• Announcements

    • Budfred

      IE 11 copy/paste problem

      It has come to our attention that people using Internet Explorer 11 (IE 11) are having trouble with copy/paste to the forum. If you encounter this problem, using a different browser like Firefox or Chrome seems to get around the problem. We do not know what the problem is, but it seems to be specific to IE 11 and we are hopeful that Microsoft will eventually fix it.
    • Budfred

      PLEASE READ - Reversing upgrade   02/23/2017

      We have found that this new upgrade is somewhat of a disaster.  We are finding lots of glitches in being able to post and administer the forum.  Additionally, there are new costs associated with the upgrade that we simply cannot afford.  As a result, we have decided to reverse course and go back to the previous version of our software.  Since this will involve restoring it from a backup, we will lose posts that have been added since January 30 or possibly even some before that.    If you started a topic during that time, we urge you to make backups of your posts and you will need to start the topics over again after the change.  You can simply paste the copies of your posts that you created at that point.    If you joined the forum this month, you will need to re-register since your membership will be lost along with the posts.  Since you have a concealed password, we cannot simply restore your membership for you.   We are going to backup as much as we can so that it will reduce inconvenience for our members.  Unfortunately we cannot back everything up since much will be incompatible with the old version of our software.  We apologize for the confusion and regret the need to do this even though it is not viable to continue with this version of the software.   We plan to begin the process tomorrow evening and, if it goes smoothly, we shouldn't be offline for very long.  However, since we have not done this before, we are not sure how smoothly it will go.  We ask your patience as we proceed.   EDIT: I have asked our hosting service to do the restore at 9 PM Central time and it looks like it will go forward at that time.  Please prepare whatever you need to prepare so that we can restore your topics when the forum is stable again.
Sign in to follow this  
Followers 0
Ajvar

Trojan Vundo and Trojan Horse

3 posts in this topic

Hi, first time post for me, but have big problem, looks like Trojan Vundo hijacked my PC.

I will try to get info as per your guidelines:

 

When started, there is message "Error loading C:\WINDOWS\System32\fnoptxjj.dll".

 

Immediately I am getting Norton Antivirus alert "C\WINDOWS\System32\urqprno.dll" Trojan Horse,

Access to the file denied/File cannot be accessed"

and

"C\WINDOWS\System32\jkkjh.dll" Trojan Vundo,

Access to the file denied/File cannot be accessed".

When I am clicking on OK button, these are showing again up, I can't get rid of them and I can't manually delete the .dll's as they are "used by some running program and are not accessible".

 

The machine is slow.

 

I've got popups previously, but somehow they are not showing now, after I installed AVG Anti-Spyware.

 

Sometimes acces to web pages is denied.

 

From time to time I am getting message "Windows Explorer encountered a problem and needs to close".

 

Something switches off the Windows Firewall ocasionally, I am checking regularly to ensure it is on.

 

Processes that heavily use the CPU are:

NAVAPSVC.EXE

WINLOGON.EXE

 

Here are the reports as requested in your guidelines:

 

 

---------------------------------------------------------

AVG Anti-Spyware - Scan Report

---------------------------------------------------------

 

+ Created at: 7:22:15 PM 8/06/2007

 

+ Scan result:

 

 

 

C:\Program Files\SpywareDetector -> Adware.RogueSuspect : No action taken.

C:\Program Files\SpywareDetector\UnReg.reg -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\AppID\{FD452F78-C495-40A1-B5BD-D8A586CA7F23} -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\CLSID\{17BB6D1C-BCD3-4667-B56D-ABBBD2230042} -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\CLSID\{856D8ADB-99C3-4AEA-B294-E3FBDBC198CF} -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\CLSID\{FF1AECC7-0C21-4B5F-BD3F-8D5B0BF042D9} -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\Interface\{157BF1E5-C86C-48E7-ADCC-2890C45B63CE} -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\Interface\{1A5D27ED-D7EC-4ED3-A631-64CAA8482D27} -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\Interface\{C5B002C9-E508-4723-AB34-2AC6B5E3DC0E} -> Adware.RogueSuspect : No action taken.

HKLM\SOFTWARE\Classes\TypeLib\{D89D48EF-8915-4729-954E-69F3C6C3F19E} -> Adware.RogueSuspect : No action taken.

HKU\S-1-5-21-507921405-1454471165-1801674531-1003\Software\Spyware Detector -> Adware.RogueSuspect : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015909.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015910.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015911.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015912.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015913.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015914.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015915.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015916.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015917.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015918.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015919.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015920.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015921.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015922.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015923.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015924.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP115\A0015961.dll -> Adware.Virtumonde : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP116\A0015971.dll -> Adware.Virtumonde : No action taken.

C:\WINDOWS\system32\jay2002.3322.org.dll -> Backdoor.Agent.fs : No action taken.

[504] C:\WINDOWS\system32\jay2002.3322.org.dll -> Backdoor.Agent.fs : No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\WHGFULIV\444[1].exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(100).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(101).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(102).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(103).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(104).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(105).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(106).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(107).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(113).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(117).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(118).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(119).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(120).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(121).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(122).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(126).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(127).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(128).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(129).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(130).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(92).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(93).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(94).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(98).exe -> Backdoor.Hupigon : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(99).exe -> Backdoor.Hupigon : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP102\A0010566.exe -> Backdoor.Hupigon.cwd : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015906.exe -> Backdoor.Hupigon.cwd : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015907.exe -> Backdoor.Hupigon.cwd : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015908.exe -> Backdoor.Hupigon.cwd : No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\C90TO5QF\22[1].exe -> Backdoor.Hupigon.uh : No action taken.

C:\Downloads\Winamp 5.33 Pro + Keygen\winamp533_pro.exe/devenv.exe -> Backdoor.Rbot.bld : No action taken.

C:\WINDOWS\system32\devenv.exe -> Backdoor.Rbot.bld : No action taken.

C:\WINDOWS\11020890l.ex -> Downloader.Small.ege : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP102\A0010629.exe -> Downloader.Small.eqn : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP103\A0010662.exe -> Downloader.Small.eqn : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP104\A0010675.exe -> Downloader.Small.eqn : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP104\A0010687.exe -> Downloader.Small.eqn : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP114\A0015905.exe -> Downloader.Small.eqn : No action taken.

C:\Downloads\WinRAR 3.70 Beta 6 Full Registered\wrar37b6_registered.exe -> Dropper.Small.awa : No action taken.

C:\WINDOWS\system32\j4251738.dll -> Hijacker.Small.mw : No action taken.

[1824] C:\WINDOWS\system32\j4251738.dll -> Hijacker.Small.mw : No action taken.

C:\Documents and Settings\user\Cookies\user@ads.adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@ads.adbrite[1].txt -> TrackingCookie.Adbrite : No action taken.

C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@www.burstbeacon[2].txt -> TrackingCookie.Burstbeacon : No action taken.

C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.

C:\Documents and Settings\user\Cookies\user@toplist[2].txt -> TrackingCookie.Toplist : No action taken.

C:\Documents and Settings\user\Local Settings\Temp\Cookies\user@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP122\A0023108.exe -> Trojan.Agent.anr : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP122\A0023109.exe -> Trojan.Agent.anr : No action taken.

C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\8LGPUPWH\123[1].exe -> Trojan.Logsnif.a : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(0).exe -> Trojan.Logsnif.a : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(27).exe -> Trojan.Logsnif.a : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(52).exe -> Trojan.Logsnif.a : No action taken.

C:\Program Files\Common Files\Microsoft Shared\MSInfo\Down(79).exe -> Trojan.Logsnif.a : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP78\A0008865.exe -> Trojan.Logsnif.a : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP78\A0008882.exe -> Trojan.Logsnif.a : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP78\A0008900.exe -> Trojan.Logsnif.a : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP78\A0008909.exe -> Trojan.Logsnif.a : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP81\A0008935.exe -> Trojan.Logsnif.a : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP97\A0010294.exe -> Trojan.Logsnif.a : No action taken.

C:\WINDOWS\system32\jay2002.3322.org.exe -> Trojan.Logsnif.a : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP103\A0010666.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP104\A0010695.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP105\A0010723.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP107\A0011749.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP115\A0015960.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP117\A0015979.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP122\A0020089.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP96\A0010269.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\11912406.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\11912500.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\12183296.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\12183375.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\1289984.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\1290062.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\1392968.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\1393046.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\15540437.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\16020578.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\1761312.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\1808937.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\1809046.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\19352703.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\19352812.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\19494796.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\19495359.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\19509640.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2052937.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2053031.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2165203.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2165328.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2330687.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2330765.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2372125.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2372218.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\23754421.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\23754671.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2462671.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\26076859.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\26077671.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\26080953.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\26081046.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\2700375.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\3781546.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\3781984.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\4429250.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\745593.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\875406.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\886859.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\886921.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\system32\4435109.log -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\system32\Systen.dll -> Trojan.PePatch.hu : No action taken.

C:\WINDOWS\system32\Systen.dll4429859.log -> Trojan.PePatch.hu : No action taken.

[712] C:\WINDOWS\System32\Systen.dll -> Trojan.PePatch.hu : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP107\A0010746.bat -> Trojan.Zapchast : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP108\A0011752.bat -> Trojan.Zapchast : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP108\A0012779.bat -> Trojan.Zapchast : No action taken.

C:\System Volume Information\_restore{BBE5C9A2-D752-40C1-BDCE-F5B3FC072F67}\RP111\A0013808.bat -> Trojan.Zapchast : No action taken.

 

 

::Report end

 

 

Logfile of HijackThis v1.99.1

Scan saved at 7:28:03 PM, on 8/06/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v7.00 (7.00.6000.16441)

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

C:\program files\internet explorer\iexplore.exe

C:\Program Files\Norton AntiVirus\navapsvc.exe

C:\WINDOWS\system32\HPZipm12.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Common Files\Symantec Shared\ccApp.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\PowerISO\PWRISOVM.EXE

C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe

C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe

C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

C:\Program Files\Google\Google Updater\GoogleUpdater.exe

C:\Downloads\HijackThis.exe

C:\Program Files\Messenger\msmsgs.exe

 

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

O2 - BHO: (no name) - {00E9792C-699E-4C18-8AE4-67B291EA1C74} - C:\WINDOWS\system32\urqrpno.dll

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {399119F9-ABC9-4127-986F-706CF531AF6e} - C:\WINDOWS\system32\ytraflbf.dll

O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.1.4.29.dll

O2 - BHO: (no name) - {48EADA4C-EFD4-4059-BEAC-A6CB4A5AF97D} - C:\WINDOWS\system32\jkkjh.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)

O2 - BHO: (no name) - {92A444D2-F945-4dd9-89A1-896A6C2D8D22} - C:\WINDOWS\system32\eyosilfs.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll

O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll

O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"

O4 - HKLM\..\Run: [symantec NetDriver Monitor] C:\PROGRA~1\SYMNET~1\SNDMon.exe /Consumer

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE

O4 - HKLM\..\Run: [Mircosoft Windows Development Environment] devenv.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"

O4 - HKLM\..\Run: [ApachInc] rundll32.exe "C:\WINDOWS\system32\fnoptxjj.dll",realset

O4 - HKLM\..\Run: [j4251738] rundll32 C:\WINDOWS\system32\j4251738.dll sook

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized

O4 - HKLM\..\RunServices: [Mircosoft Windows Development Environment] devenv.exe

O4 - HKLM\..\RunServices: [Win Sync montr] winsyncupx.exe

O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

O4 - HKCU\..\Run: [bgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\lib\NMBgMonitor.exe"

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [spybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe

O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe

O4 - Global Startup: AutoCAD Startup Accelerator.lnk = C:\Program Files\Common Files\Autodesk Shared\acstart17.exe

O4 - Global Startup: Google Updater.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: &D&ownload &with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm

O8 - Extra context menu item: &D&ownload all video with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm

O8 - Extra context menu item: &D&ownload all with BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O11 - Options group: [iNTERNATIONAL] International*

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://javadl-esd.sun.com/update/1.6.0/jin...ows-i586-jc.cab

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab

O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O20 - Winlogon Notify: BITS - C:\WINDOWS\System32\Systen.dll

O20 - Winlogon Notify: jkkjh - C:\WINDOWS\system32\jkkjh.dll

O20 - Winlogon Notify: ssqrs - C:\WINDOWS\system32\ssqrs.dll (file missing)

O20 - Winlogon Notify: urqrpno - C:\WINDOWS\SYSTEM32\urqrpno.dll

O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe

O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe

O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe

O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe

O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe

O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe

O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: jay2002.3322.org - Unknown owner - C:\WINDOWS\system32\jay2002.3322.org.exe

O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE

O23 - Service: mental ray 3.5 Satellite (32-bit) (mi-raysat_3dsmax9_32) - Unknown owner - C:\Program Files\Autodesk\3ds Max 9\mentalray\satellite\raysat_3dsmax9_32server.exe

O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe

O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe

O23 - Service: Spyware Doctor Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\svcntaux.exe

O23 - Service: Spyware Doctor Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\swdsvc.exe

O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe

O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe

O23 - Service: Windows for xp - Unknown owner - C:\WINDOWS\WINDOWS.exe

O23 - Service: Ô¶³Ì¼à¿Ø¹ÜÀí. - Unknown owner - C:\WINDOWS\alg.exe

 

And finally, I did one online scan with F-Secure:

 

Scanning Report

Saturday, June 09, 2007 19:49:31 - 23:28:25

Computer name: JOLE

Scanning type: Scan system for viruses, rootkits, spyware

Target: C:\

 

 

--------------------------------------------------------------------------------

 

Result: 286 malware found

Adware.BHO(generic) (spyware)

System

Backdoor.Win32.Agent.fs (virus)

C:\WINDOWS\SYSTEM32\JAY2002.3322.ORG.DLL

C:\WINDOWS\SYSTEM32\JAY2002.3322.ORG.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(0).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(27).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(52).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(79).EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8LGPUPWH\123[1].EXE

Backdoor.Win32.Hupigon.cwd (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5F0C250E.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6F536B25.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\70246A3F.EXE

Backdoor.Win32.Hupigon.dsx (virus)

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(1)EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\NGB7QOM4\999[1].EXE

Backdoor.Win32.Hupigon.eml (virus)

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(100).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(101).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(102).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(103).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(104).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(105).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(106).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(107).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(113).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(117).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(118).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(119).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(120).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(121).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(122).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(126).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(127).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(128).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(129).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(130).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(92).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(93).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(94).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(98).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(99).EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\WHGFULIV\444[1].EXE

Backdoor.Win32.Hupigon.gs (virus)

C:\WINDOWS\TEMP\8.EXE

C:\WINDOWS\SYSTEM32\SF.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\684F53D5.EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(1).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(10).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(108).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(109).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(11).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(110).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(111).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(112).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(114).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(115).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(116).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(12).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(123).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(124).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(125).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(13).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(14).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(15).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(16).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(17).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(18).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(19).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(2).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(20).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(21).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(22).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(23).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(24).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(25).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(26).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(28).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(29).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(3).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(30).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(31).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(32).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(33).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(34).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(35).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(36).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(37).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(38).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(39).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(4).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(40).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(41).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(42).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(43).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(44).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(45).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(46).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(47).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(48).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(49).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(5).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(50).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(51).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(53).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(54).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(55).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(56).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(57).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(58).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(59).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(6).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(60).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(61).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(62).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(63).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(64).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(65).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(66).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(67).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(68).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(69).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(7).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(70).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(71).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(72).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(73).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(74).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(75).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(76).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(77).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(78).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(8).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(80).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(81).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(82).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(83).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(84).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(85).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(86).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(87).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(88).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(89).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(9).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(90).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(91).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(95).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(96).EXE

C:\PROGRAM FILES\COMMON FILES\MICROSOFT SHARED\MSINFO\DOWN(97).EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C90TO5QF\000[1].EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8LGPUPWH\SF[1].EXE

Backdoor.Win32.Rbot.bld (virus)

C:\WINDOWS\SYSTEM32\DEVENV.EXE

Backdoor.Win32.Small.no (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5DA2087D

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\63043E91

Hupigon.gen12 (virus)

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\NGB7QOM4\000[2].EXE

Packed.Win32.Morphine.a (virus)

C:\WINDOWS\SYSTEM32\BTCHQFTS.DLL

C:\WINDOWS\SYSTEM32\GRBNHTXB.DLL

C:\WINDOWS\SYSTEM32\SBJRSGHM.DLL

C:\WINDOWS\SYSTEM32\YTRAFLBF.DLL

C:\DOCUMENTS AND SETTINGS\USER\LOCAL SETTINGS\TEMP\MEWRQKFI.DLL

Stealth_process (hidden item)

C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE

C:\PROGRAM FILES\GRISOFT\AVG ANTI-SPYWARE 7.5\GUARD.EXE

Tracking Cookie (spyware)

System (Disinfected)

System

System

Trojan-Clicker.Win32.Small.mw (virus)

C:\WINDOWS\SYSTEM32\J4251738.DLL

Trojan-Downloader.Win32.Agent.bls (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\06EB7140.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\42321605.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\47E54E09.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7AB44343.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7D0158B9.EXE

Trojan-Dropper.Win32.Small.awa (virus)

C:\DOWNLOADS\WINRAR 3.70 BETA 6 FULL REGISTERED\WRAR37B6_REGISTERED.EXE

Trojan-Spy.Win32.Delf.uc (virus)

C:\WINDOWS\11912406.DLL

C:\WINDOWS\11912500.DLL

C:\WINDOWS\12183296.DLL

C:\WINDOWS\12183375.DLL

C:\WINDOWS\1289984.DLL

C:\WINDOWS\1290062.DLL

C:\WINDOWS\1392968.DLL

C:\WINDOWS\1393046.DLL

C:\WINDOWS\15540437.DLL

C:\WINDOWS\16020578.DLL

C:\WINDOWS\1761312.DLL

C:\WINDOWS\1808937.DLL

C:\WINDOWS\1809046.DLL

C:\WINDOWS\19352703.DLL

C:\WINDOWS\19352812.DLL

C:\WINDOWS\19494796.DLL

C:\WINDOWS\19495359.DLL

C:\WINDOWS\19509640.DLL

C:\WINDOWS\2052937.DLL

C:\WINDOWS\2053031.DLL

C:\WINDOWS\2165203.DLL

C:\WINDOWS\2165328.DLL

C:\WINDOWS\2330687.DLL

C:\WINDOWS\2330765.DLL

C:\WINDOWS\2372125.DLL

C:\WINDOWS\2372218.DLL

C:\WINDOWS\23754421.DLL

C:\WINDOWS\23754671.DLL

C:\WINDOWS\2462671.DLL

C:\WINDOWS\26076859.DLL

C:\WINDOWS\26077671.DLL

C:\WINDOWS\26080953.DLL

C:\WINDOWS\26081046.DLL

C:\WINDOWS\2700375.DLL

C:\WINDOWS\3781546.DLL

C:\WINDOWS\3781984.DLL

C:\WINDOWS\4429250.DLL

C:\WINDOWS\745593.DLL

C:\WINDOWS\875406.DLL

C:\WINDOWS\886859.DLL

C:\WINDOWS\886921.DLL

C:\WINDOWS\TEMP\������.EXE

C:\WINDOWS\SYSTEM32\SYSTEN.DLL

C:\WINDOWS\SYSTEM32\������.EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C90TO5QF\22[1].EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\C90TO5QF\NOOT[1].EXE

C:\DOCUMENTS AND SETTINGS\LOCALSERVICE\LOCAL SETTINGS\TEMPORARY INTERNET FILES\CONTENT.IE5\8LGPUPWH\30X1.B4C580P-9423%C3D3BB3%C3[1].EXE

Trojan-Spy.Win32.VBStat.h (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\067724D1.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\07F6641A.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\08BA16EA.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\08DD791E.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0B0A1B89.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0BC57C1D.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\12856A6A.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\13E26CE7.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\14B46449.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\16827B30.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\21DD1980.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\235C34FB.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\24093FF3.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\270B08FE.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\28CA3D4C.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\299730C7.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\2E996585.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\34AE7A04.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\37332E93.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\37C80BBD.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\3DAD3F86.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\40E000D2.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\42D66D7F.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\47AF402A.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4BD54C48.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4E1F5E91.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4E914449.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4F2C7BBE.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\511024B3.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\525949A3.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\57F100F3.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5B901F25.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5BC17F84.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5CDE145E.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\5FC16A07.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\61913409.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\621F18E2.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\62D42F80.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\652F36D5.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\68F713CF.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6BF677B4.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6D960BAA.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6DE0450B.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6FE54037.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\752E0BE5.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\762E5675.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\76383B4F.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7792333D.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\794E1E21.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7CCD38F2.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7E7C5F18.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7EAD7BB1.DLL

Trojan.Win32.Agent.anr (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\0D272772.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\51BD235B.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6BC70193.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6C1C4536.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6C361519.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7C47628F.EXE

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\7CAD781F.EXE

Trojan.Win32.BHO.bd (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\21751EC9.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\352546D5.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\511B677D.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\652538E0.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6895283B.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\6F573BF0.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\733C1A82.DLL

Trojan.Win32.BHO.g (virus)

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\19FD56C6.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\1F47132F.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\32A84B92.DLL

C:\PROGRAM FILES\NORTON ANTIVIRUS\QUARANTINE\4D903C43.DLL

Trojan.Win32.BHO.o (virus)

C:\WINDOWS\SYSTEM32\EYOSILFS.DLL

W32/BHO.QG (virus)

C:\WINDOWS\SYSTEM32\CCNWYWQG.DLL

 

--------------------------------------------------------------------------------

 

Statistics

Scanned:

Files: 40258

System: 5975

Not scanned: 7

Actions:

Disinfected: 1

Renamed: 0

Deleted: 0

None: 285

Submitted: 0

Files not scanned:

C:\HIBERFIL.SYS

C:\PAGEFILE.SYS

C:\WINDOWS\ALG.EXE

C:\WINDOWS\WINDOWS.EXE

C:\WINDOWS\SYSTEM32\JKKJH.DLL

C:\WINDOWS\SYSTEM32\URQRPNO.DLL

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT

 

--------------------------------------------------------------------------------

 

Options

Scanning engines:

F-Secure Libra: 2.4.2, 2007-06-08

F-Secure AVP: 7.0.171, 2007-06-09

F-Secure Orion: 1.2.37, 2007-06-08

F-Secure Blacklight: 1.0.53

F-Secure Draco: 1.0.35, 0260-23-12

F-Secure Pegasus: 1.19.0, 2007-04-28

Scanning options:

Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB BAT LNK ANI AVB CEO CMD LSP MAP MHT MIF PDF PHP POT WMF NWS TAR TGZ WSF ZL? {* ZIP JAR ARJ LZH TAR TGZ GZ CAB RAR BZ2 HQX

Use Advanced heuristics

 

Please HELP!!! :blush:

 

Thanks a lot in advance

Ajvar

Share this post


Link to post
Share on other sites

Welcome to SWI. We apologize for the delay; our helpers have been very busy.

If you have not received help after 3 days, please CLICK HERE, and post a link to your log and the date it was originally posted.

 

Thank you for your patience.

 

[this is an automated reply]

Share this post


Link to post
Share on other sites

Please download VundoFix.exe

to your desktop.

  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

Note: It is possible that VundoFix encountered a file it could not remove.

In this case, VundoFix will run on reboot, simply follow the above

instructions starting from "Click the Scan for Vundo button." when

VundoFix appears at reboot.

Share this post


Link to post
Share on other sites
Sign in to follow this  
Followers 0