[The3vil1]

I recently ran RAV Antivirus - Scan Online and it found 10 infections, what should I do?

Here is the scan log:

Scan started at 1/18/2005 4:42:15 PM

Scanning memory...
Scanning boot sectors...
Scanning files...
C:\Documents and Settings\Mike\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\javainstaller.jar-4514e5ea-5bfa609f.zip->javainstaller/InstallerApplet.class - TrojanDownloader:Java/OpenStream.I -> Infected
C:\Documents and Settings\Mike\Local Settings\Temp\iinstall.exe - TrojanDownloader:Win32/IstBar.GF -> Suspicious
C:\Documents and Settings\Mike\Local Settings\Temp\optimize.exe - TrojanDownloader:Win32/Dyfuca.CZ -> Infected
C:\Program Files\Internet Explorer\dhosfgyx.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\Program Files\Internet Explorer\exvqmbpp.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\Program Files\Internet Explorer\voppqixb.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\WINDOWS\emiqj.exe - TrojanDownloader:Win32/IstBar.GC -> Infected
C:\WINDOWS\SSK_B5.EXE - TrojanDropper:Win32/Small.NF -> Infected
C:\WINDOWS\Downloaded Program Files\exvqmbpp.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\WINDOWS\Downloaded Program Files\server.exe - TrojanDropper:Win32/Small.gen -> Infected
C:\WINDOWS\system32\dnsauth.dll - TrojanProxy:Win32/Webber.L -> Infected
C:\WINDOWS\system32\dx9vbc.dll - TrojanProxy:Win32/Webber.M -> Infected
C:\WINDOWS\system32\hded.dll - HackTool:Win32/Hidproc.A -> Infected
C:\WINDOWS\system32\hdji.dll - HackTool:Win32/Hidproc.A -> Infected
C:\WINDOWS\system32\hdrq.dll - HackTool:Win32/Hidproc.A -> Infected
C:\WINDOWS\system32\iecust.dll - Trojan:Win32/StartPage.PU -> Infected
C:\WINDOWS\system32\msde.dll - TrojanDownloader:Win32/Agent.EX -> Infected
C:\WINDOWS\system32\msef.dll - TrojanDownloader:Win32/Agent.EX -> Infected
C:\WINDOWS\system32\mshi.dll - TrojanDownloader:Win32/Agent.EX -> Infected
C:\WINDOWS\system32\msst.dll - TrojanDownloader:Win32/Agent.EX -> Infected
C:\WINDOWS\system32\mstu.dll - TrojanDownloader:Win32/Agent.EX -> Infected
C:\WINDOWS\system32\setvers.exe->(UPXW) - TrojanDropper:Win32/Small.NA -> Suspicious

Scanned
============================
Objects: 27883
Directories: 1872
Archives: 6143
Size(Kb): 714108
Infected files: 20

Found
============================
Viruses found: 10
Suspicious files: 2
Disinfected files: 0
Mail files: 49

My current Highjack This log:

Logfile of HijackThis v1.99.0
Scan saved at 5:00:25 PM, on 1/18/2005
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\rundll32.exe
C:\Program Files\PREVX\Prevx Home\SAGUI.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\SpywareGuard\sgbhp.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\PREVX\Prevx Home\PXAgent.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Adobe\Photoshop 7.0\Photoshop.exe
C:\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: SpywareGuard Download Protection - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [PrevxHome] C:\Program Files\PREVX\Prevx Home\SAGUI.exe
O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NVMCTRAY.DLL,NvTaskbarInit
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Steam] C:\Program Files\Valve\Steam\Steam.exe -silent
O4 - HKCU\..\Run: [WrCtrl] C:\Program Files\Kerio\WinRoute Firewall\WrCtrl.exe
O4 - Startup: Quick Macros.lnk = C:\Program Files\Quick Macros 2\qm.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://www.pandasoftware.com/activescan/as5/asinst.cab
O16 - DPF: {A3009861-330C-4E10-822B-39D16EC8829D} (CRAVOnline Object) - http://www.ravantivirus.com/scan/ravonline.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O23 - Service: NVIDIA Display Driver Service - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Prevx Agent - Prevx Ltd. - C:\Program Files\PREVX\Prevx Home\PXAgent.exe

 

[MFDnNC]

RAV did good, the log looks ok.

Delete all files in this folder C:\Documents and Settings\Mike\Local Settings\Temp

I assume you know what this is C:\Program Files\Quick Macros 2\qm.exe

 

[The3vil1]

RAV did not disinfect any files it just found them?

Yea, I know what quick macros is, thats the macros program I use.

Thanks

 

[MFDnNC]

Not sure how it works, but I suspect it removed them as it could not clean them as they are not legit files.

You could look for them and delete them - Delete everything in this folder

C:\Documents and Settings\Mike\Local Settings\Temp

Turn off and then back on your restore points

http://service1.symantec.com/SUPPOR...2001111912274039?OpenDocument&src=sec_doc_nam

Please get these for the future

SpywareBlaster http://www.javacoolsoftware.com/spywareblaster.html
AdAware SE http://www.majorgeeks.com/download506.html
SpyBot S&D 1.3 http://www.safer-networking.org/en/download/

DL them (they are free), install them, check each for their
definition updates and then run AdAware and Spybot, fixing anything
they say.

In SpywareBlaster - Always enable all protection after updates
SpyBot - After an update run immunize