Mobile/PDA About Us Advertise here
User User name Password  
  Not registered yet? Register here.
Lost your password? Click here. 		 
  Home   News   Guides   Downloads   Glossary   Hardware   Profiles   Forums   v4  
 Advertise at AfterDawn.com     Link to us!     Private messages     Compose a private message     List of all updated threads     Threads without replies     Search messages
Thursday 28.11.2024 / 16:47
Search AfterDawn Forums:        In English   Suomeksi   På svenska
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help!! trojen virus
Show topics
 
Forums
Forums
Help!! Trojen Virus
  Jump to:
 
Posted Message
Page:12Next >
Lindsey7
Account closed as per user's own request
_ 		1. July 2006 @ 20:25 _ Link to this message    Send private message to this user   
I have avast, the free antivirus protection. And it keeps popping up saying I have a trojen virus. I've seen on here where ya'll downloaded that hijack thing. so I did. and here's what mine says:

Logfile of HijackThis v1.99.1
Scan saved at 11:17:17 PM, on 7/1/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\License_Manager\license_manager.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\SIERRA\CardStudio\PLNRnote.exe
C:\Program Files\ALLTEL DSL Check-up Center\bin\mpbtn.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
C:\PROGRA~1\EACCEL~1\Station\station.exe
C:\PROGRA~1\ACCELE~1\ANTI-V~1\STOPSI~1.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\HJT\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\Userinit.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTB.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [f3b1f865.exe] C:\WINDOWS\system32\f3b1f865.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [f3b1f865.exe] C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g270732171.dll
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
[ + quote]
Advertisement
_ 		__
JaPK
Senior Member
_ 		2. July 2006 @ 00:01 _ Link to this message    Send private message to this user   
Hi Lindsey7.

You don't have a firewall on your computer. Download and install one firewall.

These are good (free) firewalls:
ZoneAlarm --> http://www.zonelabs.com
Kerio--> http://www.sunbelt-software.com/Kerio.cfm
Outpost-> http://www.agnitum.com

If you used windows firewall, disable it after installing new firewall.

Ok, you got some infections on your computer....

Cleaning instructions:

Download and install Ewido Anti-Spyware 4.0 -> http://www.ewido.net/en/download/

-> Open Ewido Anti-Spyware
-> Click the Update icon at the top of the window
-> Click the Start update button
-> Wait for the update to download and install
-> Quit the program, we'll use this later.

Download ATF Cleaner by Atribune to your desktop -> http://www.atribune.org/ccount/click.php?id=1
Do NOT run yet.

Go to Control Panel -> Add/Remove programs -> Remove eAcceleration, License Manager if found

Donwload Win32DelfKil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe

Doubleclick win32delfkil.exe and it extracts itself to win32delfkil-directory.
Close all other windows and open the win32delfkil-directory. Doubleclick fix.bat. If the computer doesn't restart after the fix, restart it by yourself.

Run HijackThis. Press Do a system scan only, then close all other windows, checkmark the following entries and press Fix checked

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr7/*http://www...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr7/*http://www...
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr7/*http://www...
O4 - HKLM\..\Run: [f3b1f865.exe] C:\WINDOWS\system32\f3b1f865.exe
O4 - HKLM\..\Run: [SoftwareStation] "C:\Program Files\eAcceleration\Station\station.exe" /b Startup
O4 - HKLM\..\Run: [StopSignSsTsMon] Rundll32.exe "C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll",VerifyStatus
O4 - HKLM\..\Run: [webscan] "C:\Program Files\Acceleration Software\Anti-Virus\stopsignav.exe" -k
O4 - HKCU\..\Run: [f3b1f865.exe] C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent
O20 - Winlogon Notify: cfgmngr32 - C:\WINDOWS\g270732171.dll
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll

Make your hidden files visible -> http://www.bleepingcomputer.com/tutorials/tutorial62.html
Restart your computer to the safemode -> http://www.pchell.com/support/safemode.shtml

Delete these folders (if found):
C:\Program Files\eAcceleration
C:\Program Files\Acceleration Software
C:\Program Files\License_Manager

Delete these files (if found):
C:\WINDOWS\system32\f3b1f865.exe
C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
C:\WINDOWS\SYSTEM32\winrzf32.dll

Run ATF Cleaner -> Check select all -> Press Empty selected

-> Open Ewido Anti-Spyware
-> Click the Scanner icon at the top of the window
-> Click the Settings tab then select Recommended Options and choose Quarantine
-> Click the Scan tab
-> Select Complete System Scan. The scanning begins.

-> When the scan has completed:
-> If infections were found you'll be prompted about what to do. Please make sure that the Set all elements to is set to Quarantine (in downleft corner of the window)
-> Then press Apply all actions and answer yes to all if it asks about something
-> Click on the Save Scan Report button and save the scan to your Desktop.
-> Copy and paste the scan results into your next post

Restart your computer normally.

Post the following logs to here:
-> a fresh HijackThis log
-> Ewido's log
-> contents of C:\win32delfkil.txt
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.

This message has been edited since posting. Last time this message was edited on 2. July 2006 @ 00:01
Lindsey7
Account closed as per user's own request
_ 		2. July 2006 @ 09:18 _ Link to this message    Send private message to this user   
I tried to download that http://www.agnitum.com
and it woulnd't let me connect to the internet.. so I uninstalled it. I'll try another firewall. on the list you gave me.
[ + quote]
Lindsey7
Account closed as per user's own request
_ 		2. July 2006 @ 09:44 _ Link to this message    Send private message to this user   
I can't download ATF cleaner because it says Ad blocked here by KPF. I downloaded a different firewall and it let me connect to the internet.. and I downloaded that antispyware.. So I guess I'll proceed down the list of things to do.. hehehhe.. Is that ATF not downloading gonna mess up what I'm trying to do?? do I have to have it?? If so, how can I get it to download.. Lindsey
[ + quote]
Lindsey7
Account closed as per user's own request
_ 		2. July 2006 @ 09:48 _ Link to this message    Send private message to this user   
ok also on this Win32DelfKil -> http://users.telenet.be/marcvn/tools/win32delfkil.exe
It's in a different language. hehe.. I can't understand what it wants me to do.. OMG.. I can't do anything right.. hehehe.. Please help!!!
[ + quote]
JaPK
Senior Member
_ 		2. July 2006 @ 10:34 _ Link to this message    Send private message to this user   
Ok, when you've downloaded win32delfkil to your desktop:
-> Doubleclick it
-> Click "Installeren"
-> Go to the win32delfkil folder on your desktop
-> Doubleclick fix.bat
-> If the computer doesn't restart after the fix, restart it by yourself

Then just follow the instructions on my list.

And don't worry, if there is something that you don't understand, don't hesitate to ask me ;)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		2. July 2006 @ 20:08 _ Link to this message    Send private message to this user   
Ok. I did all that you said and ran the hijack thing.. But, I can't run the ATF thing. It says its blocked. so I'm gonna start my computer in safe mode and delete this stuff. But, I can't run that ATF thing. So i'm gonna stop here. and when you post back, I'll do what you say. hehe..
[ + quote]
JaPK
Senior Member
_ 		2. July 2006 @ 20:13 _ Link to this message    Send private message to this user   
Ok, you can just skip the ATF Cleaner part.

So continue the instructions to the end. Post those logfiles to here when you're ready.
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		3. July 2006 @ 06:12 _ Link to this message    Send private message to this user   
ok. I tried to delete the C:\windows\system32\f3b1f865.exe and the C:\documents and settings\administrator\application data\f3b1f865.exe but I couldn't find those. and the C:\windows\system32\winrzf32.dll wouldn't let me delete it a box popped up and said access is denied. Make sure disk is not full or write-portected and that the file is not currently in use. So I started the anti spyware and it found 200 and something infected files. but it didn't say anything to do with them. On the list you said that if infections were found you'll be prompted about what to do. It didn't say anything to do. It said what the infections were. So I clicked apply all actions and it said done by eveything. so I saved hte log. When I restarted in regular mode.. It kept popping up something bad has hapened to error report. so I clicked ok.
So, here's the report

---------------------------------------------------------
ewido anti-spyware - Scan Report
---------------------------------------------------------

+ Created at: 8:43:01 AM 7/3/2006

+ Scan result:



C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP126\A0023049.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0023132.exe -> Adware.MediaTicket : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0024154.dll -> Downloader.Delf.aeo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP134\A0027427.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g103208109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g10358500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g104528265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g105848578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g109578078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g110898093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g112098421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g115939390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g117259250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g118579484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g122420843.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g123740531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g125060765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g128787218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g129988218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g131187046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g14201187.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g14323343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g14790390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g148956859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g150272343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g151600906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g15402078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g155434828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g156636593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g157957531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g161917281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g163237765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g164438968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g16722250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g168041484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g169362328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g170566328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g174287578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g175492937.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g176690296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g180412125.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g181732453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g183052781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g186897984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g18750625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g188129015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g189312312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g193030171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g194354593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g195675171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g199516203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g20070875.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g200728593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g201918703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g205759828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g20686500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g206961000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g208281390.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g212122250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g213442671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g21391562.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g214643296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g218487109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g21884468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g219806421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g221009546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g224989703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g226187718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g227508203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g22884515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g231232062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g232557890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g233877781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g237598671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g238918890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g240241906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g243962796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g245282984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g246603796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g250446000.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g251646375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g25232375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g252968156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g256813640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g258012640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g259335265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g26022078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g263174640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g264487656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g26552781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g265807750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g26713812.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g269537687.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g27344156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g27873109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g28034078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g28665984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g31833906.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g32322859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g32505250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g33077718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g33154281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g33643109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g33825203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g34397765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g34474437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g34964171.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g3510531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g35146484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g35718046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g38315218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g38805406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g38866156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g39558796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g39636703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40125406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40186625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40879218.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g40959531.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g41446046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g41507468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g42199515.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g44679421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45295375.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45353546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45921281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g45998828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g46615609.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g46670546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g47241468.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g47319046.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g47935656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g47990828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g48561796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g51159750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g51711828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g52282281.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g52480062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g53031968.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g53602546.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g53800343.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g54352484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g54924671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g57760984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g58195625.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g58765328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g58964109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g59394718.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g60086062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g60162921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g60715015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g60980671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g61406203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g62152484.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g63467921.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g64010437.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g64675796.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g65208828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g65249312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g65877093.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g66447421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g66529109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g67199296.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g67767671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g70489703.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g71039656.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g71499234.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g71810265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g72240156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g7234765.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g72700421.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g73011265.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g73560593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g74021156.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g76971312.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g7723328.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g77521984.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g77981078.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g78291640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g78842453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g79301250.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g79613859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g80043203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g80502109.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g83574750.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g84004062.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g84462453.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g85327859.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g8554671.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g85662640.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g86524828.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g86863203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g9039500.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g90485406.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g90823578.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g91805593.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g92143890.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g93126734.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g96846781.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g98167015.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g9875031.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\WINDOWS\g99487203.dll -> Downloader.Delf.amb : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temp\winBB.tmp.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\Recycled\Dc510.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0023120.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0023152.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP128\A0024146.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0025143.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0026147.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP129\A0027145.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP130\A0027167.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP131\A0027190.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP131\A0027199.exe -> Downloader.Obfuscated.a : Cleaned with backup (quarantined).
C:\WINDOWS\TEMP\win340.tmp.exe -> Downloader.Small.cvw : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\ld100.tmp -> Downloader.Zlob.qd : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\regperf.exe -> Downloader.Zlob.qd : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@2o7[2].txt -> TrackingCookie.2o7 : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@com[1].txt -> TrackingCookie.Com : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@adopt.euroclick[2].txt -> TrackingCookie.Euroclick : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@server.iad.liveperson[1].txt -> TrackingCookie.Liveperson : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@overture[1].txt -> TrackingCookie.Overture : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@trafficmp[2].txt -> TrackingCookie.Trafficmp : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@tribalfusion[1].txt -> TrackingCookie.Tribalfusion : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Cookies\administrator@zedo[2].txt -> TrackingCookie.Zedo : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{F35EA814-7A06-4991-B382-1C731EC9BEA7}\RP134\A0027426.exe -> Trojan.Agent.qg : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\entry.dll -> Trojan.Agent.qg : Cleaned with backup (quarantined).
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\M141I7B4\bgates[1].exe -> Trojan.Dialer.pz : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024 -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld205E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld2700.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld5978.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld6361.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld70AE.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ld9720.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldB1F7.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldBDF.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldCC5E.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldD393.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldE558.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldEDF5.tmp -> Trojan.Small : Cleaned with backup (quarantined).
C:\WINDOWS\SYSTEM32\1024\ldF478.tmp -> Trojan.Small : Cleaned with backup (quarantined).


::Report end
[ + quote]
JaPK
Senior Member
_ 		3. July 2006 @ 06:16 _ Link to this message    Send private message to this user   
Hi again, please post a fresh HijackThis log to here too and we'll continue the cleaning.

Post the contents of C:\win32delfkil.txt file to here too.




[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		3. July 2006 @ 06:17 _ Link to this message    Send private message to this user   
ok.. here's the hijack this file:

Logfile of HijackThis v1.99.1
Scan saved at 9:12:46 AM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Sunbelt Software\Personal Firewall\assist.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winrzf32 - C:\WINDOWS\SYSTEM32\winrzf32.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Sunbelt Kerio Personal firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
[ + quote]
JaPK
Senior Member
_ 		3. July 2006 @ 06:21 _ Link to this message    Send private message to this user   
Looks much better now...

Ok we'll have to use a stronger tool....

1. Download Avenger -> http://swandog46.geekstogo.com/avenger.zip and unzip it to desktop
2. Copy all text in quote box below to Notepad (starting from
Files to delete:)

Quote:
Files to delete:
C:\WINDOWS\SYSTEM32\winrzf32.dll
C:\WINDOWS\system32\f3b1f865.exe
C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
Notice: This script is for this user. If you aren't that user, DON'T follow these instructions, because they might harm your system

3. Now, open The Avenger
->"Below Script file to execute" select "Input Script Manually".
->Now click magnifying glass which opens a new window "View/edit script".
-> Paste the text you earlier copied to Notepad here
-> Click Done.
-> Now click green light in order to start script.
-> Click "Yes" .

4.Avenger will do the following
-> Reboot your computer.
-> While booting, it will open a dos prompt, it's normal
-> After reboot it will create a logfile which should open . This log is in C:\avenger.txt
-> Avenger has created a backup here -> C:\avenger\backup.zip.

5. Copy/paste contents of avenger.txt along with a fresh HjT-log.

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		3. July 2006 @ 06:53 _ Link to this message    Send private message to this user   
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\qnvxkrfq

*******************

Script file located at: \??\C:\WINDOWS\utnpdbia.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\SYSTEM32\winrzf32.dll deleted successfully.


File C:\WINDOWS\system32\f3b1f865.exe not found!
Deletion of file C:\WINDOWS\system32\f3b1f865.exe failed!

Could not process line:
C:\WINDOWS\system32\f3b1f865.exe
Status: 0xc0000034



File C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe not found!
Deletion of file C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe failed!

Could not process line:
C:\Documents and Settings\Administrator\Application Data\f3b1f865.exe
Status: 0xc0000034
[ + quote]
Lindsey7
Account closed as per user's own request
_ 		3. July 2006 @ 06:57 _ Link to this message    Send private message to this user   
Logfile of HijackThis v1.99.1
Scan saved at 9:54:06 AM, on 7/3/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe
C:\Program Files\Lexmark X1100 Series\lxbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
C:\SIERRA\CardStudio\PLNRnote.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\HJT\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SystemTray] SysTray.Exe
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\ALLTEL~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [!ewido] "C:\Program Files\ewido anti-spyware 4.0\ewido.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Event Planner Reminders Tray Icon.lnk = C:\SIERRA\CardStudio\PLNRnote.exe
O4 - Global Startup: ALLTEL DSL Check-up Center.lnk = C:\Program Files\ALLTEL DSL Check-up Center\bin\matcli.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: &eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .mpg: C:\Program Files\Internet Explorer\PLUGINS\npqtplugin3.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: winrzf32 - winrzf32.dll (file missing)
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Sunbelt Kerio Personal firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
[ + quote]
JaPK
Senior Member
_ 		3. July 2006 @ 07:32 _ Link to this message    Send private message to this user   
Ok good...

Download SmitfraudFix.zip to your desktop -> http://siri.urz.free.fr/Fix/SmitfraudFix.zip

Unzip it (folder named SmitFraudFix) to your desktop:

Open the folder SmitfraudFix and doubleclick smitfraudfix.cmd
Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

(Some antiviruses recognises process.exe as a malware. It is not malware, it is a program that stops processes)

[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		3. July 2006 @ 08:52 _ Link to this message    Send private message to this user   
When I double click that smitfraudfix.cmd, it pops up and says Process.exe file missing! Unzip all the archive in a folder. then press any key to continue. so I did and it says something about a archive folder so I clicked yes. And tried it again. Still says same thing.
[ + quote]
Lindsey7
Account closed as per user's own request
_ 		4. July 2006 @ 06:15 _ Link to this message    Send private message to this user   
So does this mean the virus is gone? Since it won't let me do anything with that smart fix thing??
[ + quote]
JaPK
Senior Member
_ 		4. July 2006 @ 08:10 _ Link to this message    Send private message to this user   
No, please try to download SmitfraudFix again. If your antivirus warns about a virus inside the file, please do NOT allow it to be removed, this is just a false alarm. Then, remember to unzip the SmitfraudFix before running it.

You might find better intructions from here -> http://siri.urz.free.fr/Fix/SmitfraudFix_En.php

Then post its log to here.


[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		4. July 2006 @ 09:12 _ Link to this message    Send private message to this user   
When I double click that smitfraudfix.cmd, it pops up and says Process.exe file missing! Unzip all the archive in a folder. then press any key to continue. so I did and it says something about a archive folder so I clicked yes. And tried it again. Still says same thing.
[ + quote]
JaPK
Senior Member
_ 		4. July 2006 @ 20:02 _ Link to this message    Send private message to this user   
Ok, is Avast warning you when you download the SmitfraudFix ?
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		4. July 2006 @ 23:39 _ Link to this message    Send private message to this user   
no, nothing is warning me. It lets me download it. But when I open the application it says that the file is missing.. I have no idea why It won't let me open it.
[ + quote]
JaPK
Senior Member
_ 		5. July 2006 @ 06:05 _ Link to this message    Send private message to this user   
Ok, when you open that smitfraudfix archive, can you see a file named process.exe ?
[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Lindsey7
Account closed as per user's own request
_ 		6. July 2006 @ 21:45 _ Link to this message    Send private message to this user   
Yes, there is a process.exe. Do you want me to run that one?
[ + quote]
JaPK
Senior Member
_ 		7. July 2006 @ 10:37 _ Link to this message    Send private message to this user   
Ok then it should be okay.

Lets try again:

When you're extracting the SmitfraudFix.zip file, please select all of the files. Then, extract those files into a same folder.

Then go to that folder and run the file named smitfraudfix.cmd

Choose option #1 - Search by typing 1 and pressing "Enter"; a textfile opens and lists the infected files (if those exist)

Post the contents of this textfile to here.

[ + quote]
I have moved from AD, I won''t be taking new HijackThis logs from here. Reason: The AD''s Unsupportive athmosphere.
Advertisement
_ 		__
 
_
Lindsey7
Account closed as per user's own request
_ 		7. July 2006 @ 21:04 _ Link to this message    Send private message to this user   
ok when I download it.. It brings it up in WinRAR. and I double click the smitfraudFix.cmd. and It shows it extracting stuff and it brings up the same thing in C:\WINDOWS\System32\cmd.exe
and underneath it it says:
Fichier Process.exe absent!
Process.exe file missing!
Unzip all the archive in a folder.
Press any key to continue.
I don't know how to unzip all the archive in a folder. I don't know what's going on. It didn't ask me to unzip to a folder it just started unzipping and brought up WinRAR.
[ + quote]
 
Page:12Next >
afterdawn.com > forums > software, operating systems and more > windows - virus and spyware problems > help!! trojen virus
 

Digital video: AfterDawn.com | AfterDawn Forums
Music: MP3Lizard.com
Gaming: Blasteroids.com | Blasteroids Forums | Compare game prices
Software: Software downloads
Blogs: User profile pages
RSS feeds: AfterDawn.com News | Software updates | AfterDawn Forums
International: AfterDawn in Finnish | AfterDawn in Swedish | AfterDawn in Norwegian | download.fi
Navigate: Search | Site map
About us: About AfterDawn Ltd | Advertise on our sites | Rules, Restrictions, Legal disclaimer & Privacy policy
Contact us: Send feedback | Contact our media sales team
 
  © 1999-2024 by AfterDawn Ltd.

  IDG TechNetwork