Jump to content

Recommended Posts

Hi,

I have two friends who's teenagers managed to infect both their pc's with the same spyware. I have used Rubber Ducky's instructions and managed to clean both machines to a working standard but there are a couple of issues left. I will tell you about this machine only at this stage as the other one had to be returned for a short period. The escan antivirus toolkit won't work. It says the system clock is wrong. Java won't install on the machine. It gives a strange message about not finding an old file to update. Then it says it has found a file of the same name but the contents are different so no changes will be made. The installer then gives a code 1722 error and rolls back the install. I used avast as the anti virus and it wouldn't do updates saying the registration was out of date because the system date was Jan, 1st, 1970. I think I fixed that by uninstalling, downloading and reinstalling a new copy and registering it anew. I have done a HJT log as I am now out of my depth. Any help you can give would be appreciated.

HJT Log is:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 3:31:02 PM, on 25/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\System32\sistray.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\WINDOWS\system32\spoolsv.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\OPLIMIT\ocrawr32.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\WINDOWS\system32\wuauclt.exe

C:\Documents and Settings\Sue\Desktop\security tools\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.magentic.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\SYSTEM32\SANKBSDH.DLL (file missing)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\SYSTEM32\JGZWUKMV.DLL (file missing)

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\JGZWUKMV.DLL (file missing)

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\ChkFont.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic] C:\DOCUME~1\Sue\LOCALS~1\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic -skip_dialog language -skip_dialog info -skip_dialog my_start

O4 - HKLM\..\Run: [4cdf0204] rundll32.exe "C:\WINDOWS\system32\gbibjyqc.dll",b

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE

O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) - http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab

O17 - HKLM\System\CCS\Services\Tcpip\..\{D05DB1E9-169F-45EC-9099-477D57742EF2}: NameServer = 192.168.0.1,192.168.1.1

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O20 - Winlogon Notify: cbxywus - cbxywus.dll (file missing)

O20 - Winlogon Notify: jgzwukmv - jgzwukmv.dll (file missing)

O20 - Winlogon Notify: opnmnki - opnmnki.dll (file missing)

O20 - Winlogon Notify: tuvssqp - tuvssqp.dll (file missing)

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7730 bytes

Link to post
Share on other sites

Hi,

Fix the following items in HijackThis;

O2 - BHO: (no name) - {89AD4D75-2429-462e-BD4E-443F233F6033} - C:\WINDOWS\SYSTEM32\SANKBSDH.DLL (file missing)

O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\SYSTEM32\JGZWUKMV.DLL (file missing)

O3 - Toolbar: Security Toolbar - {11A69AE4-FBED-4832-A2BF-45AF82825583} - C:\WINDOWS\SYSTEM32\JGZWUKMV.DLL (file missing)

O4 - HKLM\..\Run: [4cdf0204] rundll32.exe "C:\WINDOWS\system32\gbibjyqc.dll",b

O4 - HKCU\..\Run: [License Manager] "C:\Program Files\License_Manager\license_manager.exe " /silent

O20 - Winlogon Notify: cbxywus - cbxywus.dll (file missing)

O20 - Winlogon Notify: jgzwukmv - jgzwukmv.dll (file missing)

O20 - Winlogon Notify: opnmnki - opnmnki.dll (file missing)

O20 - Winlogon Notify: tuvssqp - tuvssqp.dll (file missing)

Check the file C:\WINDOWS\system32\gbibjyqc.dll on www.virustotal.com

(save the results from that)

Restart your system en run HijackThis again and post the new logfile and the virustotal results from the file C:\WINDOWS\system32\gbibjyqc.dll

Link to post
Share on other sites

Hi ctraltdelete,

Thanks for the assist, new HJT log as follows:

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 9:25:15 PM, on 25/10/2007

Platform: Windows XP SP2 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Boot mode: Normal

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Ahead\InCD\InCDsrv.exe

C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe

C:\Program Files\Alwil Software\Avast4\ashServ.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\htpatch.exe

C:\WINDOWS\System32\sistray.EXE

C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

C:\Program Files\Ahead\InCD\InCD.exe

C:\Program Files\Microsoft Hardware\Keyboard\type32.exe

C:\Program Files\Microsoft Hardware\Mouse\point32.exe

C:\Program Files\HP\hpcoretech\hpcmpmgr.exe

C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

C:\Program Files\QuickTime\qttask.exe

C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

C:\WINDOWS\system32\ctfmon.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Adobe\Acrobat 6.0\Distillr\acrotray.exe

C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Program Files\Ulead Systems\Ulead Photo Express 2 SE\CalCheck.exe

C:\Program Files\WinZip\WZQKPICK.EXE

C:\WINDOWS\system32\ntvdm.exe

C:\PROGRA~1\INCRED~1\bin\IMApp.exe

C:\PROGRA~1\Magentic\bin\MgApp.exe

C:\OPLIMIT\ocrawr32.exe

C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

C:\WINDOWS\System32\svchost.exe

C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe

C:\Program Files\Alwil Software\Avast4\ashWebSv.exe

C:\WINDOWS\system32\WgaTray.exe

C:\Program Files\Alwil Software\Avast4\setup\avast.setup

C:\Documents and Settings\Sue\Desktop\security tools\HiJackThis.exe

C:\WINDOWS\system32\wuauclt.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar =

http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page =

http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =

http://mystart.magentic.com/

R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) =

http://g.ninemsn.com.au/0SEENAU/SAOS01?FORM=TOOLBR

O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -

C:\PROGRA~1\SPYBOT~1\SDHelper.dll

O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program

Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll

O4 - HKLM\..\Run: [HTpatch] C:\WINDOWS\htpatch.exe

O4 - HKLM\..\Run: [siS Tray] C:\WINDOWS\System32\sistray.EXE

O4 - HKLM\..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe

O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe

O4 - HKLM\..\Run: [inCD] C:\Program Files\Ahead\InCD\InCD.exe

O4 - HKLM\..\Run: [intelliType] "C:\Program Files\Microsoft Hardware\Keyboard\type32.exe"

O4 - HKLM\..\Run: [POINTER] point32.exe

O4 - HKLM\..\Run: [PE2CKFNT SE] C:\Program Files\Ulead Systems\Ulead Photo Express 2

SE\ChkFont.exe

O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"

O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic]

C:\DOCUME~1\Sue\LOCALS~1\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product

Magentic -skip_dialog language -skip_dialog info -skip_dialog my_start

O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe

O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background

O4 - HKCU\..\Run: [Magentic] C:\PROGRA~1\Magentic\bin\Magentic.exe /c

O4 - HKCU\..\Run: [incrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL

SERVICE')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK

SERVICE')

O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')

O4 - Startup: OCRAWARE.lnk = C:\OPLIMIT\OCRAWARE.EXE

O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat

6.0\Distillr\acrotray.exe

O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital

Imaging\bin\hpqtra08.exe

O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft

Office\Office10\OSA.EXE

O4 - Global Startup: Photo Express Calendar Checker SE.lnk = C:\Program Files\Ulead

Systems\Ulead Photo Express 2 SE\CalCheck.exe

O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE

O8 - Extra context menu item: E&xport to Microsoft Excel -

res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program

Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -

C:\Program Files\Messenger\msmsgs.exe

O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} (Office Genuine Advantage Validation Tool)

- http://go.microsoft.com/fwlink/?linkid=58813

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation

Tool) - http://go.microsoft.com/fwlink/?linkid=39204

O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} (Microsoft Genuine Advantage Self Support

Tool) - http://go.microsoft.com/fwlink/?LinkId=82580

O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) -

http://acs.pandasoftware.com/activescan/as5free/asinst.cab

O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) -

http://messenger.zone.msn.com/binary/Messe...nt.cab56907.cab

O16 - DPF: {D6376DD2-C2BD-49B2-A1B1-138F869633F3} (ASPRO Installer Class) -

http://acs.pandasoftware.com/activescanpro/as5/asproinst.cab

O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program

Files\Alwil Software\Avast4\aswUpdSv.exe

O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashServ.exe

O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashMaiSv.exe

O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil

Software\Avast4\ashWebSv.exe

O23 - Service: InCD Helper (InCDsrv) - Ahead Software AG - C:\Program

Files\Ahead\InCD\InCDsrv.exe

O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe

O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices,

Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

--

End of file - 7325 bytes

I have attached a pdf of the virustotal results. Thanks again :angry:

VirusTotal___Free_Online_Virus_and_Malware_Scan___Result.pdf

VirusTotal___Free_Online_Virus_and_Malware_Scan___Result.pdf

Link to post
Share on other sites

It seems a little strange to me that the incredimail installer is running on every boot.

If incredimail is installed and working fine there is no need to install it over and over again....

Fix the following in HijackThis;

O4 - HKLM\..\Run: [zzz_ImInstaller_Magentic] C:\DOCUME~1\Sue\LOCALS~1\Temp\ImInstaller\Magentic\magentic_install.exe -startup -product Magentic -skip_dialog language -skip_dialog info -skip_dialog my_start

Also check the file C:\Program Files\License_Manager\license_manager.exe on www.virustotal.com

If it is malware you can probably remove it through Control panel > software.

I also suggest to use an online virusscanner and check the system.

As NOD32 detected the Win32/Adware.Virtumonde in C:\WINDOWS\system32\gbibjyqc.dll i recommend you to use the NOD32 (Eset) online scanner.

http://www.eset.com/onlinescan/

It will remove the C:\WINDOWS\system32\gbibjyqc.dll from your system and maybe more malware if more malware is detected by the online scan.

Link to post
Share on other sites

Hi ctrlaltdelete,

:angry::P The pc appears to be totally cleaned now. That licence_manager file actually disappeared somewhere along the line.

I ran the onlinescan and would recommend it to all, found over 2,000 threats on the pc that had been "cleaned" by three other programs. I want to say that this website has been the most helpful I have found with fast replies and spot on guidance with problem solving. My congratulations to ctrlaltdelete and all the team. I will definitely be back with a HJT log from the other machine I mentioned but as afr as this thread is concerned you can mark it complete. Thanks :lol:

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.