0

Good afternoon everyone,

I hope that everyone is having a fabulous day :)

I've been using the same modum and the same dial-up site for quite some time now, but I've been experiencing a problem for the last few weeks.

I connect to the Internet has usual and I'm able to access sites for about five minutes, and then all of a sudden, I can't access anything. My connection hasn't dropped, but both IE and Mozilla act like a connection isn't avalible. After this happens, I'm also unable to do live update on my virus sofeware. Any idea what might be causing this?

Thanks much,

avgoddess

2
Contributors
7
Replies
8
Views
11 Years
Discussion Span
Last Post by avgoddess
0

Well, Could be a virus preventing the browsers/programs from communitcating with the internet? But it also could be a firewall, or somthing similar. Have you recently installed a firewall of any kind?

If you want a virus check ( As malware can cause this problem often).

Download HijackThis (current verison is v1.99.1)

Make a new folder to put your HijackThis.exe into.

(Anywhere on your hard drive is fine other than your Desktop or the Temp folder. Suitable examples are:

* C:\HijackThis\
* C:\Programs\hijackthis\
* C:\Windows\My Documents\HJT\

but feel free to use any name.)

Extract and save the HijackThis download to the new folder you made. Then navigate to it and run HijackThis from there. (This is to ensure it makes the necessary backups for recovery if fixes are made) Then, doubleclick HijackThis.exe, and click Scan.

When the scan is finished, the "Scan" button will change into a "Save Log" button. Press that and copy & paste its contents in your reply. Most of what it lists will be harmless or even essential, don't try to fix anything yourself.

0

Thanks for the suggestion, tayspen. No, I haven't installed a firewall, so it's probably a virus. Here's my Hijakthis log:

Logfile of HijackThis v1.99.1
Scan saved at 10:20:33 PM, on 5/16/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\cidaemon.exe

0

Hi, that log it missing a big chunk. Are you sure you copied the whole thing? Also be sure to run it in normal mode.

Also, as this seems to be taking the route of a virus....of to the virus/spyware forum we go :)

0

Let me run it again tonight to make sure.... I'll post the results tomorrow.
Thanks so much for your help!

0

Ok, you were right :)

Here's the complete report:

Logfile of HijackThis v1.99.1
Scan saved at 10:26:22 PM, on 5/22/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Dell\AccessDirect\dadapp.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
C:\Program Files\Microsoft Money\System\Money Express.exe
C:\Program Files\Dell Support\DSAgnt.exe
C:\WINDOWS\lsass.exe
C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Apoint\Apntex.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe
C:\Program Files\Microsoft Money\System\urlmap.exe
C:\Documents and Settings\Amy\My Documents\My Deliveries\HijackThis.exe
C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dellnet.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.washingtonpost.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com
O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\ljjhi.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe
O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O15 - Trusted Zone: *.freeemotes.com
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.trendmicro.com/housecall/xscan60.cab
O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aumail4.american.edu/iNotes6W.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121029901491
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll
O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab
O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab
O20 - Winlogon Notify: ljjhi - C:\WINDOWS\system32\ljjhi.dll
O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll
O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe
O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe
O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe (file missing)

Thank you!

0

Hi, please check these items in HJT.

O2 - BHO: DosSpecFolder Object - {FDA4DFFB-2C3D-4730-8D7E-28523C7F2F67} - C:\WINDOWS\system32\ljjhi.dll

O15 - Trusted Zone: *.freeemotes.com

O16 - DPF: {3BFFE033-BF43-11D5-A271-00A024A51325} (iNotes6 Class) - https://aumail4.american.edu/iNotes6W.cab

O16 - DPF: {A762E064-A885-40E4-AC10-671BB62DC2B2} (OFMailHTMLCtl Class) - http://www.eomniform.com/OF5/nsplugins/OFMailX.cab

O20 - Winlogon Notify: ljjhi - C:\WINDOWS\system32\ljjhi.dll

O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

Click Fix Checked.

______________________________________________________

Please download VundoFix.exe to your desktop.

  • Double-click VundoFix.exe to run it.
  • Put a check next to Run VundoFix as a task.
  • You will receive a message saying vundofix will close and re-open in a minute or less. Click OK
  • When VundoFix re-opens, click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will shutdown your computer, click OK.
  • Turn your computer back on.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log.

_____________________________________________________

Please download ewido anti-malware it is a free version of the program.

  1. Install ewido anti-malware
  2. When installing, under "Additional Options" uncheck..
    • Install background guard
    • Install scan via context menu
  3. Launch ewido, there should be an icon on your desktop, double-click it.
  4. The program will now open to the main screen.
  5. When you run ewido for the first time, you may get a warning "Database could not be found!". Click OK. We will fix this in a moment.
  6. You will need to update ewido to the latest definition files.
    • On the left hand side of the main screen click update.
    • Then click on Start Update.
  7. The update will start and a progress bar will show the updates being installed.
    (the status bar at the bottom will display ("Update successful" )

If you are having problems with the updater, you can use this link to manually update ewido.
ewido manual updates

Once the updates are installed do the following:

  • Open up Ewido
  • Click on scanner
  • Click on Complete System Scan and the scan will begin.
  • You will be prompted to clean the first infection.
  • Select "Perform action on all infections", then proceed.
  • Once the scan has completed, there will be a button located on the bottom of the screen named Save report
  • Click Save report.
  • Save the report .txt file to your desktop or a location where you can find it easily.
  • Close ewido anti-malware.

Reboot.

______________________________________________________

Post the new HJT log, the ewido log, and teh vundo fix log, and we will continue the cleaning.

0

Thanks! I did everything that you suggested here are the logs:

From Hijack This:

Logfile of HijackThis v1.99.1

Scan saved at 9:08:26 PM, on 5/25/2006

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)



Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\csrss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\system32\spoolsv.exe

C:\WINDOWS\System32\cisvc.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

C:\WINDOWS\lsass.exe

C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

C:\WINDOWS\System32\nvsvc32.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\RUNDLL32.EXE

C:\Program Files\Apoint\Apoint.exe

C:\Program Files\Dell\AccessDirect\dadapp.exe

C:\WINDOWS\System32\DSentry.exe

C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe

C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

C:\Program Files\Microsoft Money\System\Money Express.exe

C:\Program Files\Dell Support\DSAgnt.exe

C:\Program Files\Apoint\Apntex.exe

C:\Program Files\ewido anti-malware\ewidoctrl.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\Microsoft Money\System\urlmap.exe

C:\Documents and Settings\Amy\My Documents\My Deliveries\HijackThis.exe



R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://www.dellnet.com[/url]

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.washingtonpost.com/[/url]

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://rd.yahoo.com/customize/ymsgr/defaults/*http://my.yahoo.com[/url]

O2 - BHO: Yahoo! Companion BHO - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll

O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O3 - Toolbar: Yahoo! Companion - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_1.dll

O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE NvQTwk,NvCplDaemon initialize

O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe

O4 - HKLM\..\Run: [DadApp] C:\Program Files\Dell\AccessDirect\dadapp.exe

O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe

O4 - HKLM\..\Run: [MoneyStartUp10.0] "C:\Program Files\Microsoft Money\System\Activation.exe"

O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"

O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\SYMANT~1\vptray.exe

O4 - HKLM\..\Run: [THGuard] "C:\Program Files\TrojanHunter 4.2\THGuard.exe"

O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\Money Express.exe"

O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll

O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {4528BBE0-4E08-11D5-AD55-00010333D0AD} - C:\Program Files\Yahoo!\Messenger\yhexbmes0819.dll

O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\System32\Shdocvw.dll

O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyviewer.dll

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - [url]http://housecall60.trendmicro.com/housecall/xscan60.cab[/url]

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - [url]http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1121029901491[/url]

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - [url]http://www.pandasoftware.com/activescan/as5/asinst.cab[/url]

O16 - DPF: {A17E30C4-A9BA-11D4-8673-60DB54C10000} (YahooYMailTo Class) - [url]http://us.dl1.yimg.com/download.yahoo.com/dl/installs/essentials/ymmapi_0727.dll[/url]

O16 - DPF: {F54C1137-5E34-4B95-95A5-BA56D4D8D743} (Secure Delivery) - [url]http://content.kontiki.com/kdx/v2.20/kontiki/kontiki/current/kdx.cab[/url]

O20 - Winlogon Notify: NavLogon - C:\WINDOWS\System32\NavLogon.dll

O23 - Service: DefWatch - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\DefWatch.exe

O23 - Service: ewido security suite control - ewido networks - C:\Program Files\ewido anti-malware\ewidoctrl.exe

O23 - Service: Local Security Authority Subsystem Service (lsass) - Unknown owner - C:\WINDOWS\lsass.exe

O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\Program Files\Symantec_Client_Security\Symantec AntiVirus\Rtvscan.exe

O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe

O23 - Service: TASKESV (TESV) - Unknown owner - C:\WINDOWS\taskcntr.exe (file missing)


VundoFix V4.2.74



Running as SYSTEM

from c:\windows\system32\VundoFix.exe



Checking Java version...



Sun Java not detected

Scan started at 7:46:43 PM 5/25/2006



Listing files found while scanning....



C:\WINDOWS\system32\ljjhi.dll

C:\WINDOWS\system32\ihjjl.ini

C:\WINDOWS\system32\ihjjl.bak1

C:\WINDOWS\system32\ihjjl.bak2

C:\WINDOWS\system32\ihjjl.ini2

C:\WINDOWS\system32\ihjjl.tmp



C:\WINDOWS\SYSTEM32\ihjjl.bak1

C:\WINDOWS\SYSTEM32\ihjjl.bak2

C:\WINDOWS\SYSTEM32\ihjjl.tmp

C:\WINDOWS\SYSTEM32\ihjjl.ini

C:\WINDOWS\SYSTEM32\ihjjl.ini2

C:\WINDOWS\SYSTEM32\ljjhi.dll

C:\WINDOWS\SYSTEM32\ihjjl.ini2

C:\WINDOWS\SYSTEM32\ihjjl.bak2

C:\WINDOWS\SYSTEM32\ihjjl.tmp

C:\WINDOWS\SYSTEM32\ihjjl.ini

C:\WINDOWS\SYSTEM32\ihjjl.ini2

C:\WINDOWS\SYSTEM32\ljjhi.dll

 Attempting to delete C:\WINDOWS\system32\ljjhi.dll

C:\WINDOWS\system32\ljjhi.dll Has been deleted!



 Attempting to delete C:\WINDOWS\system32\ihjjl.ini

C:\WINDOWS\system32\ihjjl.ini Has been deleted!



 Attempting to delete C:\WINDOWS\system32\ihjjl.bak1

C:\WINDOWS\system32\ihjjl.bak1 Has been deleted!



 Attempting to delete C:\WINDOWS\system32\ihjjl.bak2

C:\WINDOWS\system32\ihjjl.bak2 Has been deleted!



 Attempting to delete C:\WINDOWS\system32\ihjjl.ini2

C:\WINDOWS\system32\ihjjl.ini2 Has been deleted!



 Attempting to delete C:\WINDOWS\system32\ihjjl.tmp

C:\WINDOWS\system32\ihjjl.tmp Has been deleted!



Performing Repairs to the registry.

Done!

---------------------------------------------------------

 ewido anti-malware - Scan report

---------------------------------------------------------



 + Created on:          9:06:55 PM, 5/25/2006

 + Report-Checksum:     21575A5D



 + Scan result:



    C:\a.exe -> Trojan.Small.gf : Cleaned with backup

    :mozilla.18:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned with backup

    :mozilla.22:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup

    :mozilla.25:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup

    :mozilla.26:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup

    :mozilla.27:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup

    :mozilla.28:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Reliablestats : Cleaned with backup

    :mozilla.33:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned with backup

    :mozilla.35:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

    :mozilla.36:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Adserver : Cleaned with backup

    :mozilla.43:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

    :mozilla.44:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned with backup

    :mozilla.45:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

    :mozilla.46:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

    :mozilla.47:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned with backup

    :mozilla.52:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

    :mozilla.53:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned with backup

    :mozilla.55:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

    :mozilla.56:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

    :mozilla.57:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Bridgetrack : Cleaned with backup

    :mozilla.58:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup

    :mozilla.59:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned with backup

    :mozilla.60:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

    :mozilla.61:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned with backup

    :mozilla.62:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

    :mozilla.63:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

    :mozilla.64:C:\Documents and Settings\Amy\Application Data\Mozilla\Firefox\Profiles\uf0olnf4.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned with backup

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\809GT7RI\a[1].exe -> Trojan.Small.gf : Cleaned with backup

    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\809GT7RI\a[2].exe -> Trojan.Small.gf : Cleaned with backup

    C:\WINDOWS\SYSTEM32\byvwx.dll -> Downloader.ConHook.z : Cleaned with backup

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\firedaemon.exe.tcf -> Not-A-Virus.RemoteAdmin.Win32.RA.3826 : Cleaned with backup

    C:\WINDOWS\SYSTEM32\DRIVERS\ETC\JAcheck.dll -> Trojan.Warzpak.A : Cleaned with backup

    C:\WINDOWS\SYSTEM32\Media\Microsoft\MediaPlayer\Users\MSTASK_OLD.EXE.tcf -> Backdoor.Iroffer.b : Cleaned with backup

    C:\WINDOWS\SYSTEM32\Media\Microsoft\MediaPlayer\Users\OPEN_OLD.EXE.tcf -> Backdoor.Hupigon.hk : Cleaned with backup

    C:\WINDOWS\SYSTEM32\ssqrr.dll -> Downloader.ConHook.z : Cleaned with backup

    C:\WINDOWS\SYSTEM32\tusro.dll -> Downloader.ConHook.z : Cleaned with backup

    C:\WINDOWS\SYSTEM32\vtspp.dll -> Downloader.ConHook.z : Cleaned with backup

    C:\WINDOWS\SYSTEM32\wvwww.dll -> Downloader.ConHook.z : Cleaned with backup

    C:\WINDOWS\SYSTEM32\xxyww.dll -> Downloader.ConHook.z : Cleaned with backup

Edited by mike_2000_17: Fixed formatting

This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.