logs from Hijack this
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:28:59 PM, on 10/9/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\System32\svchost.exe
C:\DOCUME~1\Owner\LOCALS~1\Temp\SSUPDATE.EXE
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O10 - Unknown file in Winsock LSP: rsvp32_2.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{9BEE9ECD-E2B6-411B-ADC3-480BCB64598E}: NameServer = 86.64.145.144
O17 - HKLM\System\CCS\Services\Tcpip\..\{A7BE54E0-1517-4ED2-A79C-90ED790DB98F}: NameServer = 86.64.145.144
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
--
End of file - 3310 bytes
Quinness:
The SASW scan log
SUPERAntiSpyware Scan Log
http://www.superantispyware.com
Generated 10/04/2008 at 08:13 PM
Application Version : 4.21.1004
Core Rules Database Version : 3588
Trace Rules Database Version: 1575
Scan type : Quick Scan
Total Scan Time : 00:05:23
Memory items scanned : 258
Memory threats detected : 1
Registry items scanned : 301
Registry threats detected : 26
File items scanned : 2855
File threats detected : 82
Trojan.LSP/RSVP32
C:\WINDOWS\SYSTEM32\RSVP32_2.DLL
C:\WINDOWS\SYSTEM32\RSVP32_2.DLL
C:\WINDOWS\SYSTEM32\RSVP32_2.DLL435
C:\WINDOWS\SYSTEM32\RSVP32_2.DLLEWFWE34F
C:\WINDOWS\SYSTEM32\RSVP32_2.DLLEWFWEF
Trojan.TaskDir
[taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE
C:\WINDOWS\SYSTEM32\TASKDIR.EXE
[taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE
[taskdir] C:\WINDOWS\SYSTEM32\TASKDIR.EXE
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ]
HKU\S-1-5-21-1214440339-1078145449-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ]
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run#taskdir [ C:\WINDOWS\System32\taskdir.exe ]
C:\WINDOWS\SYSTEM32\ZLBW.DLL
Dloader-NL Trojan BHO
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{15ACE85C-0BB1-42d1-9E32-07EB0506675A}
Unclassified.Unknown Origin
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1b68470c-2def-493b-8a4a-8e2d81be4ea5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5753791b-f607-48ca-814e-91c14d081f9e}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{746455fe-d059-47e7-af0e-140e03f5a447}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7a7e6d97-b492-4884-9abb-c31281dcc4f2}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF}
Trojan.Media-Codec
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{202a961f-23ae-42b1-9505-ffe3c818d717}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{479fd0cf-5be9-4c63-8cda-b6d371c67bd5}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{860c2f6b-ca82-4282-9187-beccbb66f0af}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{a2595f37-48d0-46a1-9b51-478591a97764}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d1ac752e-883f-4ed8-8828-b618c3a72152}
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fe2d25c1-c1db-4b5e-9390-af1cb5302f32}
Unclassified.Deskware
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e246fae-8420-11d9-870d-000c2917de7f}
Trojan.SmitFraud Variant
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{77701e16-9bfe-4b63-a5b4-7bd156758a37}
Trojan.Performent
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5875b8-93f3-429d-ff34-660b206d897a}
Trojan.DELF-NJ
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{b212d577-05b7-4963-911e-4a8588160dfa}
Adware.SurfSideKick
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA0E28FA-1AFD-4C21-A8DC-70EB5BE2F076}
Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@cgi-bin[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaonenetwork[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@revenue[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@sextracker[1].txt
C:\Documents and Settings\Owner\Cookies\owner@revsci[2].txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\[email protected][1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex[1].txt
C:\Documents and Settings\Owner\Cookies\[email protected][2].txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys[1].txt
Malware.SpywareSheriff
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SpywareSheriff_is1
Malware.TitanShield
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\TitanShield Antispyware_is1
Malware.Antispyware Soldier
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antispyware Soldier_is1
Trojan.Downloader-UDL2
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\CJW.EXE
C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\RKRYYKG.EXE
Trojan.Fake-Drop/Gen
C:\WINDOWS\DIALUP.EXE
C:\WINDOWS\INETDCTR.DLL
C:\WINDOWS\SPP3.DLL
C:\WINDOWS\SYSTEM32\ANTI_TROJ.EXE
C:\WINDOWS\SYSTEM32\DLOAD.EXE
C:\WINDOWS\SYSTEM32\IEWD.EXE
C:\WINDOWS\SYSTEM32\MSMSN.EXE
C:\WINDOWS\SYSTEM32\NETSTAT2.EXE
C:\WINDOWS\SYSTEM32\PERFONT.EXE
C:\WINDOWS\SYSTEM32\PERFORMENT202.DLL
C:\WINDOWS\SYSTEM32\POPCORN72.EXE
C:\WINDOWS\SYSTEM32\PROQLAIM.EXE
C:\WINDOWS\SYSTEM32\WIN32HP.DLL
C:\WINDOWS\SYSTEM32\WINMUSE.EXE
Trojan.Downloader-Gen/ClownP
C:\WINDOWS\PP.EXE
C:\WINDOWS\Prefetch\PP.EXE-2E0C9B8F.pf
Trojan.Downloader-Gen/Win
C:\WINDOWS\RUNWIN32.EXE
C:\WINDOWS\SYSTEM32\AF.EXE.EXE
C:\WINDOWS\SYSTEM32\GAME5P.EXE.EXE
C:\WINDOWS\WININET32.EXE
C:\WINDOWS\Prefetch\AF.EXE.EXE-1711E3D3.pf
Trojan.Mailer/ZU
C:\WINDOWS\SHOW.EXE
C:\WINDOWS\Prefetch\SHOW.EXE-34F4586A.pf
Trojan.Dropper/Storm
C:\WINDOWS\SYSTEM32\AA.EXE.EXE
C:\WINDOWS\Prefetch\AA.EXE.EXE-14C1C9D6.pf
Trojan.Downloader-Gen/ABC
C:\WINDOWS\SYSTEM32\ABC.EXE
C:\WINDOWS\Prefetch\ABC.EXE-07B9AC72.pf
Trojan.Downloader-ADir/TaskDir
C:\WINDOWS\SYSTEM32\ADIR.DLL
C:\WINDOWS\TEMP\_AVAST4_\UNP166091142.TMP
Trojan.VXGame-Gen
C:\WINDOWS\SYSTEM32\GAME1.EXE
C:\WINDOWS\SYSTEM32\GAME2.EXE
C:\WINDOWS\SYSTEM32\GAME4.EXE
C:\WINDOWS\SYSTEM32\VXGAMET1.EXE
C:\WINDOWS\Prefetch\GAME1.EXE-019BA37F.pf
C:\WINDOWS\Prefetch\GAME2.EXE-382FEAC1.pf
C:\WINDOWS\Prefetch\GAME4.EXE-22FC9B4F.pf
Trojan.Downloader-Gen/Game
C:\WINDOWS\SYSTEM32\GAME3.EXE
C:\WINDOWS\Prefetch\GAME3.EXE-16CEF2F1.pf
Trojan.Downloader-Loader242
C:\WINDOWS\SYSTEM32\JRGDJIHQ.EXE
C:\WINDOWS\SYSTEM32\XTREELAV.EXE
C:\WINDOWS\Prefetch\JRGDJIHQ.EXE-16FE56C8.pf
Trojan.Downloader-Gen/Snuke
C:\WINDOWS\SYSTEM32\MA.EXE.EXE
C:\WINDOWS\SYSTEM32\PP.EXE.EXE
C:\WINDOWS\Prefetch\MA.EXE.EXE-0062ADD7.pf
C:\WINDOWS\Prefetch\PP.EXE.EXE-36C305AC.pf
Trojan.VXGame/32
C:\WINDOWS\SYSTEM32\MPSEGMENT.EXE
C:\WINDOWS\SYSTEM32\VXH8JKDQ2.EXE
C:\WINDOWS\SYSTEM32\VXH8JKDQ6.EXE
Trojan.Downlaoder-Home
C:\WINDOWS\SYSTEM32\MSMAPI32.EXE
Trojan.Zlob-BY
C:\WINDOWS\SYSTEM32\MSVOL.TLB
Trojan.Downloader-WinCom32/Rootkit-Trace
C:\WINDOWS\SYSTEM32\WINCOM32.INI
Trojan.Downloader-Gen/WO
C:\WINDOWS\SYSTEM32\WO.EXE
Trojan.Downloader-Gen/ZU
C:\WINDOWS\SYSTEM32\ZU.EXE
C:\WINDOWS\ZU.EXE
C:\WINDOWS\Prefetch\ZU.EXE-046518A3.pf
C:\WINDOWS\Prefetch\ZU.EXE-3011EB7D.pf
Quinness:
And the Malewarebytes log
Malwarebytes' Anti-Malware 1.28
Database version: 1227
Windows 5.1.2600
10/4/2008 7:57:04 PM
mbam-log-2008-10-04 (19-57-04).txt
Scan type: Quick Scan
Objects scanned: 35733
Time elapsed: 3 minute(s), 6 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 2
Registry Keys Infected: 23
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 42
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
C:\WINDOWS\system32\ipv6mons.dll (Spyware.Bzub) -> Delete on reboot.
C:\WINDOWS\system32\asgp32.dll (Trojan.Downloader) -> Delete on reboot.
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{73364d99-1240-4dff-b12a-67e448373148} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{73364d99-1240-4dff-b12a-67e448373148} (Trojan.BHO.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\{73364d99-1240-4dff-b12a-67e448373148} (Spyware.Bzub) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{y479c6d0-otrw-u5gh-s1ee-e0ac10b4e666} (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00110011-4b0b-44d5-9718-90c88817369b} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{086ae192-23a6-48d6-96ec-715f53797e85} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{150fa160-130d-451f-b863-b655061432ba} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{17da0c9e-4a27-4ac5-bb75-5d24b8cdb972} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb1} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1f48aa48-c53a-4e21-85e7-ac7cc6b5ffb2} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2d38a51a-23c9-48a1-a33c-48675aa2b494} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e9caff6-30c7-4208-8807-e79d4ec6f806} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765721306} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e2ddf680-9905-4dee-8c64-0a5de7fe133c} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e3eebbe8-9cab-4c76-b26a-747e25ebb4c6} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{e7afff2a-1b57-49c7-bf6b-e5123394c970} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fcaddc14-bd46-408a-9842-cdbe1c6d37eb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fd9bc004-8331-4457-b830-4759ff704c22} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ff1bf4c7-4e08-4a28-a43f-9d60a9f7a880} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9ad5667-9e22-483a-851d-03561bd6e5e3} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{2ffa1bd3-1cfb-4934-b503-dc8f6d489cbd} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{fa5b9933-1ae8-4a8d-9822-b20a6ca2b5ec} (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fa5b9933-1ae8-4a8d-9822-b20a6ca2b5ec} (Trojan.Downloader) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\WINDOWS\system32\ipv6mons.dll (Trojan.BHO.H) -> Delete on reboot.
C:\WINDOWS\x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\y.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\xxxvideo.hta (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\accesss.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\astctl32.ocx (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avpcc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\clrssn.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cpan.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mtwirl32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\notepad32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\olehelp.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systeem.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\systemcritical.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\time.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\users32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\waol.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win32e.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\win64.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winajbm.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\window.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winmgnt.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\xplugin.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\asgp32.dll (Trojan.Downloader) -> Delete on reboot.
C:\WINDOWS\system32\game0.exe.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtaim.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtforum.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtgtal.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmticq.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtsmt.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtsmtspm.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtwbmail.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pfxzmtymsg.dll (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\stfv.bin (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ace16win.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsub.xml (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\svcp.csv (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\kernels64.exe (Worm.Zhelatin) -> Quarantined and deleted successfully.
Quinness:
To recap... the computer uses XP and could connect to the internet before the scans were done ..but on every search it would lead you to the same page.
The browser is Internet explorer, the internet will work when connected to a different machine. on this computer it says it's connected but it's not receiving.
evilfantasy:
Open HijackThis and select Do a system scan only then place a check mark next to:
- O2 - BHO: (no name) - {11904ce8-632a-4856-a7cc-00b33fe71bd8} - (no file)
- O2 - BHO: (no name) - {1c4da27d-4d52-4465-a089-98e01bb725ca} - (no file)
- O2 - BHO: (no name) - {7070a8f9-08a4-ca47-0ab0-1eb9e4ee1f3b} - (no file)
- O2 - BHO: (no name) - {87185e78-a61b-4db3-965a-3235bbd7a622} - (no file)
- O2 - BHO: (no name) - {8dc8f96d-34f7-1501-a2a4-631341aa3ac1} - (no file)
- O2 - BHO: (no name) - {a6f42cad-2559-48df-af30-89e480af5dfa} - (no file)
- O2 - BHO: (no name) - {e2b2b5a1-b48c-4886-a318-723916a01024} - (no file)
- O2 - BHO: (no name) - {e6d5237d-a6c7-4c83-a67f-f9f15586fa62} - (no file)
Now close all windows except for HijackThis and then click Fix checked
Exit HijackThis.
----------
A malicious .DLL file is disrupting the LSP chain on your computer. We need to get rid of it.
[*]Please download LSPFix
[*]Run the LSPFix.exe that you have just finished downloading.
[*]Check the I know what I'm doing box.
[*]In the Keep box you should see one or more instances of rsvp32_2.dll
[*]Select every instance of rsvp32_2.dll and move each one to the Remove box by clicking the >> button.
[*]If the rsvp32_2.dll file only appears on the right sid then just click fix checked and close the program.
[*]When you are done click Finish>>[/list]
.
----------
Download Dial-a-Fix by djlizard, save it to the desktop then extract it to it's own folder.
[*]Open the folder and run Dial-a-fix.exe
[*]2 windows will open. Close the one in the background labeled Restrictive Policies
[*]Check the box in section 1, Empty temp folders.
[*]Check the box in section 2, Fix Windows Installer.
[*]Check the box in section 4, labeled SSL/HTTPS/Cryptography. The 4 boxes under it should be pre-checked
[*]Check all boxes in Section 5, labeled Registration Center.
[*]Click Go
[*]OK any error messages if received, but write them down and post them here.
[*]Restart the computer when done and then post a new HijackThis log.[/list]
.
Also let me know how everything is now?
Navigation
[0] Message Index
[#] Next page
Go to full version