Thread: ms-dos popups and security alert,computer is infected popup
View Single Post
Old 03-03-2006, 11:22 PM   #3 (permalink)
jkill2001
Registered User
 
Join Date: Sep 2005
Posts: 65
OS: xp


Logfile of HijackThis v1.99.1
Scan saved at 12:19:39 AM, on 3/4/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
E:\WINDOWS\System32\snmp.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\Explorer.EXE
E:\Program Files\Common Files\AOL\1103770708\ee\AOLSoftware.exe
E:\Program Files\iTunes\iTunesHelper.exe
E:\Program Files\America Online 9.0c\waol.exe
E:\Program Files\iPod\bin\iPodService.exe
E:\Program Files\America Online 9.0c\shellmon.exe
E:\Documents and Settings\Jon\Desktop\hijackthis\HijackThis.exe

O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - E:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [HostManager] E:\Program Files\Common Files\AOL\1103770708\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [iTunesHelper] "E:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [HDAudio] E:\WINDOWS\hda.exe
O4 - HKLM\..\Run: [SpyFalcon] E:\Program Files\SpyFalcon\SpyFalcon.exe /h
O4 - HKCU\..\Run: [AOL Fast Start] "E:\Program Files\America Online 9.0c\AOL.EXE" -b
O8 - Extra context menu item: &Yahoo! Search - file:///E:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Yahoo! &Dictionary - file:///E:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///E:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///E:\Program Files\Yahoo!\Common/ycsms.htm
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/downloads/k...an_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - E:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O20 - Winlogon Notify: igfxcui - E:\WINDOWS\SYSTEM32\igfxsrvc.dll
O23 - Service: Adobe LM Service - Unknown owner - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online - E:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - E:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: ewido security suite control - ewido networks - E:\Program Files\ewido anti-malware\ewidoctrl.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - E:\Program Files\iPod\bin\iPodService.exe

-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Saturday, March 04, 2006 00:17:59
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 4/03/2006
Kaspersky Anti-Virus database records: 169076
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
A:\
C:\
D:\
E:\
G:\

Scan Statistics:
Total number of scanned objects: 138510
Number of viruses found: 42
Number of infected objects: 110
Number of suspicious objects: 0
Duration of the scan process: 9622 sec

Infected Object Name - Virus Name
C:\WINDOWS\system32\drivers\etc\hosts Infected: Trojan.Win32.Qhost
E:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\jon\Cache\32C43BD2d01 Infected: Trojan-Clicker.JS.Linker.h
E:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\jon\Cache\6933A524d01 Infected: Trojan-Clicker.JS.Linker.h
E:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\jon\Cache\794D1DF9d01 Infected: Trojan-Clicker.HTML.IFrame.b
E:\Documents and Settings\Jon\Desktop\hijackthis\backups\backup-20060302-120952-349.dll Infected: Trojan-Downloader.Win32.Zlob.ht
E:\Documents and Settings\Jon\Desktop\hijackthis\backups\backup-20060302-221736-612.dll Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP394\A0043966.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP403\A0044260.dll Infected: Trojan-Downloader.Win32.Agent.bc
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP403\A0044262.dll Infected: Trojan.Win32.StartPage.vh
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP403\A0044263.dll Infected: Trojan-Downloader.Win32.Agent.bc
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP403\A0044264.dll Infected: Trojan-Downloader.Win32.Agent.bc
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP403\A0044267.dll Infected: Trojan-Downloader.Win32.Agent.li
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP403\A0044270.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP403\A0044271.dll Infected: Trojan-Downloader.Win32.Dyfuca.gen
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP408\A0044346.exe Infected: Trojan-Downloader.Win32.Zlob.dl
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP408\A0044347.tlb Infected: Trojan-Downloader.Win32.Zlob.dl
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP408\A0044348.exe Infected: Trojan-Downloader.Win32.Zlob.bu
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP408\A0044352.dll Infected: Trojan-Downloader.Win32.Zlob.dp
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP408\A0044353.dll Infected: Trojan-Downloader.Win32.Zlob.dl
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP408\A0044354.dll Infected: Trojan-Downloader.Win32.Zlob.dl
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP409\A0044379.exe Infected: Trojan.Win32.Agent.il
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP409\A0044380.tlb Infected: Trojan-Downloader.Win32.Zlob.do
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP409\A0044381.exe Infected: Trojan-Downloader.Win32.Zlob.do
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP410\A0044389.exe Infected: Trojan.Win32.Agent.il
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP410\A0044390.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP413\A0044457.dll Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP413\A0044458.dll Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044515.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044689.exe Infected: Trojan-Downloader.Win32.Zlob.bu
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044690.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044691.exe Infected: Trojan-Downloader.Win32.Small.cca
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044718.exe Infected: Trojan.Win32.TopAntiSpyware.n
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044738.exe Infected: Trojan-Downloader.Win32.Swizzor.k
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044739.exe Infected: Trojan.Win32.Pakes
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044740.EXE Infected: Trojan-Dropper.Win32.SurfSide.a
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044743.dll Infected: Trojan-Downloader.Win32.WinShow.ak
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044744.exe Infected: Trojan-Downloader.Win32.Apropo.k
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044745.exe Infected: Trojan.Win32.Agent.bi
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044746.exe Infected: Trojan.Win32.Agent.bi
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044748.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044749.exe Infected: Trojan-Downloader.Win32.Dyfuca.ei
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044750.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044751.exe Infected: Trojan.Win32.Small.cy
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP414\A0044752.dll Infected: Trojan-Downloader.Win32.Dyfuca.dt
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044766.dll Infected: Trojan-Downloader.Win32.IstBar.nu
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044770.exe Infected: Trojan-Downloader.Win32.Dyfuca.dp
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044772.exe Infected: Trojan.Win32.Dialer.ay
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044774.EXE Infected: Trojan-Dropper.Win32.SurfSide.a
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044775.exe Infected: Trojan.Win32.Pakes
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044776.exe Infected: Trojan-Downloader.Win32.Swizzor.k
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044781.exe Infected: Trojan-Downloader.Win32.Apropo.l
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044782.dll Infected: Trojan-Downloader.Win32.Agent.br
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044786.exe Infected: Trojan.Win32.TopAntiSpyware.n
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044787.exe Infected: Trojan-Downloader.Win32.Apropo.k
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044788.ocx Infected: Trojan-Downloader.Win32.Agent.ex
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044789.exe Infected: Trojan-Downloader.Win32.Zlob.dm
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044790.exe Infected: Trojan-Downloader.Win32.Small.cca
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0044791.exe Infected: Trojan-Downloader.Win32.Zlob.bu
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0045146.dll Infected: Trojan-Downloader.Win32.Agent.br
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0045201.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0045235.dll Infected: Trojan-Downloader.Win32.Agent.br
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0045236.exe Infected: Trojan-Downloader.Win32.Zlob.dm
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0045237.dll Infected: not-virus:Hoax.Win32.Renos.ak
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0045246.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP415\A0045271.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP416\A0045304.dll Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP416\A0045305.dll Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP419\A0045381.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP422\A0045465.exe Infected: Trojan-Downloader.Win32.Small.ayl
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP423\A0045539.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP423\A0045556.dll Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045663.exe Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045664.exe Infected: Trojan-Downloader.Win32.Zlob.du
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045667.tlb Infected: Trojan-Downloader.Win32.Zlob.dr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045687.tlb Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045705.exe Infected: Trojan-Downloader.Win32.Zlob.fa
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045706.exe Infected: Trojan-Downloader.Win32.Zlob.fc
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045708.tlb Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045726.dll Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045727.dll Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP431\A0045728.dll Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP432\A0045751.tlb Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP434\A0046016.tlb Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP434\A0046228.tlb Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP434\A0046235.exe Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP434\A0046390.dll Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP434\A0046391.dll Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP434\A0046621.dll Infected: not-virus:Hoax.Win32.Renos.at
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP434\A0046623.tlb Infected: Trojan-Downloader.Win32.Zlob.ez
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP435\A0046668.exe/stream/data0001 Infected: Trojan.Win32.Pakes
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP435\A0046668.exe/stream Infected: Trojan.Win32.Pakes
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP435\A0046668.exe Infected: Trojan.Win32.Pakes
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP470\A0048378.exe/data0007 Infected: Trojan.Win32.Zapchast.az
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP470\A0048378.exe/data0008 Infected: Trojan-Downloader.Win32.Zlob.hr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP470\A0048378.exe Infected: Trojan-Downloader.Win32.Zlob.hr
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP470\A0048388.dll Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP471\A0048461.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP471\A0048625.exe Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP471\A0048630.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP471\A0048682.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP471\A0048711.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP472\A0048858.exe Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP472\A0048859.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP472\A0048910.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP473\A0048927.exe Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP473\A0048928.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP474\A0048972.tlb Infected: Trojan-Downloader.Win32.Zlob.ht
E:\System Volume Information\_restore{631B59A5-918D-4763-819A-7F38422A702A}\RP474\A0048974.exe Infected: Trojan-Downloader.Win32.Zlob.ht
E:\WINDOWS\system32\dfrgsrv.exe Infected: Trojan-Downloader.Win32.Zlob.hr
E:\WINDOWS\system32\dxmpp.dll Infected: not-virus:Hoax.Win32.Renos.bo

Scan process completed.


smitRem © log file
version 2.8

by noahdfear


Microsoft Windows XP [Version 5.1.2600]
The current date is: Fri 03/03/2006
The current time is: 18:28:17.26

Running from
E:\Documents and Settings\Jon\Desktop\smitRem

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Pre-run SharedTask Export

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"="Wheel Mouse Optical Driver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}\InProcServer32]
@="E:\WINDOWS\system32\dxmpp.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

checking for ShudderLTD key

ShudderLTD key not present!

checking for PSGuard.com key


PSGuard.com key not present!


checking for WinHound.com key


WinHound.com key not present!

spyaxe uninstaller NOT present
Winhound uninstaller NOT present
SpywareStrike uninstaller NOT present

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Existing Pre-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Command Line Process Viewer/Killer/Suspender for Windows NT/2000/XP V2.03
Copyright(C) 2002-2003 Craig.Peacock@beyondlogic.org
Killing PID 756 'explorer.exe'

Starting registry repairs

Registry repairs complete

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

SharedTask Export after registry fix

(GetSTS.exe) SharedTaskScheduler exporter by Lawrence Abrams (Grinler)
Copyright(C) 2006 BleepingComputer.com

Registry Pseudo-Format Mode (Not a valid reg file):

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}"="Wheel Mouse Optical Driver"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{438755C2-A8BA-11D1-B96B-00A0C90312E1}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8C7461EF-2B13-11d2-BE35-3078302C2030}\InProcServer32]
@="%SystemRoot%\System32\browseui.dll"


[HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{D1A2E7CD-F5C1-21A8-CA2C-13D0AC72D19D}\InProcServer32]
@="E:\WINDOWS\system32\dxmpp.dll"


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Deleting files

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Remaining Post-run Files


~~~ Program Files ~~~



~~~ Shortcuts ~~~



~~~ Favorites ~~~



~~~ system32 folder ~~~



~~~ Icons in System32 ~~~



~~~ Windows directory ~~~



~~~ Drive root ~~~


~~~ Miscellaneous Files/folders ~~~


~~~ Wininet.dll ~~~

CLEAN! :)

---------------------------------------------------------
ewido anti-malware - Scan report
---------------------------------------------------------

+ Created on: 8:15:46 PM, 3/3/2006
+ Report-Checksum: F09CA594

+ Scan result:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges -> Trojan.Small : Cleaned with backup
:mozilla.12:E:\Documents and Settings\Jon\Application Data\Mozilla\Firefox\Profiles\anf1i2zq.les\cookies.txt -> Spyware.Cookie.Bfast : Cleaned with backup
E:\Documents and Settings\Jon\Cookies\jon@2o7[1].txt -> Spyware.Cookie.2o7 : Cleaned with backup
E:\Documents and Settings\Jon\Cookies\jon@advertising[2].txt -> Spyware.Cookie.Advertising : Cleaned with backup
E:\Documents and Settings\Jon\Cookies\jon@bfast[2].txt -> Spyware.Cookie.Bfast : Cleaned with backup
E:\Documents and Settings\Jon\Cookies\jon@centrport[1].txt -> Spyware.Cookie.Centrport : Cleaned with backup
E:\Documents and Settings\Jon\Cookies\jon@mediaplex[2].txt -> Spyware.Cookie.Mediaplex : Cleaned with backup


::Report End


i still have the system infected popup and spy falcon but no more msdos pop up.
jkill2001 is offline