Results 1 to 4 of 4

Thread: NO virus problems for 11 years. Now it's got me good.

  1. 2007-10-06, 04:08 #1
    ricketts1
    ricketts1 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    2

    Default NO virus problems for 11 years. Now it's got me good.

    Verizon Internet Security Suite missed this one and still doesn't recognize anything when I scan my computer. I do however have boxes appearing constantly from V.I.S.S. telling me I have a virus, but it cannot delete it. I have "maximus", "trojans", and many in my windows.temp file. Here is my Hijackthis report. I do have a Kaspersky report, but it's too long to post here.

    *****HIJACKTHIS
    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\cisvc.exe
    C:\WINDOWS\System32\CTsvcCDA.exe
    C:\Program Files\Common Files\Command Software\dvpapi.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\System32\Tablet.exe
    C:\WINDOWS\wanmpsvc.exe
    C:\WINDOWS\System32\MsPMSPSv.exe
    c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    C:\windows\system\hpsysdrv.exe
    C:\WINDOWS\system32\CTHELPER.EXE
    C:\WINDOWS\system32\ps2.exe
    C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe
    C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe
    C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe
    C:\WINDOWS\system32\WDBtnMgr.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\WINDOWS\LTMSG.exe
    C:\Program Files\Adobe\Distillr\Acrotray.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
    C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
    C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\Wtablet\TabUserW.exe
    C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
    C:\Program Files\Internet Explorer\IEXPLORE.EXE
    C:\WINDOWS\system32\cidaemon.exe
    C:\Program Files\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://beaversmill.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://cgi.verizon.net/bookmarks/bmr...5&bm=ho_search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page_bak = http://beaversmill.ieasysite.com/
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Microsoft Internet Explorer provided by Verizon Online
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=localhost:1048
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = cgi*.ebay.com;disney.go.com;msa_e1.ebay.com;rhapsody_app*.listen.com;startpage.aol.com;www.macromedia.com;www.zippo.com;localhost;<local>
    O3 - Toolbar: hp toolkit - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - C:\HP\EXPLOREBAR\HPTOOLKT.DLL
    O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
    O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
    O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
    O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
    O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
    O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
    O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb05.exe
    O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\Verizon\SMARTB~1\MotiveSB.exe
    O4 - HKLM\..\Run: [IPInSightLAN 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPClient.exe" -l
    O4 - HKLM\..\Run: [IPInSightMonitor 01] "C:\Program Files\Verizon Online\Visual IP InSight\IPMon32.exe"
    O4 - HKLM\..\Run: [StorageGuard] "C:\Program Files\VERITAS Software\StorageGuard\sgtray.exe" /r
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [WD Button Manager] WDBtnMgr.exe
    O4 - HKLM\..\Run: [PinnacleDriverCheck] C:\WINDOWS\system32\\PSDrvCheck.exe
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [LTMSG] LTMSG.exe 7
    O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Distillr\Acrotray.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
    O4 - HKLM\..\Run: [WD Spindown Utility] "C:\Program Files\Western Digital Technologies\Spindown\ExSpinDn.exe"
    O4 - HKLM\..\Run: [Index Washer] C:\Program Files\Webroot\Washer\WashIdx.exe "Owner"
    O4 - HKLM\..\Run: [PCLEPCI] C:\PROGRA~1\Pinnacle\PPE\ppe.exe
    O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [IW_Drop_Icon] C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe /DropDisc
    O4 - HKCU\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NVMCTRAY.DLL,NvTaskbarInit
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\RunServicesOnce: [washindex] C:\Program Files\Washer\washidx.exe
    O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: TabUserW.exe.lnk = C:\WINDOWS\system32\Wtablet\TabUserW.exe
    O4 - Global Startup: Verizon Online Dialer.lnk = C:\Program Files\Common Files\Verizon Online\ConnMgr\Verizon Online.exe
    O4 - Global Startup: WD Backup Monitor.lnk = C:\Program Files\My Book\WD Backup\uBBMonitor.exe
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
    O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
    O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
    O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
    O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
    O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
    O9 - Extra button: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra 'Tools' menuitem: Control Pad - {28D44DAD-D1FC-4d4f-BB1B-ADF037C8DDBC} - C:\Program Files\Verizon Online\Verizon Online Control Pad\VerizonControlPad.Exe
    O9 - Extra button: (no name) - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - (no file)
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english...an_unicode.cab
    O16 - DPF: {106E49CF-797A-11D2-81A2-00E02C015623} (AlternaTIFF ActiveX) - http://www.alternatiff.com/install/00/alttiff.cab
    O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
    O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} - http://download.ebay.com/turbo_lister/US/install.cab
    O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - http://www.yorkphoto.com/YorkActivia.cab
    O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsof...?1130779563359
    O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www3.ca.com/securityadvisor/v...fo/webscan.cab
    O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.installengine.com/engine/isetup.cab
    O16 - DPF: {9B17FE0E-51F2-4692-8B32-8EFB805FC0E7} (HPObjectInstaller Class) - http://h30155.www3.hp.com/ediags/gs/...dsolutions.cab
    O16 - DPF: {A6EE3F8E-925E-11D4-892D-0000C0D84CF5} (3DCT Viewer Class) - http://www.3dcompress.com/download/3DSee.cab
    O16 - DPF: {BCBC9371-595D-11D4-A96D-00105A1CEF6C} (View22RTE Class) - http://66.242.36.115/view22/View22RTE.cab
    O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} (Personal System Administrator Control) - http://206.65.172.231/check/netset//...l/gtdowngc.cab
    O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) -
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
    O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: MSSQL$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlservr.exe" -sPINNACLESYS (file missing)
    O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Pinnacle Systems Media Service (PinnacleSys.MediaServer) - Pinnacle Systems - c:\program files\pinnacle\shared files\programs\mediaserver\pmshost.exe
    O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\fws.exe
    O23 - Service: SQLAgent$PINNACLESYS - Unknown owner - C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Binn\sqlagent.EXE" -i PINNACLESYS (file missing)
    O23 - Service: TabletService - Wacom Technology, Corp. - C:\WINDOWS\System32\Tablet.exe
    O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
  2. 2007-10-06, 04:12 #2
    ricketts1
    ricketts1 is offline
    Junior Member
    Join Date
    Oct 2007
    Posts
    2

    Default Here's the KASPERSKY report

    Scan Statistics:
    Total number of scanned objects: 213260
    Number of viruses found: 11
    Number of infected objects: 25
    Number of suspicious objects: 0
    Duration of the scan process: 07:26:24

    Infected Object Name / Virus Name / Last Action
    C:\check_LSA7.txt Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Internet Security Suite\logs\FirewallService10-03-2007--16-52-12.log Object is locked skipped
    C:\Documents and Settings\All Users\Application Data\Verizon\Verizon Internet Security Suite\logs\ServiceModel10-03-2007--16-53-17.log Object is locked skipped
    C:\Documents and Settings\Joey\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Joey\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Microsoft\Outlook\outitems.log Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\Normal.dot Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Microsoft\Templates\~WRD0004.tmp Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Microsoft\Word\STARTUP\Finereader6.sprint.dot Object is locked skipped
    C:\Documents and Settings\Owner\Application Data\Verizon\Verizon Internet Security Suite\logs\SafetyConsoleLog10-03-2007--16-53-19.log Object is locked skipped
    C:\Documents and Settings\Owner\Cookies\index.dat Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{89A92AF9-34FA-433F-A559-E3EF8093F4D7}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.young.australian.female.dbx/[From peter.andrews@optonline.net][Date Sat, 18 Sep 2004 01:05:47 GMT]/CheerLeader01.zip/CheerLeader01.scr Infected: Backdoor.Win32.Hackarmy.w skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{89A92AF9-34FA-433F-A559-E3EF8093F4D7}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.young.australian.female.dbx/[From peter.andrews@optonline.net][Date Sat, 18 Sep 2004 01:05:47 GMT]/CheerLeader01.zip Infected: Backdoor.Win32.Hackarmy.w skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Identities\{89A92AF9-34FA-433F-A559-E3EF8093F4D7}\Microsoft\Outlook Express\alt.binaries.pictures.erotica.young.australian.female.dbx Mail MS Outlook 5: infected - 2 skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/111MY EMAIL/Computer Misc./Ebay/18 May 2005 23:39 from basbleu_@excite.com:Question about shippi.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/111MY EMAIL/Computer Misc./Ebay/22 May 2005 00:15 from eBay Member: ww1-fighter-pilot:Question a.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst/Personal Folders/111MY EMAIL/Computer Misc./Ebay/22 May 2005 19:05 from eBay Member: mannt711:Question for eBay i.eml Infected: Trojan-Spy.HTML.Bayfraud.ib skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Outlook\Outlook1.pst Mail MS Mail: infected - 3 skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\History\History.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
    C:\Documents and Settings\Owner\NTUSER.DAT Object is locked skipped
    C:\Documents and Settings\Owner\ntuser.dat.LOG Object is locked skipped
    C:\eteb.exe Infected: Backdoor.Win32.Agent.bxe skipped
    C:\hp\bin\KillWind.exe Infected: not-a-virus:RiskTool.Win32.PsKill.p skipped
    C:\idhwnkqj.exe Infected: Trojan.Win32.Small.rn skipped
    C:\Program Files\FTPx\ftpx.exe Infected: not-a-virus:Server-FTP.Win32.Serv-U.l skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\master.mdf Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\mastlog.ldf Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\model.mdf Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\modellog.ldf Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext.mdf Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\PinnacleSys_GlobalContext_log.LDF Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\tempdb.mdf Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\Data\templog.ldf Object is locked skipped
    C:\Program Files\Pinnacle\MediaServer\Microsoft SQL Server\MSSQL$PINNACLESYS\LOG\ERRORLOG Object is locked skipped
    C:\Program Files\Verizon\SmartBridge\AlertFilter.log Object is locked skipped
    C:\Program Files\Verizon\SmartBridge\log\httpclient.log Object is locked skipped
    C:\Program Files\Verizon\SmartBridge\SmartBridge.log Object is locked skipped
    C:\System Volume Information\catalog.wci\00000002.ps1 Object is locked skipped
    C:\System Volume Information\catalog.wci\00000002.ps2 Object is locked skipped
    C:\System Volume Information\catalog.wci\00010002.ci Object is locked skipped
    C:\System Volume Information\catalog.wci\cicat.fid Object is locked skipped
    C:\System Volume Information\catalog.wci\cicat.hsh Object is locked skipped
    C:\System Volume Information\catalog.wci\CiCL0001.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiP10000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiP20000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiPT0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiSL0001.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiSP0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiST0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\CiVP0000.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\INDEX.000 Object is locked skipped
    C:\System Volume Information\catalog.wci\propstor.bk1 Object is locked skipped
    C:\System Volume Information\catalog.wci\propstor.bk2 Object is locked skipped
    C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
    C:\tjqykqhw.exe Infected: Trojan-Downloader.Win32.Agent.dkc skipped
    C:\VundoFix Backups\ljjgeff.dll.bad Infected: Trojan-Downloader.Win32.Agent.dlu skipped
    C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
    C:\WINDOWS\Downloaded Program Files\VBouncerOuter1132040406.EXE/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.VirtualBouncer.j skipped
    C:\WINDOWS\Downloaded Program Files\VBouncerOuter1132040406.EXE WiseSFX: infected - 1 skipped
    C:\WINDOWS\Downloaded Program Files\VBouncerOuter1132040406.EXE WiseSFX Dropper: infected - 1 skipped
    C:\WINDOWS\SchedLgU.Txt Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\EventCache\{56C924D8-F1A9-47DF-9A4D-B8B46217E86B}.bin Object is locked skipped
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
    C:\WINDOWS\Sti_Trace.log Object is locked skipped
    C:\WINDOWS\system32\46afabcb724af1a0d01603cf9d07ff34.TMP Infected: Backdoor.Win32.Agent.bxe skipped
    C:\WINDOWS\system32\befebfbdbfbcb.dll Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
    C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
    C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\default Object is locked skipped
    C:\WINDOWS\system32\config\default.LOG Object is locked skipped
    C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
    C:\WINDOWS\system32\config\SAM Object is locked skipped
    C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY Object is locked skipped
    C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
    C:\WINDOWS\system32\config\software Object is locked skipped
    C:\WINDOWS\system32\config\software.LOG Object is locked skipped
    C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
    C:\WINDOWS\system32\config\system Object is locked skipped
    C:\WINDOWS\system32\config\system.LOG Object is locked skipped
    C:\WINDOWS\system32\h323log.txt Object is locked skipped
    C:\WINDOWS\system32\ljjgeff.dll.vir Infected: Trojan-Downloader.Win32.Agent.dlu skipped
    C:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
    C:\WINDOWS\system32\winhoo32.dll Infected: Trojan.Win32.Dialer.qn skipped
    C:\WINDOWS\system32\xpdx.sys Object is locked skipped
    C:\WINDOWS\Temp\Perflib_Perfdata_740.dat Object is locked skipped
    C:\WINDOWS\Temp\win104.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win109.tmp Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\WINDOWS\Temp\win109.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win138.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win13D.tmp Infected: Trojan.Win32.Dialer.qn skipped
    C:\WINDOWS\Temp\win13D.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win157D.tmp Object is locked skipped
    C:\WINDOWS\Temp\win158.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win159A.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15AD.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15B3.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15C4.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15CE.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15D5.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15DC.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15E3.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15EA.tmp Object is locked skipped
    C:\WINDOWS\Temp\win15FA.tmp Object is locked skipped
    C:\WINDOWS\Temp\win1601.tmp Object is locked skipped
    C:\WINDOWS\Temp\win162D.tmp Object is locked skipped
    C:\WINDOWS\Temp\win16B8.tmp Object is locked skipped
    C:\WINDOWS\Temp\win1746.tmp Object is locked skipped
    C:\WINDOWS\Temp\win175.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win198.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win1D4.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win1EF.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win1F4.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win1FF.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win213.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win227.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win276.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win34.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win35C.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win35E.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win360.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win36A.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win38.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win38D.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win3A.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win3A6.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win3A8.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win3C.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win3DC.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win3E41.tmp Object is locked skipped
    C:\WINDOWS\Temp\win42.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win422.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win45.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win47C.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win47E.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win483.tmp Infected: Trojan.Win32.Dialer.qn skipped
    C:\WINDOWS\Temp\win483.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win4A0.tmp Infected: Trojan-Downloader.Win32.Alphabet.gen skipped
    C:\WINDOWS\Temp\win4A0.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win4C.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win51B.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win57.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win5DD.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win5E9.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win5F1.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win63.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win63F.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win69.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win692.tmp Object is locked skipped
    C:\WINDOWS\Temp\win6E3.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win6EA.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win6ED9.tmp Object is locked skipped
    C:\WINDOWS\Temp\win6EF.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win6F.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win6FCE.tmp Object is locked skipped
    C:\WINDOWS\Temp\win7166.tmp Object is locked skipped
    C:\WINDOWS\Temp\win720C.tmp Object is locked skipped
    C:\WINDOWS\Temp\win747.tmp Infected: Trojan.Win32.Dialer.qn skipped
    C:\WINDOWS\Temp\win747.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win762.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\win769A.tmp Object is locked skipped
    C:\WINDOWS\Temp\win886B.tmp Object is locked skipped
    C:\WINDOWS\Temp\win8F.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\winA39C.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA3DF.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA3FC.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA4C4.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA529.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA83A.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA8BD.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA942.tmp Object is locked skipped
    C:\WINDOWS\Temp\winA96B.tmp Object is locked skipped
    C:\WINDOWS\Temp\winAAE3.tmp Object is locked skipped
    C:\WINDOWS\Temp\winAB52.tmp Object is locked skipped
    C:\WINDOWS\Temp\winABFE.tmp Object is locked skipped
    C:\WINDOWS\Temp\winAD46.tmp Object is locked skipped
    C:\WINDOWS\Temp\winAEB3.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB006.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB01F.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB105.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB121.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB199.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB1C9.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB1DA.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB287.tmp Object is locked skipped
    C:\WINDOWS\Temp\winB3ED.tmp Object is locked skipped
    C:\WINDOWS\Temp\winBD08.tmp Object is locked skipped
    C:\WINDOWS\Temp\winCD67.tmp Object is locked skipped
    C:\WINDOWS\Temp\winDE8E.tmp Object is locked skipped
    C:\WINDOWS\Temp\winDEA9.tmp Object is locked skipped
    C:\WINDOWS\Temp\winDED7.tmp Object is locked skipped
    C:\WINDOWS\Temp\winDF30.tmp Object is locked skipped
    C:\WINDOWS\Temp\winDF74.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE0B2.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE11E.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE1B2.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE20F.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE24A.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE268.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE2BC.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE2C3.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE2CA.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE2E5.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE2F.tmp Object is locked skipped
    C:\WINDOWS\Temp\winE37.tmp Object is locked skipped
    C:\WINDOWS\Temp\winEB.tmp.exe Object is locked skipped
    C:\WINDOWS\Temp\winFF.tmp.exe Object is locked skipped
    C:\WINDOWS\wiadebug.log Object is locked skipped
    C:\WINDOWS\wiaservc.log Object is locked skipped
    C:\WINDOWS\WindowsUpdate.log Object is locked skipped
    C:\WINDOWS\{00000002-00000000-00000009-00001102-00000002-80691102}.CDF Object is locked skipped
    C:\wsusupd.exe Infected: Trojan.Win32.Small.rn skipped
  3. 2007-10-14, 01:48 #3
    pskelley
    pskelley is offline
    In Memoriam -Always in our heart pskelley's Avatar
    Join Date
    Oct 2005
    Location
    Clearwater, Florida
    Posts
    20,247

    Default

    Welcome to Safer Networking, I wish to be sure you have viewed and understand this information.
    "BEFORE you POST" (READ this Procedure before Requesting Assistance)
    http://forums.spybot.info/showthread.php?t=288
    All advice given is taken at your own risk.
    Please make sure you have read this information so we are on the same page.

    [B]The Waiting Room [/B]<<< appears you missed this
    http://forums.spybot.info/forumdisplay.php?f=37

    Let's chat a moment, no doubt you are infected, have you thought about deleting all of that junk in the C:\WINDOWS\Temp\ folder for starters? That's why they are called TEMP files. Click Edit > Select All > Delete > OK or yes.

    Please review the directions, from the way your log looks I suspect you may have word wrap turned on in notepad, turn it off for the duration. You have also cut off the header (first four lines) of the HJT log and I need to see that information. When the log is in notepad, click Edit > Select All, then copy and paste the complete highlited contents.

    I will need to see that Kaspersky scan, you can wait until I ask for it. You can also delete the TEMP stuff and run it again, which may make it somewhat shorter. What I need for now if you still need help is a new HJT log and a description of what your symptoms are.If you have resolved your issues, post to let me know so I can close your topic.

    Thanks
    MS-MVP Consumer Security 2007-08-09
    Proud Member ASAP
    UNITE Member 2006
  4. 2007-10-19, 23:39 #4
    tashi
    tashi is offline
    Member of Team Spybot tashi's Avatar
    Join Date
    Oct 2005
    Location
    USA
    Posts
    30,961

    Default

    This topic has been moved to archives.

    If you need the thread re-opened, please send me a private message (pm) and provide a link.

    Applies only to the original poster, anyone else with similar problems please start your own topic.
    Microsoft MVP Reconnect 2018-
    Windows Insider MVP 2016-2018
    Microsoft Consumer Security MVP 2006-2016
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules