Member Panel

Remember me ?

Forgot password?   

Sponsors and Ads

Noticeboard
PC Forum PC Help Forum » Security & Safety » [Fixed] Hijackthis! Logs » [Fixed] have i missed anything.

[Fixed] Hijackthis! Logs - [Fixed] have i missed anything. posted in the Security & Safety forums; Still need that AVG log...... Please download The Avenger to your Desktop and unzip it. Copy all the text contained in the code box below ( including the words "files ...

JOIN US NOW to remove these Ads

Post New Thread  Reply
Page 2 of 3 < 1 2 3 >
  #8  
Old 12-07-2006
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
Still need that AVG log......



Please download The Avenger to your Desktop and unzip it.
Copy all the text contained in the code box below ( including the words "files to delete" and "Registry keys to delete:" ) by highlighting it and right clicking and selecting "Copy"

Files to delete:
C:\WINDOWS\system32\wvuvvus.dll
C:\WINDOWS\system32\cool.exe
C:\WINDOWS\system32\jjjlm.bak2
C:\WINDOWS\system32\jjjlm.bak1
C:\WINDOWS\system32\mljjj.dll
C:\WINDOWS\system32\yckhfzc.dll
C:\WINDOWS\system32\drvwub.dll
C:\WINDOWS\system32\mnvwfcf.dll
C:\WINDOWS\system32\tuvuvvt.dll
C:\WINDOWS\system32\winhld32.dll

Registry keys to delete:
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhld32
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvus
Now, start The Avenger program by clicking on its icon on your desktop. Look under "Script file to execute" and click on "Input Script Manually". Next click on the Magnifying Glass icon and a blank dialogue box will open called "View/Edit script". Position your mouse inside the box, rightclick and choose Paste. All the text above in the code box should now appear there. Click Done and click on the Green Light to begin execution of the script. Answer "Yes" twice when prompted.
The Avenger will restart your computer. (if the code to execute contains "Drivers to Unload", The Avenger will actually restart your system twice.)
When you have rebooted, a black command window briefly opens on your desktop, this is normal. A logfile will be created that records all actions that The Avenger performed. This log file is saved to C:\avenger.txt. The deleted files will be backed up and saved to C:\avenger\backup.zip.

Once your computer has rebooted, please post back the contents of C:\avenger.txt, a new Hijack This log.


__________________
  • An Australian Member of
  • and
My real name is Eddy
  #9  
Old 12-07-2006
Bronze Member
My PC
 
Join Date: Dec 2006
Location: Edmonton Ab
Posts: 14
peped2k - See this Members User comments on their Profile page
Send a message via AIM to peped2k Send a message via MSN to peped2k Send a message via Yahoo to peped2k Send a message via Skype™ to peped2k
Default scan took 4 hours
the avg scan took 4 hours. sorry for the delay.. as for the no action taken quote. i followed your directions 100% and the system rebooted befor i could save the log after action was taken. but it did not quarinteen any of it it deleated it all..

---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 4:03:01 AM 07/12/2006

+ Scan result:



C:\Program Files\Common Files\Real\WeatherBug\MiniBugTransporter.dll -> Adware.Minibug : No action taken.
:mozilla.58:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.247realmedia : No action taken.
:mozilla.145:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.157:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.324:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.332:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.378:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.56:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.59:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.60:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.61:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.62:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.63:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.64:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.65:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.66:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.67:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.68:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.69:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.70:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.71:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.72:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.73:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.74:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.75:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.76:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.77:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.78:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.79:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.80:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.81:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.82:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.83:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.84:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
:mozilla.85:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.2o7 : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @adbrite[2].txt -> TrackingCookie.Adbrite : No action taken.
:mozilla.654:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Burstbeacon : No action taken.
:mozilla.140:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.655:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Burstnet : No action taken.
:mozilla.159:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Com : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @cpvfeed[2].txt -> TrackingCookie.Cpvfeed : No action taken.
:mozilla.525:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Cqcounter : No action taken.
C:\Documents and Settings\HP_Administrator\Cookies\hp_administrator @adopt.euroclick[2].txt -> TrackingCookie.Euroclick : No action taken.
:mozilla.128:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Falkag : No action taken.
:mozilla.687:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.688:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.689:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.690:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.691:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.692:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.693:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.694:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.695:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.696:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.697:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.698:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.699:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Googleadservices : No action taken.
:mozilla.253:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Hotlog : No action taken.
:mozilla.602:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.603:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.604:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.614:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.615:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Liveperson : No action taken.
:mozilla.379:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Overture : No action taken.
:mozilla.385:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.386:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Qksrv : No action taken.
:mozilla.388:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.389:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.390:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Questionmarket : No action taken.
:mozilla.412:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Revenue : No action taken.
:mozilla.192:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.193:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.194:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.195:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.196:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.197:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.198:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Ru4 : No action taken.
:mozilla.139:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.429:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.430:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.431:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.432:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.433:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Serving-sys : No action taken.
:mozilla.455:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Spylog : No action taken.
:mozilla.465:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.466:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.467:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Tacoda : No action taken.
:mozilla.483:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.484:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.485:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Tribalfusion : No action taken.
:mozilla.45:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.46:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.47:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Web-stat : No action taken.
:mozilla.521:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.522:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Yadro : No action taken.
:mozilla.529:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.530:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
:mozilla.531:C:\Documents and Settings\HP_Administrator\Application Data\Mozilla\Firefox\Profiles\nw74mgzw.default\coo kies.txt -> TrackingCookie.Yieldmanager : No action taken.
C:\WINDOWS\system32\winhld32.dll -> Trojan.Agent.vg : No action taken.


::Report end
  #10  
Old 12-07-2006
Bronze Member
My PC
 
Join Date: Dec 2006
Location: Edmonton Ab
Posts: 14
peped2k - See this Members User comments on their Profile page
Send a message via AIM to peped2k Send a message via MSN to peped2k Send a message via Yahoo to peped2k Send a message via Skype™ to peped2k
Default avenger log and latest hijack this
Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Service s\yvmfnuja

*******************

Script file located at: \??\C:\WINDOWS\system32\wjekxhbn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

File C:\WINDOWS\system32\wvuvvus.dll deleted successfully.


File C:\WINDOWS\system32\cool.exe not found!
Deletion of file C:\WINDOWS\system32\cool.exe failed!

Could not process line:
C:\WINDOWS\system32\cool.exe
Status: 0xc0000034

File C:\WINDOWS\system32\jjjlm.bak2 deleted successfully.
File C:\WINDOWS\system32\jjjlm.bak1 deleted successfully.
File C:\WINDOWS\system32\mljjj.dll deleted successfully.
File C:\WINDOWS\system32\yckhfzc.dll deleted successfully.
File C:\WINDOWS\system32\drvwub.dll deleted successfully.
File C:\WINDOWS\system32\mnvwfcf.dll deleted successfully.
File C:\WINDOWS\system32\tuvuvvt.dll deleted successfully.


File C:\WINDOWS\system32\winhld32.dll not found!
Deletion of file C:\WINDOWS\system32\winhld32.dll failed!

Could not process line:
C:\WINDOWS\system32\winhld32.dll
Status: 0xc0000034

Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\mljjj deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winhld32 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuvvus deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

Logfile of HijackThis v1.99.1
Scan saved at 4:19:55 AM, on 07/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\HP_Administrator\My Documents\My Received Files\hijackthis\HijackThis.exe

O2 - BHO: (no name) - {049FE860-CA43-A901-DCF1-06C87440F487} - C:\WINDOWS\system32\mnvwfcf.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\gwcvtfdb.dll (file missing)
O2 - BHO: (no name) - {83E9E333-14AB-43D3-8E9A-211037813CAF} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\wvuvvus.dll (file missing)
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  #11  
Old 12-07-2006
Bronze Member
My PC
 
Join Date: Dec 2006
Location: Edmonton Ab
Posts: 14
peped2k - See this Members User comments on their Profile page
Send a message via AIM to peped2k Send a message via MSN to peped2k Send a message via Yahoo to peped2k Send a message via Skype™ to peped2k
Default
thank you pancake for all your help. it seems i missed quite a bit. is spybot s & d, and zone alarm Security suite not good enoguh to catch all this stuff ? what should i be running?
  #12  
Old 12-07-2006
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
Ok.Nearly done.


Have "Hijack This" fix all the following items in the list below by placing a check in the appropriate boxes.Confirm that you have only the listed ones checked, then press <Fix checked> and Close HJT.

O2 - BHO: (no name) - {049FE860-CA43-A901-DCF1-06C87440F487} - C:\WINDOWS\system32\mnvwfcf.dll (file missing)
O2 - BHO: (no name) - {35F7813A-AF74-4474-B1DC-7EE6FB6C43C6} - C:\WINDOWS\system32\gwcvtfdb.dll (file missing)
O2 - BHO: (no name) - {83E9E333-14AB-43D3-8E9A-211037813CAF} - C:\WINDOWS\system32\mljjj.dll (file missing)
O2 - BHO: NOW!Imaging - {9AA2F14F-E956-44B8-8694-A5B615CDF341} - C:\Program Files\Netscape Accelerator\components\NOWImaging.dll (file missing)
O2 - BHO: (no name) - {C671A733-A4AA-4B5F-8CEE-006242C457B5} - C:\WINDOWS\system32\wvuvvus.dll (file missing)
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE

Post a new HJT log when done....


__________________
  • An Australian Member of
  • and
My real name is Eddy
Last edited by Pancake; 12-07-2006 at 11:48 PM.
  #13  
Old 12-08-2006
Bronze Member
My PC
 
Join Date: Dec 2006
Location: Edmonton Ab
Posts: 14
peped2k - See this Members User comments on their Profile page
Send a message via AIM to peped2k Send a message via MSN to peped2k Send a message via Yahoo to peped2k Send a message via Skype™ to peped2k
Default lated hjt log
Logfile of HijackThis v1.99.1
Scan saved at 4:03:14 PM, on 07/12/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\windows\system\hpsysdrv.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\arservice.exe
C:\WINDOWS\system32\ZoneLabs\isafe.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\dllhost.exe
C:\PROGRA~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.ex e
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\mace.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\HP_Administrator\My Documents\My Received Files\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [ATIMACE] C:\Program Files\ATI Technologies\ATI.ACE\MACE.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtim e.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Zone Labs Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [TSClientMSIUninstaller] cmd.exe /C "cscript %systemroot%\Installer\TSClientMsiTrans\tscuinst.v bs"
O4 - Startup: Bitcomet Ultra Accelerator.lnk = C:\Program Files\Bitcomet Ultra Accelerator\BitComet Ultra Accelerator.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/ge...sh/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: CA ISafe (CAISafe) - Computer Associates International, Inc. - C:\WINDOWS\system32\ZoneLabs\isafe.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
  #14  
Old 12-08-2006
Pancake's Avatar
Senior Security Analyst
  
Join Date: Jun 2006
Location: Victoria, Australia
Posts: 3,590
PC Experience: Elite PC Guru
Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page Pancake - See this Members User comments on their Profile page
Default
Fine...all done.Your good to go.




If you wish to do so, here are a few things that you can do that will help keep your computer a bit more clean and secure..
If you have not already done so, you might want to run Disk Cleanup and run it in each user's profile:
Run Disk Cleanup
Click "Start > Programs > Accessories > System Tools > Disk Cleanup"
Please make sure the following are checked:
-- Downloaded Program Files
-- Temporary Internet Files
-- Recycle Bin
-- Temporary Files
Click "OK" and Disk Cleanup will delete those files for you.

Now that you are clean its now is a good time to flush out your restored files.
To flush the XP System Restore Points:
(Using XP, you must be logged in as Administrator to do this.)
Go to Start>Run and type msconfig Press enter.
When msconfig opens, click the Launch System Restore Button.
On the next page, click the System Restore Settings Link on the left.
Check the box labeled Turn Off System Restore.
Reboot. Go back in and turn System Restore ON. A new Restore Point will be created.
How Do I Protect My Computer Against Future Malware Now I'm Clean.
NOTE:You may have already taken some of these steps.
Update your anti-virus software & Windows operating system on a daily or weekly basis. Microsoft also distributes updates to its operating systems. These updates fix security holes or other problems that make a computer susceptible to security breaches. How to update your Windows operating system
Know What You're Installing
Check the source.
To avoid malware, make sure your software comes from a reputable source. Be particularly suspicious of sponsored software (software that relies on advertising) or software that claims to speed up your Internet connection.
Use Custom Install.
If you feel comfortable with software installation, you can choose Custom Install (as opposed to Typical Install). Custom Install allows you to select only the software components you wish to install, and leave out others (such as potential spyware).
Modify Security Settings (Internet Explorer 6)
To reduce the risk of installing malware, you can set Internet Explorer to high security mode. To do so:
Open Internet Explorer. Go to Tools > Internet Options….
On the Internet Options screen, select the Security tab, then select the Internet icon (if it is not already selected).
Under Security level for this zone, click Default Level. Set the slider to High.
Note: You may have to lower the security level to view certain Web sites.
Next, select the Trusted Sites icon. Under Security level for this zone, click Default Level. Set the slider to Medium.
Click Apply, then OK to save the changes.
Some Recommended Protection Programs
Each tool has its own strengths for identifying and removing specific types of malware. To thoroughly check your computer, its recommend that you use more than one malware removal program. Don't forget to back up your data files before starting a scan!
Some available programs are:
Ad-Aware
SpyBot Search & Destroy
Now that you are clean, to help protect your system I recommend that you get the following free programs:
SpywareBlaster to help prevent spyware from installing.
SpywareGuard to catch and block spyware .
IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email.
WinPatrol to monitor any changes that programs make to the registry.
If you do not have a firewall, here is a free one for personal use:
ZoneAlarm
Zone Labs by Check Point Software Technologies - Home/Office Products
Zone Labs by Check Point Software Technologies - Product Comparison

Before using or purchasing any Spyware/Malware protection/removal program, always check the Rogue/Suspect Spyware List. It will save you a lot of grief, as well as money if you are thinking of purchasing. Here is the link:
Spyware Warrior: Rogue/Suspect Anti-Spyware Products & Web Sites
If you want to know just how effective your anti-spyware program is, or how well any of the "rogue" programs listed at the above link work, check this for an independent comparison of several anti-spyware programs:
Spyware Warrior: Anti-Spyware Testing (Guide)

Here is a helpful article:
"So how did I get infected in the first place?"
CastleCops So how did I get infected in the first place?
http://www.pchelpforum.com/tutorials...t-your-pc.html
Let us know if we have not resolved your problem. Otherwise, you are good to go.
Happy and Safe Surfing!


__________________
  • An Australian Member of
  • and
My real name is Eddy

Reply
Satellite TV on your PC - over 3000 Channels! Click Here!
Page 2 of 3 < 1 2 3 >

Bookmarks

« [Fixed] Music production headaches | [Resolved] Trojan help please »
Thread Tools
Email this Page