Hi there!
I've been having some trouble (just in the last hour or so) when i try to click the results of a google search. I get redirected to other weird (but sometimes related) websites instead of the website i'm trying to go to. Also it seems like my internet is running slightly slower than it was before i first noticed this problem. I've read the 'to do before you post' post, and have completed all the steps. Any help you could give me would be greatly appreciated.
Logfile of HijackThis v1.99.1
Scan saved at 15:31:19, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Applications\Lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\UCX.EXE
C:\Program Files\VIA\RAID\raid_tool.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Applications\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [remotecontrol] "C:\WINDOWS\system32\UCX.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VIARaidUtl] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Applications\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Applications\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Applications\Lavasoft\aawservice.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
Thanks folks,
Dave.
Redirected when clicking google results
Started by
dward
, Feb 18 2009 05:28 AM
-
This topic is locked
4 replies to this topic
#2
miekiemoes
-
- Volunteer Security Advisor
-
- 4092 posts
Malware Killer Dog
Posted 18 February 2009 - 11:41 AM
Hi,
I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!
* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.
Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
Also, please uninstall the Ask Toolbar via software > add & remove programs since this one is not recommended.
I understand that you need help in order to get rid of the malware that is present on your system - But you need to help us first..
I notice that you never scanned with an Antivirus previously before starting this thread - because you don't even have an Antivirus installed!
This is somewhat suicidal in today's digital world.
That's why I want you to install one first!!
* Please install Avira Antivirus: http://www.free-av.com/
This is a free Antivirus.
Perform a full scan with Avira and let it delete everything it is finding.
Then reboot.
After reboot, open your Avira and select "reports".
There doubleclick the report from the Full scan you have done. Click the "Report File" button and copy and paste this report in your next reply together with a new HijackThislog.
Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.
Also, please uninstall the Ask Toolbar via software > add & remove programs since this one is not recommended.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.
#3
dward
-
- Members
-
- 2 posts
Newbie
Posted 18 February 2009 - 01:43 PM
Hi Miekiemoes,
Thanks for the advice - i normally do have virus protection but i've only recently formatted my computer and i've been a bit slack getting a new one (big mistake). It all seems to be working fine now i think! I appreciate your help. Here are the logs you requested:
-------------------------------------------------
Avira AntiVir Personal
Report file date: 18 February 2009 22:21
Scanning for 1252158 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DAVID
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/17/2008 22:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/25/2008 21:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 02:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/25/2008 21:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 01:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 11:20:00
ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 2/11/2009 11:20:02
ANTIVIR3.VDF : 7.1.2.41 164352 Bytes 2/18/2009 11:20:06
Engineversion : 8.2.0.83
AEVDF.DLL : 8.1.1.0 106868 Bytes 2/18/2009 11:20:44
AESCRIPT.DLL : 8.1.1.47 348539 Bytes 2/18/2009 11:20:40
AESCN.DLL : 8.1.1.7 127347 Bytes 2/18/2009 11:20:36
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 03:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 2/18/2009 11:20:32
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2/18/2009 11:20:27
AEHEUR.DLL : 8.1.0.94 1606006 Bytes 2/18/2009 11:20:24
AEHELP.DLL : 8.1.2.0 119159 Bytes 2/18/2009 11:20:16
AEGEN.DLL : 8.1.1.17 332148 Bytes 2/18/2009 11:20:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 00:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 2/18/2009 11:20:09
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 00:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/8/2008 22:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/15/2008 23:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 02:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 01:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/11/2008 22:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 02:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 07:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 02:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 02:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 03:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 03:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 18 February 2009 22:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Wow.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'MidiAutomapClient.exe' - '1' Module(s) have been scanned
Scan process 'AutomapServer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'raid_tool.exe' - '1' Module(s) have been scanned
C:\WINDOWS\system32\UCX.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
Scan process 'UCX.EXE' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\UCX.EXE'
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'vialogsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'AskService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'UCX.EXE' has been terminated
C:\WINDOWS\system32\UCX.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] WORM/Rbot.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<remotecontrol>=sz:UCX.EXE
[NOTE] The file was deleted!
41 processes with 40 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043299.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
C:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP87\A0029716.exe
[DETECTION] Is the TR/Delf.eun Trojan
[NOTE] The file was deleted!
C:\WINDOWS\SoftwareDistribution\Download\c24a38d765ba62d5f7156bc4440273fb\BIT16.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0000._p
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\drivers\nfr.dll
[DETECTION] Is the TR/Dldr.Agent.bhyd Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Ableton Library\VSTIs\tone2_bifilter_v2.2_setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
D:\Games\GoW\Gears of War\Gears.of.War.Launcher.exe
[DETECTION] Is the TR/Agent.3628032.C Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043300.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043301.exe
[DETECTION] Is the TR/Agent.3628032.C Trojan
[NOTE] The file was deleted!
Begin scan in 'F:\'
Begin scan in 'I:\' <The Big Lad>
I:\UCX.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{58BE983C-F06C-40A5-B224-EE34EBA40537}\RP637\A0473798.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{58BE983C-F06C-40A5-B224-EE34EBA40537}\RP639\A0473902.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{670FB390-22CE-486B-B221-A4F919FC60C5}\RP493\A0125374.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP101\A0038680.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP101\A0038705.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP106\A0039892.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP106\A0040906.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP107\A0041907.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP108\A0041939.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP109\A0042958.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP110\A0043067.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043302.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP91\A0030404.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP92\A0030436.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP94\A0031632.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP95\A0031747.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP96\A0032761.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP97\A0035811.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP99\A0038549.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP99\A0038585.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
End of the scan: 18 February 2009 23:22
Used time: 1:00:36 Hour(s)
The scan has been done completely.
11676 Scanning directories
329771 Files were scanned
30 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
29 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
329739 Files not concerned
3972 Archives were scanned
4 Warnings
29 Notes
------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:48:15, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Applications\Lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Applications\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VIARaidUtl] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Applications\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Applications\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Applications\Lavasoft\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
Thanks for the advice - i normally do have virus protection but i've only recently formatted my computer and i've been a bit slack getting a new one (big mistake). It all seems to be working fine now i think! I appreciate your help. Here are the logs you requested:
-------------------------------------------------
Avira AntiVir Personal
Report file date: 18 February 2009 22:21
Scanning for 1252158 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: DAVID
Version information:
BUILD.DAT : 8.2.0.337 16934 Bytes 11/18/2008 13:05:00
AVSCAN.EXE : 8.1.4.10 315649 Bytes 11/17/2008 22:21:26
AVSCAN.DLL : 8.1.4.0 40705 Bytes 5/25/2008 21:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 6/12/2008 02:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 5/25/2008 21:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 10/27/2008 01:30:36
ANTIVIR1.VDF : 7.1.2.12 3336192 Bytes 2/11/2009 11:20:00
ANTIVIR2.VDF : 7.1.2.13 2048 Bytes 2/11/2009 11:20:02
ANTIVIR3.VDF : 7.1.2.41 164352 Bytes 2/18/2009 11:20:06
Engineversion : 8.2.0.83
AEVDF.DLL : 8.1.1.0 106868 Bytes 2/18/2009 11:20:44
AESCRIPT.DLL : 8.1.1.47 348539 Bytes 2/18/2009 11:20:40
AESCN.DLL : 8.1.1.7 127347 Bytes 2/18/2009 11:20:36
AERDL.DLL : 8.1.1.3 438645 Bytes 11/4/2008 03:58:38
AEPACK.DLL : 8.1.3.8 397684 Bytes 2/18/2009 11:20:32
AEOFFICE.DLL : 8.1.0.33 196987 Bytes 2/18/2009 11:20:27
AEHEUR.DLL : 8.1.0.94 1606006 Bytes 2/18/2009 11:20:24
AEHELP.DLL : 8.1.2.0 119159 Bytes 2/18/2009 11:20:16
AEGEN.DLL : 8.1.1.17 332148 Bytes 2/18/2009 11:20:13
AEEMU.DLL : 8.1.0.9 393588 Bytes 10/14/2008 00:05:56
AECORE.DLL : 8.1.6.6 176501 Bytes 2/18/2009 11:20:09
AEBB.DLL : 8.1.0.3 53618 Bytes 10/14/2008 00:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 7/8/2008 22:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 5/15/2008 23:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 7/31/2008 02:02:15
AVREG.DLL : 8.0.0.1 33537 Bytes 5/9/2008 01:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2/11/2008 22:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 6/12/2008 02:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 1/22/2008 07:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 6/12/2008 02:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 1/25/2008 02:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 6/12/2008 03:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 6/27/2008 03:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, I:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 18 February 2009 22:21
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'Wow.exe' - '1' Module(s) have been scanned
Scan process 'Steam.exe' - '1' Module(s) have been scanned
Scan process 'MidiAutomapClient.exe' - '1' Module(s) have been scanned
Scan process 'AutomapServer.exe' - '1' Module(s) have been scanned
Scan process 'usnsvc.exe' - '1' Module(s) have been scanned
Scan process 'CCC.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'MOM.exe' - '1' Module(s) have been scanned
Scan process 'raid_tool.exe' - '1' Module(s) have been scanned
C:\WINDOWS\system32\UCX.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
Scan process 'UCX.EXE' - '1' Module(s) have been scanned
Module is infected -> 'C:\WINDOWS\system32\UCX.EXE'
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'vialogsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'AskService.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'aawservice.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ati2evxx.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
Process 'UCX.EXE' has been terminated
C:\WINDOWS\system32\UCX.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] WORM/Rbot.Gen:[HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN]:<remotecontrol>=sz:UCX.EXE
[NOTE] The file was deleted!
41 processes with 40 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!
Boot sector 'I:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '56' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043299.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
C:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP87\A0029716.exe
[DETECTION] Is the TR/Delf.eun Trojan
[NOTE] The file was deleted!
C:\WINDOWS\SoftwareDistribution\Download\c24a38d765ba62d5f7156bc4440273fb\BIT16.tmp
[0] Archive type: CAB (Microsoft)
--> _sfx_0000._p
[WARNING] No further files can be extracted from this archive. The archive will be closed
C:\WINDOWS\system32\drivers\nfr.dll
[DETECTION] Is the TR/Dldr.Agent.bhyd Trojan
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\'
D:\Ableton Library\VSTIs\tone2_bifilter_v2.2_setup.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
D:\Games\GoW\Gears of War\Gears.of.War.Launcher.exe
[DETECTION] Is the TR/Agent.3628032.C Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043300.exe
[DETECTION] Is the TR/Dropper.Gen Trojan
[NOTE] The file was deleted!
D:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043301.exe
[DETECTION] Is the TR/Agent.3628032.C Trojan
[NOTE] The file was deleted!
Begin scan in 'F:\'
Begin scan in 'I:\' <The Big Lad>
I:\UCX.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{58BE983C-F06C-40A5-B224-EE34EBA40537}\RP637\A0473798.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{58BE983C-F06C-40A5-B224-EE34EBA40537}\RP639\A0473902.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{670FB390-22CE-486B-B221-A4F919FC60C5}\RP493\A0125374.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP101\A0038680.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP101\A0038705.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP106\A0039892.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP106\A0040906.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP107\A0041907.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP108\A0041939.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP109\A0042958.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP110\A0043067.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP112\A0043302.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP91\A0030404.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP92\A0030436.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP94\A0031632.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP95\A0031747.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP96\A0032761.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP97\A0035811.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP99\A0038549.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
I:\System Volume Information\_restore{86A6723E-9BFD-46C3-AE78-F2673F6C4D79}\RP99\A0038585.EXE
[DETECTION] Contains recognition pattern of the WORM/Rbot.Gen worm
[NOTE] The file was deleted!
End of the scan: 18 February 2009 23:22
Used time: 1:00:36 Hour(s)
The scan has been done completely.
11676 Scanning directories
329771 Files were scanned
30 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
29 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
329739 Files not concerned
3972 Archives were scanned
4 Warnings
29 Notes
------------------------------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 23:48:15, on 18/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Applications\Lavasoft\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\VIA\RAID\raid_tool.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Applications\DAEMON Tools Lite\daemon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\VIA\RAID\vialogsv.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [VIARaidUtl] "C:\Program Files\VIA\RAID\raid_tool.exe"
O4 - HKLM\..\Run: [SoundMan] "C:\WINDOWS\SOUNDMAN.EXE"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Applications\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Startup: ERUNT AutoBackup.lnk = C:\Applications\ERUNT\AUTOBACK.EXE
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
O20 - Winlogon Notify: dimsntfy - %SystemRoot%\System32\dimsntfy.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Applications\Lavasoft\aawservice.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: VRAID Log Service - Unknown owner - C:\Program Files\VIA\RAID\vialogsv.exe
#4
miekiemoes
-
- Volunteer Security Advisor
-
- 4092 posts
Malware Killer Dog
Posted 18 February 2009 - 03:46 PM
Hi,
I see the Ask Toolbar is still present. Please uninstall it as I requested.
Then reboot.
After reboot,
Then,
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Post a new HijackThislog in your next reply and let me know how things are now.
I see the Ask Toolbar is still present. Please uninstall it as I requested.
Then reboot.
After reboot,
Then,
* Start HijackThis, close all open windows leaving only HijackThis running. Place a check against each of the following if still present:
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:7070
O2 - BHO: AskBar BHO - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O3 - Toolbar: Ask Toolbar - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll
O23 - Service: ASKService - Unknown owner - C:\Program Files\AskBarDis\bar\bin\AskService.exe
* Click on Fix Checked when finished and exit HijackThis.
Make sure your Internet Explorer is closed when you click Fix Checked!
Post a new HijackThislog in your next reply and let me know how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.
#5
miekiemoes
-
- Volunteer Security Advisor
-
- 4092 posts
Malware Killer Dog
Posted 02 March 2009 - 12:36 AM
Due to lack of feedback, this topic has been closed.
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.
Everyone else please begin a New Topic.
Thank You !
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow!---My Blog---Follow me on Twitter.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.
DO NOT POST your problem or log in someone elses thread, even though you are having the same problems. This to avoid confusion. Start a new thread instead and someone will help you asap.
Bumping your thread won't help to receive help in a faster way, this since we always look at the posts with 0 replies first. If you bump your thread, we assume that someone is already helping you, so your thread may be ignored.
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users
