View Full Version : need help with dialer.Small removal. cant get rid of iddxxx.tmp.exe files
chrisseh
2007-01-24, 18:04
Hey guys i got this really annoying dialer thing, that keeps on multiplying itself in c:\Windows\temp .
It makes files such as idd50c.tmp.exe (iddxxx.tmp.exe) etc. There are also files like win###.tmp.exe.
Ive run multiple ewido scans and quarantined the files.. ive run atf cleaner a trillion times.. all in safe mode. Ive done everything that it asked in the other before u post thread.
And yet when i logg back in.. the dialer keeps on coming and making new files. If someone could help me with getting rid of this virus, it would be greatly appreciated.
Thanks,
here is my HJT log,
Logfile of HijackThis v1.99.1
Scan saved at 2:59:18 AM, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CA\eTrustITM\eaps.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\iPod\bin\iPodService.exe
L:\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS-2000:8080
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlum.dll,startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "L:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fruitang.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.105/activex/AMC.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1099DCC-A134-428D-B662-C02E9BD65438}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
Hi chrisseh
Rename HijackThis.exe to HJT.exe and post a fresh HijackThis log, please :)
chrisseh
2007-01-24, 22:43
Hey Shaba,
here it is.
Logfile of HijackThis v1.99.1
Scan saved at 7:36:59 AM, on 25/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CA\eTrustITM\eaps.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\CA\eTrustITM\realmon.exe
C:\Program Files\iPod\bin\iPodService.exe
L:\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\ewido anti-spyware 4.0\ewido.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\imapi.exe
C:\WINDOWS\explorer.exe
C:\hijackthis\HJT.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS-2000:8080
O2 - BHO: (no name) - {062492AF-392E-479D-BF52-A7A4BCA00307} - C:\WINDOWS\g6661250.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {1CDF6154-2D00-4CE0-9549-68024B005623} - C:\WINDOWS\system32\awtqr.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {94590FD5-B445-4270-B532-D9CB163E73AD} - C:\WINDOWS\system32\wvurppp.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [CTDrive] rundll32.exe C:\WINDOWS\system32\drvlum.dll,startup
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "L:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fruitang.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.105/activex/AMC.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1099DCC-A134-428D-B662-C02E9BD65438}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: awtqr - C:\WINDOWS\system32\awtqr.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: ljjkljg - ljjkljg.dll (file missing)
O20 - Winlogon Notify: winetn32 - winetn32.dll (file missing)
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O20 - Winlogon Notify: wvurppp - C:\WINDOWS\SYSTEM32\wvurppp.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
chrisseh
2007-01-24, 22:51
hey shaba,
im going to work so i wont be back for another 13 hours and wont be able to reply with newer logs. soo hang tight.
thanks soo much for your help.
Hi
Follow these (http://forums.spybot.info/showthread.php?t=4394) instructions and post back a fresh HijackThis log along with vundofix report, please :)
chrisseh
2007-01-26, 02:12
Here is the vundofix log.
VundoFix V6.3.2
Checking Java version...
Java version is 1.4.2.1
Java version is 1.4.2.6
Java version is 1.5.0.6
Scan started at 1:07:47 AM 26/01/2007
Listing files found while scanning....
C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\wvurppp.dll
Beginning removal...
Attempting to delete C:\WINDOWS\system32\awtqr.dll
C:\WINDOWS\system32\awtqr.dll Has been deleted!
Attempting to delete C:\WINDOWS\system32\rqtwa.ini
C:\WINDOWS\system32\rqtwa.ini Has been deleted!
Attempting to delete C:\WINDOWS\system32\wvurppp.dll
C:\WINDOWS\system32\wvurppp.dll Has been deleted!
Performing Repairs to the registry.
here is the HJT log.
Logfile of HijackThis v1.99.1
Scan saved at 11:06:38 AM, on 26/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\ewido anti-spyware 4.0\guard.exe
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CA\eTrustITM\eaps.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\CA\eTrustITM\realmon.exe
L:\Acrobat 7.0\Distillr\Acrotray.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\TEMP\win53E.tmp.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\hijackthis\HJT.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS-2000:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "L:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fruitang.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.105/activex/AMC.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1099DCC-A134-428D-B662-C02E9BD65438}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - C:\Program Files\ewido anti-spyware 4.0\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
i cant get rid of the
O20 - Winlogon Notify: winwil32 - C:\WINDOWS\SYSTEM32\winwil32.dll file.
i tried deleting it manually and it wont let me.
Cheers.
Hi
Yes, that's no wonder. It's quite stubborn
First uninstall ewido, it's now called AVG anti-spyware
After that:
Please print out or copy these instructions/tutorial to Notepad as the internet will not be (while in Safe Mode) available to you at certain points of the removal process. Make sure to work through all the Steps in the exact order in which they are listed below. If there's anything that you don't understand, ask your question(s) before moving on with the fixes.
Please download AVG Anti-Spyware to your Desktop or to your usual Download Folder.
http://www.ewido.net/en/download/
Install AVG Anti-Spyware by double clicking the installer.
Follow the prompts. Make sure that Launch AVG Anti-Spyware is checked.
On the main screen under Your Computer's security.
Click on Change state next to Resident shield. It should now change to inactive.
Click on Change state next to Automatic updates. It should now change to inactive.
Next to Last Update, click on Update now. (You will need an active internet connection to perform this)
Wait until you see the Update succesfull message.
Right-click the AVG Anti-Spyware Tray Icon and uncheck Start with Windows.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
If you are having problems with the updater, you can use this link to manually update ewido.
AVG Anti-Spyware manual updates (http://www.ewido.net/en/download/updates/).
Download the Full database to your Desktop or to your usual Download Folder and install it by double clicking the file. Make sure that AVG Anti-Spyware is closed before installing the update.
______________________________
Reboot your computer in Safe Mode.
If the computer is running, shut down Windows, and then turn off the power.
Wait 30 seconds, and then turn the computer on.
Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
Ensure that the Safe Mode option is selected.
Press Enter. The computer then begins to start in Safe mode.
Login on your usual account.
______________________________
Navigate to C:\Windows\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Navigate to C:\Documents and Settings\(EVERY LISTED USER)\Local Settings\Temp
Click Edit, click Select All, press the DELETE key, and then click Yes to confirm that you want to send all the items to the Recycle Bin.
Clean out your Temporary Internet files. Proceed like this:
Quit Internet Explorer, all browsers and quit any instances of Windows Explorer.
For Internet Explorer 7
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete... under Browsing History.
Next to Temporary Internet Files, click Delete files, and then click OK.
Next to Cookies, click Delete cookies, and then click OK.
Next to History, click Delete history, and then click OK.
Click the Close button.
Click OK.
For Internet Explorer 4.x - 6.x
Click Start, click Control Panel, and then double-click Internet Options.
On the General tab, click Delete Files under Temporary Internet Files.
In the Delete Files dialog box, tick the Delete all offline content check box, and then click OK.
On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
Click OK.
For Netscape 4.x and Up
Click Edit from the Netscape menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the triangle sign.
Click Cache.
Click both the Clear Memory Cache and the Clear Disk Cache buttons.
For Mozilla 1.x and Up
Click Edit from the Mozilla menubar.
Click Preferences... from the Edit menu.
Expand the Advanced menu by clicking the plus sign.
Click Cache.
Click the Clear Cache button.
For Opera
Click File from the Opera menubar.
Click Preferences... from the File menu.
Click the History and Cache menu.
Click the two Clear buttons next to Typed in addresses and Visited addresses (history) and click the Empty now button to clear the Disk cache.
Click Ok to close the Preferences menu.
Next Click Start, click Control Panel and then double-click Display. Click on the Desktop tab, then click the Customize Desktop button. Click on the Web tab. Under Web Pages you should see a checked entry called Security info or something similar. If it is there, select that entry and click the Delete button. Click Ok then Apply and Ok.
Empty the Recycle Bin by right-clicking the Recycle Bin icon on your Desktop, and then clicking Empty Recycle Bin.
______________________________
Close ALL open Windows / Programs / Folders. Please start AVG Anti-Spyware and run a full scan.
Click on Scanner on the toolbar.
Click on the Settings tab.
Under How to act?
Click on Recommended Action and choose Quarantine from the popup menu.
Under How to scan?
All checkboxes should be ticked.
Under Possibly unwanted software:
All checkboxes should be ticked.
Under Reports:
Select Automatically generate report after every scan and uncheck Only if threats were found.
Under What to scan?
Select Scan every file.
Click on the Scan tab.
Click on Complete System Scan to start the scan process.
Let the program scan the machine.
When the scan has finished, follow the instructions below.
IMPORTANT : Don't click on the "Save Scan Report" button before you did hit the "Apply all Actions" button.
Make sure that Set all elements to: shows Quarantine (1), if not click on the link and choose Quarantine from the popup menu. (2)
At the bottom of the window click on the Apply all Actions button. (3)
http://img509.imageshack.us/img509/4851/scanavgjk2.jpg
When done, click the Save Scan Report button. (4)
Click the Save Report as button.
Save the report to your Desktop.
Right-click the AVG Anti-Spyware Tray Icon and select Exit. Confirm by clicking Yes.
Reboot in Normal Mode.
______________________________
Please post:
c:\rapport.txt
Ewido log
A new HijackThis log
Your may need several replies to post the requested logs, otherwise they might get cut off.
chrisseh
2007-01-27, 13:31
Logfile of HijackThis v1.99.1
Scan saved at 10:25:58 PM, on 27/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CA\eTrustITM\eaps.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\CA\eTrustITM\realmon.exe
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
L:\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\zstatus.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\hijackthis\HJT.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\System32\msiexec.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS-2000:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "L:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fruitang.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.105/activex/AMC.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1099DCC-A134-428D-B662-C02E9BD65438}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
chrisseh
2007-01-27, 13:33
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------
+ Created at: 7:55:54 PM 27/01/2007
+ Scan result:
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081047.exe -> Adware.180Solutions : Cleaned with backup (quarantined).
L:\OLD IBM FILES\WINDOWS\Temporary Internet Files\Content.IE5\Q34Z6129\setup[1].exe/Files/uninstall.exe -> Adware.AdSrve : Cleaned with backup (quarantined).
L:\OLD IBM FILES\_RESTORE\TEMP\A0170244.CPY/Files/uninstall.exe -> Adware.AdSrve : Cleaned with backup (quarantined).
J:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081082.exe/cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
J:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081082.exe/cd_htm.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
J:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081083.exe/cd_clint.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
J:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081083.exe/cd_htm.dll -> Adware.Cydoor : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081060.exe -> Adware.EliteBar : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081061.dll -> Adware.EliteBar : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081062.dll -> Adware.EliteBar : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081073.dll -> Adware.EZula : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP903\A0077105.dll -> Adware.F1Organizer : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081076.exe -> Adware.GogoTools : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081077.exe -> Adware.MDH : Cleaned with backup (quarantined).
L:\OLD IBM FILES\Program Files\MyWay\myBar\1.bin\NPMYWAY.DLL -> Adware.MyWaySpeed : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081072.dll -> Adware.Neon : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081065.dll -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081066.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081067.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081068.exe -> Adware.NewDotNet : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP368\A0174627.dll -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP368\A0174629.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP368\A0174630.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP368\A0174631.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP368\A0174634.ini -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081048.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081049.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081050.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081051.dll -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081052.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081053.ini -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081054.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081055.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081056.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081057.exe -> Adware.Sahat : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081058.dll -> Adware.Sahat : Cleaned with backup (quarantined).
J:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081107.exe/SaveNow.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
J:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081107.exe/Uninst.exe -> Adware.SaveNow : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081078.exe -> Adware.Suggestor : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081079.dll -> Adware.Suggestor : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081059.ini -> Adware.Transponder : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP920\A0081403.dll -> Adware.Virtumonde : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081063.dll -> Adware.WinAD : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081064.exe -> Adware.WinAD : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081024.exe -> Dialer.Intexdial : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081026.exe -> Downloader.Agent.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081004.exe -> Downloader.Agent.bca : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081027.exe -> Downloader.Keenval.o : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081022.inf -> Downloader.Rameh.c : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081025.exe -> Downloader.Small.ahx : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP903\A0077119.EXE -> Downloader.Small.wk : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081023.exe -> Downloader.Small.ya : Cleaned with backup (quarantined).
L:\OLD IBM FILES\WINDOWS\Temporary Internet Files\Content.IE5\Q34Z6129\setup[1].exe/Files/IEDRIVER.EXE -> Downloader.Turown.f : Cleaned with backup (quarantined).
L:\OLD IBM FILES\_RESTORE\TEMP\A0170244.CPY/Files/IEDRIVER.EXE -> Downloader.Turown.f : Cleaned with backup (quarantined).
L:\OLD IBM FILES\WINDOWS\Temporary Internet Files\Content.IE5\Q34Z6129\setup[1].exe/Files/td.exe -> Downloader.Turown.k : Cleaned with backup (quarantined).
L:\OLD IBM FILES\_RESTORE\TEMP\A0170244.CPY/Files/td.exe -> Downloader.Turown.k : Cleaned with backup (quarantined).
L:\OLD IBM FILES\WINDOWS\Temporary Internet Files\Content.IE5\Q34Z6129\setup[1].exe/Files/IEUPDATE.EXE -> Downloader.VB.hr : Cleaned with backup (quarantined).
L:\OLD IBM FILES\_RESTORE\TEMP\A0170244.CPY/Files/IEUPDATE.EXE -> Downloader.VB.hr : Cleaned with backup (quarantined).
C:\ntkernel.exe -> Dropper.Agent.azk : Cleaned with backup (quarantined).
F:\Documents and Settings\Administrator\Local Settings\Temp\ICD3.tmp\f3Setup1.exe -> Dropper.FunWeb.a : Cleaned with backup (quarantined).
L:\OLD IBM FILES\WINDOWS\Temporary Internet Files\Content.IE5\8QQVCC1N\PopularScreenSaversInitialSetup1.0.0.8[1].exe -> Dropper.FunWeb.a : Cleaned with backup (quarantined).
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081028.dll -> Dropper.Small.abe : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081146.dll -> Not-A-Virus.Hoax.Win32.Renos.gi : Cleaned with backup (quarantined).
G:\Toshiba-W&M\Documents & Settings\Parakh.WONGMAYES\Cookies\karen@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
J:\WINDOWS\Cookies\rob@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
M:\WINDOW98\Cookies\chris@realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
M:\WINDOW98\Cookies\daniel@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
M:\WINDOW98\Cookies\david@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
M:\WINDOW98\Cookies\rachel@realmedia[1].txt -> TrackingCookie.Realmedia : Cleaned.
M:\toshiba-mike\windows\Cookies\anyuser@icover.realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
M:\toshiba-mike\windows\Cookies\anyuser@retaildirect.realmedia[2].txt -> TrackingCookie.Realmedia : Cleaned.
C:\WINDOWS\system32\winwil32.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081548.exe -> Dropper.Agent.azk : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081549.dll -> Trojan.Agent.qt : Cleaned with backup (quarantined).
L:\OLD IBM FILES\WINDOWS\Temporary Internet Files\Content.IE5\Q34Z6129\setup[1].exe/Files/iedclean.exe -> Trojan.KillFiles.he : Cleaned with backup (quarantined).
L:\OLD IBM FILES\_RESTORE\TEMP\A0170244.CPY/Files/iedclean.exe -> Trojan.KillFiles.he : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP919\A0081021.ocm -> Worm.AimVen : Cleaned with backup (quarantined).
::Report end
chrisseh
2007-01-27, 13:34
SmitFraudFix v2.67
Scan done at 22:28:34.10, Sat 27/01/2007
Run from C:\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
Fix ran in normal mode
»»»»»»»»»»»»»»»»»»»»»»»» Z:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Chris.SMAILLBUSINESS\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Start Menu
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\CHRIS~1.SMA\FAVORI~1
»»»»»»»»»»»»»»»»»»»»»»»» Desktop
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys
»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Scanning wininet.dll infection
»»»»»»»»»»»»»»»»»»»»»»»» End
Hi
That rapport.txt was my fault, :oops:
I recommend to uninstall viewpoint because it's consireded as unwanted program, link (http://www.bleepingcomputer.com/uninstall/1601/Viewpoint-Manager.html)
Open HijackThis, click do a system scan only and checkmark this:
O20 - Winlogon Notify: winwil32 - winwil32.dll (file missing)
Close all windows including browser and press fix checked.
Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:
o Scan using the following Anti-Virus database:
+ Extended (If available otherwise Standard)
o Scan Options:
+ Scan Archives
+ Scan Mail Bases
Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.
Send:
- a fresh HijackThis log
- kaspersky report
chrisseh
2007-01-29, 19:16
*HJT log*
Logfile of HijackThis v1.99.1
Scan saved at 3:43:35 AM, on 30/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\CTsvcCDA.EXE
C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
C:\Program Files\CA\eTrustITM\InoRpc.exe
C:\Program Files\CA\eTrustITM\InoRT.exe
C:\Program Files\CA\eTrustITM\InoTask.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\Program Files\CA\eTrustITM\eaps.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\hkcmd.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Compaq\EAKDRV\EAUSBKBD.EXE
C:\Program Files\CA\eTrustITM\realmon.exe
L:\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\zstatus.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\WINDOWS\system32\drwtsn32.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Compaq\Easy Access Button Support\CPQEAKSYSTEMTRAY.EXE
C:\Program Files\Compaq\Easy Access Button Support\CPQEADM.EXE
C:\PROGRA~1\Compaq\EASYAC~1\BttnServ.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\hijackthis\HJT.exe
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http://SBS-2000:8080
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - L:\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [srmclean] C:\Cpqs\Scom\srmclean.exe
O4 - HKLM\..\Run: [SetRefresh] C:\Program Files\Compaq\SetRefresh\SetRefresh.exe
O4 - HKLM\..\Run: [CPQEASYACC] C:\Program Files\COMPAQ\Easy Access Button Support\StartEAK.exe
O4 - HKLM\..\Run: [hp 1000 firmware] C:\Program Files\hp LaserJet 1000\fwdl.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [RoxioEngineUtility] "C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe"
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Easy CD Creator 6\DragToDisc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -minimize
O4 - HKLM\..\Run: [Realtime Monitor] "C:\Program Files\CA\eTrustITM\realmon.exe" -s
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "L:\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\RunOnce: [ICQ Lite] C:\Program Files\ICQLite\ICQLite.exe -trayboot
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: Convert link target to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://L:\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM95\aim.exe
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://fruitang.spaces.msn.com//PhotoUpload/MsnPUpld.cab
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} (Facebook Photo Uploader Control) - http://upload.facebook.com/controls/FacebookPhotoUploader.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} (AxisMediaControl Class) - http://192.168.1.105/activex/AMC.cab
O16 - DPF: {B9191F79-5613-4C76-AA2A-398534BB8999} - http://us.dl1.yimg.com/download.yahoo.com/dl/installs/suite/yautocomplete.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\Software\..\Telephony: DomainName = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CCS\Services\Tcpip\..\{F1099DCC-A134-428D-B662-C02E9BD65438}: NameServer = 192.168.1.3
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = SMAILLBUSINESS.LOCAL
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - AppInit_DLLs: MsgPlusLoader.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.EXE
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iTechnology iGateway 4.0 (iGateway) - Computer Associates International, Inc. - C:\Program Files\CA\SharedComponents\iTechnology\igateway.exe
O23 - Service: eTrust ITM RPC Service (InoRPC) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRpc.exe
O23 - Service: eTrust ITM Realtime Service (InoRT) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoRT.exe
O23 - Service: eTrust ITM Job Service (InoTask) - Computer Associates International, Inc. - C:\Program Files\CA\eTrustITM\InoTask.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\COMMON~1\SONYSH~1\AVLib\Sptisrv.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\Security Center\SymWSC.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
chrisseh
2007-01-29, 19:20
*Kaspersky* log.
-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Tuesday, January 30, 2007 3:42:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.83.0
Kaspersky Anti-Virus database last update: 29/01/2007
Kaspersky Anti-Virus database records: 262816
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true
Scan Target - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\
K:\
L:\
M:\
N:\
X:\
Y:\
Z:\
Scan Statistics:
Total number of scanned objects: 452839
Number of viruses found: 63
Number of infected objects: 198 / 0
Number of suspicious objects: 0
Duration of the scan process: 06:17:06
Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Messenger\retroang@hotmail.com\SharingMetadata\Logs\Dfsr.log Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Messenger\retroang@hotmail.com\SharingMetadata\pending.dat Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Messenger\retroang@hotmail.com\SharingMetadata\Working\database_7239_3A_7364_9567\dfsr.db Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Messenger\retroang@hotmail.com\SharingMetadata\Working\database_7239_3A_7364_9567\fsr.log Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Messenger\retroang@hotmail.com\SharingMetadata\Working\database_7239_3A_7364_9567\fsrtmp.log Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Messenger\retroang@hotmail.com\SharingMetadata\Working\database_7239_3A_7364_9567\tmp.edb Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Windows Live Contacts\retroang@Hotmail.com\real\members.stg Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Application Data\Microsoft\Windows Live Contacts\retroang@Hotmail.com\shadow\members.stg Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Temp\~DF1AC1.tmp Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Temp\~DF1D22.tmp Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Temp\~DFC2FB.tmp Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Temp\~DFC81A.tmp Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Temporary Internet Files\Content.IE5\05MVKLU7\HoTMaiL[1].htm Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\BSINSTALL.exe/WISE0024.BIN/data0001.cab/VVSN.exe Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\BSINSTALL.exe/WISE0024.BIN/data0001.cab Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\BSINSTALL.exe/WISE0024.BIN Infected: not-a-virus:AdWare.Win32.SaveNow.z skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\BSINSTALL.exe WiseSFX: infected - 3 skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\BSINSTALL.exe WiseSFX Dropper: infected - 3 skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\mirc6162.exe/data0001.bin Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\mirc6162.exe mIRC: infected - 1 skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\SmitfraudFix.zip/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\SmitfraudFix.zip ZIP: infected - 1 skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Chris.SMAILLBUSINESS\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\eef8604471ce83e9a641f3f251acbb45.a2q/Program Files/mIRC/mirc.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.616 skipped
C:\Program Files\a-squared Anti-Malware\Quarantine\eef8604471ce83e9a641f3f251acbb45.a2q ZIP: infected - 1 skipped
C:\Program Files\Audible\Admin\atm.log Object is locked skipped
C:\Program Files\Audible\Bin\ADMDebug.log Object is locked skipped
C:\Program Files\Audible\Bin\AReadyLB.dll Object is locked skipped
C:\Program Files\Audible\Bin\Debug.log Object is locked skipped
C:\Program Files\Audible\Bin\Plugins\Device\device_65536.dll Object is locked skipped
C:\Program Files\Audible\Bin\Update.log Object is locked skipped
C:\Program Files\Audible\Programs\Downloads\aasubsschedule.log Object is locked skipped
C:\Program Files\CA\eTrustITM\DB\rtmaster.dbf Object is locked skipped
C:\Program Files\CA\eTrustITM\DB\rtmaster.ntx Object is locked skipped
C:\SmitfraudFix\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP920\A0081402.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
C:\VundoFix Backups\awtqr.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
C:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
C:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
C:\WINDOWS\CSC\00000001 Object is locked skipped
C:\WINDOWS\Debug\Netlogon.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{5D168FC1-7AC6-4B71-9241-6D315E00ADD1}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{91F078CD-CC90-4086-B314-F3B620DE95F7}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\drivers\atapi.sys Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\temp\hsperfdata_SYSTEM\1880 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped
F:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{06F2B4C4-B47C-4B60-AC1C-23CB2078766B}\Microsoft\Outlook Express\Inbox.dbx/[From <japee@rediffmail.com>][Date Wed, 6 Apr 2005 17:11:00 +1000]/UNNAMED/textfile8.pif Infected: Email-Worm.Win32.NetSky.t skipped
F:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{06F2B4C4-B47C-4B60-AC1C-23CB2078766B}\Microsoft\Outlook Express\Inbox.dbx/[From <japee@rediffmail.com>][Date Wed, 6 Apr 2005 17:11:00 +1000]/UNNAMED Infected: Email-Worm.Win32.NetSky.t skipped
F:\Documents and Settings\Administrator\Local Settings\Application Data\Identities\{06F2B4C4-B47C-4B60-AC1C-23CB2078766B}\Microsoft\Outlook Express\Inbox.dbx Mail MS Outlook 5: infected - 2 skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\DSS\MachineKeys\a18ca4003deb042bbee7a40f15e1970b_12b3e35d-ebb1-4005-be2b-208ae3b1fb89 Object is locked skipped
F:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp Object is locked skipped
F:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP369\A0176644.exe Infected: Trojan.Win32.StartPage.nk skipped
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP369\A0176645.exe Infected: Trojan-Downloader.Win32.Agent.ki skipped
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP369\A0176646.exe Infected: Trojan-Downloader.Win32.Agent.is skipped
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP369\A0176647.exe Infected: Backdoor.Win32.Webdor.p skipped
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP369\A0176648.exe Infected: Trojan-Downloader.Win32.Agent.ki skipped
F:\System Volume Information\_restore{4617D869-6DFF-4342-BE3F-6D5D37A05BC1}\RP369\A0176649.exe Infected: Trojan-Downloader.Win32.Agent.ki skipped
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081550.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
F:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
F:\WINDOWS\$NtUninstallKB824141$\user32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB824141$\win32k.sys Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\accwiz.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\crypt32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\cryptsvc.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\hh.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\hhctrl.ocx Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\hhsetup.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\html32.cnv Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\itss.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\locator.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\magnify.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\migwiz.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\mrxsmb.sys Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\msconv97.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\narrator.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\newdev.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\ntdll.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\ntkrnlpa.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\ntoskrnl.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\osk.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\pchshell.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\raspptp.sys Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\shell32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\srrstr.dll Object is locked skipped
chrisseh
2007-01-29, 19:27
F:\WINDOWS\$NtUninstallKB826939$\srv.sys Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\sysmain.sdb Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\user32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\win32k.sys Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\winsrv.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826939$\zipfldr.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826942$\dhcpcsvc.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826942$\ndis.sys Object is locked skipped
F:\WINDOWS\$NtUninstallKB826942$\ndisuio.sys Object is locked skipped
F:\WINDOWS\$NtUninstallKB826942$\netshell.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826942$\wzcdlg.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826942$\wzcsapi.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB826942$\wzcsvc.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828035$\msgsvc.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828035$\wkssvc.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\catsrv.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\catsrvut.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\clbcatex.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\clbcatq.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\colbact.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comadmin.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comrepl.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comsvcs.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\comuid.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\es.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\msdtcprx.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\msdtctm.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\msdtcuiu.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\mtxclu.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\mtxoci.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\ole32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\rpcrt4.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\rpcss.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB828741$\txflog.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB833998$\shell32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB833998$\sxs.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\callcont.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\cmdevtgprov.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\gdi32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\h323.tsp Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\h323msp.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\helpctr.exe Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\ipnathlp.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\lsasrv.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\mf3216.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\msasn1.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\msgina.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\mst120.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\netapi32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\nmcom.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\rtcdll.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB835732$\schannel.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\dao360.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\expsrv.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msexch40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msexcl40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msjet40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msjetoledb40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msjint40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msjter40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msjtes40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msltus40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\mspbde40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msrd2x40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msrd3x40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msrepl40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\mstext40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\mswdat10.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\mswstr10.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\msxbde40.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB837001$\vbajet32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB839645$\fldrclnr.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB839645$\shell32.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB839645$\shlwapi.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB839645$\sxs.dll Object is locked skipped
F:\WINDOWS\$NtUninstallKB839645$\xpsp2res.dll Object is locked skipped
F:\WINDOWS\$NtUninstallQ828026$\msdxm.ocx Object is locked skipped
F:\WINDOWS\$NtUninstallQ828026$\wmpcore.dll Object is locked skipped
F:\WINDOWS\MEMORY.DMP Object is locked skipped
F:\WINDOWS\system32\eum6pb6n.ini Infected: not-a-virus:AdWare.Win32.Sahat.ao skipped
F:\WINDOWS\system32\f3PSSavr.scr Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
F:\WINDOWS\system32\saie321.dll Infected: not-a-virus:AdWare.Win32.180Solutions skipped
G:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
G:\B-armada 110\outlook.pst/Personal Folders/Deleted Items/15 Feb 2004 12:54:Snowhite and the Seven Dwarfs - The REAL story/joke.exe Infected: Email-Worm.Win32.Hybris.b skipped
G:\B-armada 110\outlook.pst/Personal Folders/Deleted Items/25 Sep 2003 05:23 from Mailbox:Fw: Latest Network Update/Q471899.exe Infected: Email-Worm.Win32.Swen skipped
G:\B-armada 110\outlook.pst/Personal Folders/Deleted Items/23 Sep 2003 22:08 from Mailbox:Fw: New Update/Upgrade873.exe Infected: Email-Worm.Win32.Swen skipped
G:\B-armada 110\outlook.pst Mail MS Mail: infected - 3 skipped
H:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
H:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
I:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
J:\WINDOWS\SYSTEM\stub.exe Infected: not-a-virus:AdWare.Win32.EZula.ai skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0006/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0006/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0006/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0006/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0006/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0006/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
J:\WINDOWS\TEMP\FOa80859\setup.exe Inno: infected - 8 skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0006/wbhshare.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0006/Webhdll.dll Infected: not-a-virus:AdWare.Win32.WebHancer skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0006/WhAgent.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0006/whiehlpr.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0006/whieshm.dll Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0006/whInstaller.exe Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0006 Infected: not-a-virus:AdWare.Win32.WebHancer.214 skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
J:\WINDOWS\TEMP\2Ya79847\setup.exe Inno: infected - 8 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0007 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0008/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.av skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0008/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0008 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0011/bdedetect1.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0011 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0014 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1007 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0015 Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0021/bdeinstall.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0021 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.1044 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0022/bde3d_ref2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0022 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.d skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0023/BDEVerify.exe Infected: not-a-virus:AdWare.Win32.BrilliantDigital.a skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0023/BDEVerify.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0023 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.b skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0026/bdeload.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0026 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.e skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0027/bdeplayer2.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0027 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.f skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0030/BDESac10.dll Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0030 Infected: not-a-virus:AdWare.Win32.BrilliantDigital.3120 skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0031/bdeviewer.exe Infected: Trojan.Win32.Krepper.y skipped
J:\WINDOWS\TEMP\kmd160_en.exe/data0031 Infected: Trojan.Win32.Krepper.y skipped
J:\WINDOWS\TEMP\kmd160_en.exe Inno: infected - 26 skipped
J:\WINDOWS\sp.dll Infected: Trojan.WinREG.StartPage skipped
J:\Program Files\Common Files\GMT\egIEEngine.dll Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
J:\Program Files\Common Files\GMT\EGNSEngine.dll Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
J:\Program Files\Common Files\GMT\EGGCEngine.dll Infected: not-a-virus:AdWare.Win32.Gator.5017 skipped
J:\Program Files\Common Files\CMEII\CMEIIAPI.dll Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
J:\Program Files\Common Files\CMEII\GController.dll Infected: not-a-virus:AdWare.Win32.Gator.5115 skipped
J:\Program Files\Common Files\CMEII\GDwldEng.dll Infected: not-a-virus:AdWare.Win32.Gator.3124 skipped
J:\Program Files\Common Files\CMEII\GStore.dll Infected: not-a-virus:AdWare.Win32.Gator.3124 skipped
J:\Program Files\Common Files\CMEII\GStoreServer.dll Infected: not-a-virus:AdWare.Win32.Gator.3124 skipped
J:\Program Files\Common Files\CMEII\store\apps\precisiontime.zip/InstallPrecisionTime.exe/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.Gator.2002 skipped
J:\Program Files\Common Files\CMEII\store\apps\precisiontime.zip/InstallPrecisionTime.exe Infected: not-a-virus:AdWare.Win32.Gator.2002 skipped
J:\Program Files\Common Files\CMEII\store\apps\precisiontime.zip ZIP: infected - 2 skipped
J:\Program Files\Common Files\CMEII\store\apps\datemanager.zip/InstallDateManager.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Gator.2001 skipped
J:\Program Files\Common Files\CMEII\store\apps\datemanager.zip/InstallDateManager.exe Infected: not-a-virus:AdWare.Win32.Gator.2001 skipped
J:\Program Files\Common Files\CMEII\store\apps\datemanager.zip ZIP: infected - 2 skipped
J:\Program Files\Common Files\CMEII\apps\PrecisionTime\precisiontime.zip/InstallPrecisionTime.exe/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.Gator.2002 skipped
J:\Program Files\Common Files\CMEII\apps\PrecisionTime\precisiontime.zip/InstallPrecisionTime.exe Infected: not-a-virus:AdWare.Win32.Gator.2002 skipped
J:\Program Files\Common Files\CMEII\apps\PrecisionTime\precisiontime.zip ZIP: infected - 2 skipped
J:\Program Files\Common Files\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe/WISE0009.BIN Infected: not-a-virus:AdWare.Win32.Gator.2002 skipped
chrisseh
2007-01-29, 19:29
J:\Program Files\Common Files\CMEII\apps\PrecisionTime\InstallPrecisionTime.exe WiseSFX: infected - 1 skipped
J:\Program Files\Common Files\CMEII\apps\DateManager\datemanager.zip/InstallDateManager.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Gator.2001 skipped
J:\Program Files\Common Files\CMEII\apps\DateManager\datemanager.zip/InstallDateManager.exe Infected: not-a-virus:AdWare.Win32.Gator.2001 skipped
J:\Program Files\Common Files\CMEII\apps\DateManager\datemanager.zip ZIP: infected - 2 skipped
J:\Program Files\Common Files\CMEII\apps\DateManager\InstallDateManager.exe/WISE0011.BIN Infected: not-a-virus:AdWare.Win32.Gator.2001 skipped
J:\Program Files\Common Files\CMEII\apps\DateManager\InstallDateManager.exe WiseSFX: infected - 1 skipped
J:\Program Files\Internet Explorer\PLUGINS\NPONFLOW.DLL Infected: not-a-virus:AdWare.Win32.OnFlow skipped
J:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe Infected: not-a-virus:AdWare.Win32.OnFlow skipped
J:\Program Files\KaZaA\kmd.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
J:\Program Files\KaZaA\kmd.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
J:\Program Files\KaZaA\kmd.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
J:\Program Files\KaZaA\kmd.exe/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
J:\Program Files\KaZaA\kmd.exe/data0007/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa skipped
J:\Program Files\KaZaA\kmd.exe/data0007/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
J:\Program Files\KaZaA\kmd.exe/data0007 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
J:\Program Files\KaZaA\kmd.exe Inno: infected - 7 skipped
J:\Program Files\eZula\eZulaAgent.dll Infected: not-a-virus:AdWare.Win32.EZula.x skipped
J:\Program Files\eZula\eZulaMain.exe Infected: not-a-virus:AdWare.Win32.EZula.z skipped
J:\Program Files\Norton AntiVirus\Quarantine\74D844F1.TMP Infected: Email-Worm.Win32.Tanatos.a skipped
J:\Program Files\Norton AntiVirus\Quarantine\24A44456.TMP Infected: Email-Worm.Win32.Tanatos.a skipped
J:\Program Files\New Folder\kmd.exe/data0003/cd_clint.dll Infected: not-a-virus:AdWare.Win32.Cydoor skipped
J:\Program Files\New Folder\kmd.exe/data0003/cd_htm.dll Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
J:\Program Files\New Folder\kmd.exe/data0003 Infected: not-a-virus:AdWare.Win32.Cydoor.c skipped
J:\Program Files\New Folder\kmd.exe/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
J:\Program Files\New Folder\kmd.exe/data0007/SaveNow.exe Infected: not-a-virus:AdWare.Win32.SaveNow.aa skipped
J:\Program Files\New Folder\kmd.exe/data0007/Uninst.exe Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
J:\Program Files\New Folder\kmd.exe/data0007 Infected: not-a-virus:AdWare.Win32.SaveNow.au skipped
J:\Program Files\New Folder\kmd.exe Inno: infected - 7 skipped
J:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
K:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081551.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081552.exe/Files/iedclean.exe Infected: Trojan.Win32.KillFiles.he skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081552.exe/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.f skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081552.exe/Files/IEUPDATE.EXE Infected: Trojan-Downloader.Win32.VB.hr skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081552.exe/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.k skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081552.exe/Files/uninstall.exe Infected: not-a-virus:AdWare.Win32.AdSrve.d skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081552.exe ZIP: infected - 5 skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP924\A0081553.DLL Infected: not-a-virus:AdWare.Win32.MyWay.f skipped
L:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
L:\OLD IBM FILES\WINDOWS\SYSTEM\bdeinsta3.dll Infected: not-a-virus:AdWare.Win32.Altnet.a skipped
L:\OLD IBM FILES\Program Files\MyWay\myBar\1.bin\MY2NS.EXE Infected: not-a-virus:AdWare.Win32.MyWay.b skipped
L:\OLD IBM FILES\Program Files\MyWay\myBar\1.bin\MYBAR.DLL Infected: not-a-virus:AdWare.Win32.MyWay.m skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0145667.CPY Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.d skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0145714.CPY/PgSDK.DLL Infected: not-a-virus:AdWare.Win32.DelphinMediaViewer.d skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0145714.CPY ViseMan: infected - 1 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0145714.CPY ViseMan: infected - 1 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151466.CPY/Files/iedclean.exe Infected: Trojan.Win32.KillFiles.he skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151466.CPY/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.f skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151466.CPY/Files/IEUPDATE.EXE Infected: Trojan-Downloader.Win32.VB.hr skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151466.CPY/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.k skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151466.CPY/Files/uninstall.exe Infected: not-a-virus:AdWare.Win32.AdSrve.d skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151466.CPY ZIP: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151466.CPY CryptFF: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151471.CPY/Files/iedclean.exe Infected: Trojan.Win32.KillFiles.he skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151471.CPY/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.f skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151471.CPY/Files/IEUPDATE.EXE Infected: Trojan-Downloader.Win32.VB.hr skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151471.CPY/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.k skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151471.CPY/Files/uninstall.exe Infected: not-a-virus:AdWare.Win32.AdSrve.d skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151471.CPY ZIP: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151471.CPY CryptFF: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151472.CPY/Files/iedclean.exe Infected: Trojan.Win32.KillFiles.he skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151472.CPY/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.f skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151472.CPY/Files/IEUPDATE.EXE Infected: Trojan-Downloader.Win32.VB.hr skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151472.CPY/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.k skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151472.CPY/Files/uninstall.exe Infected: not-a-virus:AdWare.Win32.AdSrve.d skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151472.CPY ZIP: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151472.CPY CryptFF: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151475.CPY Infected: not-a-virus:Porn-Dialer.Win32.TBS-Access skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151478.CPY Infected: not-a-virus:Porn-Dialer.Win32.TBS-Access skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151481.CPY Infected: not-a-virus:Porn-Dialer.Win32.TBS-Access skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151486.CPY Infected: Trojan-Downloader.Win32.Realtens.h skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151491.CPY Infected: Trojan-Downloader.Win32.Realtens.h skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0151492.CPY Infected: Trojan-Downloader.Win32.Realtens.h skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170501.CPY/Files/iedclean.exe Infected: Trojan.Win32.KillFiles.he skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170501.CPY/Files/IEDRIVER.EXE Infected: Trojan-Downloader.Win32.Turown.f skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170501.CPY/Files/IEUPDATE.EXE Infected: Trojan-Downloader.Win32.VB.hr skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170501.CPY/Files/td.exe Infected: Trojan-Downloader.Win32.Turown.k skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170501.CPY/Files/uninstall.exe Infected: not-a-virus:AdWare.Win32.AdSrve.d skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170501.CPY ZIP: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170501.CPY CryptFF: infected - 5 skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170502.CPY Infected: not-a-virus:Porn-Dialer.Win32.TBS-Access skipped
L:\OLD IBM FILES\_RESTORE\TEMP\A0170503.CPY Infected: Trojan-Downloader.Win32.Realtens.h skipped
M:\My Documents\My Received Files\mirc.zip/mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
M:\My Documents\My Received Files\mirc.zip ZIP: infected - 1 skipped
M:\Program Files\eZula\eabh.dll Infected: not-a-virus:AdWare.Win32.EZula.x skipped
M:\Program Files\eZula\mmod.exe Infected: not-a-virus:AdWare.Win32.EZula.z skipped
M:\Program Files\eZula\seng.dll Infected: not-a-virus:AdWare.Win32.EZula.g skipped
M:\WINDOW98\TEMP\trickler3103.ex_/ Infected: not-a-virus:AdWare.Win32.Gator.3103 skipped
M:\WINDOW98\TEMP\trickler3103.ex_ MS Expand: infected - 1 skipped
M:\WINDOW98\Local Settings\Temporary Internet Files\Content.IE5\0JK3MN6P\gozilla[1].exe/WISE0056.BIN Infected: not-a-virus:AdWare.Win32.Gator.3013 skipped
M:\WINDOW98\Local Settings\Temporary Internet Files\Content.IE5\0JK3MN6P\gozilla[1].exe/WISE0057.BIN Infected: not-a-virus:AdWare.Win32.EZula.bh skipped
M:\WINDOW98\Local Settings\Temporary Internet Files\Content.IE5\0JK3MN6P\gozilla[1].exe WiseSFX: infected - 2 skipped
M:\WINDOW98\Local Settings\Temporary Internet Files\Content.IE5\X483JQRV\eZinstall[1].exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
M:\WINDOW98\Local Settings\Temporary Internet Files\Content.IE5\X483JQRV\eZinstall[1].exe WiseSFX: infected - 1 skipped
M:\WINDOW98\eZinstall.exe/WISE0001.BIN Infected: not-a-virus:AdWare.Win32.EZula.ak skipped
M:\WINDOW98\eZinstall.exe WiseSFX: infected - 1 skipped
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx/[From Elizabeth Datson <eewee@bigpond.com>][Date Mon, 4 Mar 2002 11:22:10 +1100 (EST)]/UNNAMED/weather.exe Infected: Email-Worm.Win32.Magistr.b skipped
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx/[From Elizabeth Datson <eewee@bigpond.com>][Date Mon, 4 Mar 2002 11:22:10 +1100 (EST)]/UNNAMED Infected: Email-Worm.Win32.Magistr.b skipped
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Matchcorp" <admin@matchcorp.com.au>][Date Wed, 20 Mar 2002 17:39:00 +1100]/UNNAMED/My Infected: Email-Worm.Win32.Mylife.a skipped
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx/[From "Matchcorp" <admin@matchcorp.com.au>][Date Wed, 20 Mar 2002 17:39:00 +1100]/UNNAMED Infected: Email-Worm.Win32.Mylife.a skipped
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx/[From Matthew Ngahu-Ngahu <mattn@fugen.com.au>][Date Tue, 2 Apr 2002 08:21:28 +1000]/UNNAMED/List480.TXT.scr Infected: Email-Worm.Win32.Mylife.f skipped
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx/[From Matthew Ngahu-Ngahu <mattn@fugen.com.au>][Date Tue, 2 Apr 2002 08:21:28 +1000]/UNNAMED Infected: Email-Worm.Win32.Mylife.f skipped
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx Mail MS Outlook 5: infected - 6 skipped
M:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
M:\mirc\mirc32.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.591 skipped
N:\System Volume Information\_restore{4E4ECD0F-3EF2-446D-9329-2A24EB5506A6}\RP926\change.log Object is locked skipped
Scan process completed.
dude this scan took me 6 1/2 hrs. lol
Hi
That's because of huge amount of files. And you will have to do it again at least once :(
Empty these folders:
J:\Program Files\Norton AntiVirus\Quarantine\
L:\OLD IBM FILES\_RESTORE\TEMP\
M:\WINDOW98\TEMP\
J:\WINDOWS\TEMP\
C:\VundoFix Backups\
M:\WINDOW98\Local Settings\Temporary Internet Files\
Delete these folders:
J:\Program Files\Common Files\CMEII\
J:\Program Files\New Folder\
L:\OLD IBM FILES\Program Files\MyWay
M:\Program Files\eZula
J:\Program Files\KaZaA\
Delete these:
J:\Program Files\Internet Explorer\PLUGINS\NPONFLOW.DLL
J:\Program Files\Internet Explorer\PLUGINS\onflowreport.exe
L:\OLD IBM FILES\WINDOWS\SYSTEM\bdeinsta3.dll
M:\WINDOW98\eZinstall.exe
M:\toshiba-mike\windows\Application Data\Identities\{E6E44160-A4B9-11D3-AA5C-FE23477DF22A}\Microsoft\Outlook Express\Deleted Items.dbx
F:\WINDOWS\system32\eum6pb6n.ini
F:\WINDOWS\system32\f3PSSavr.scr
F:\WINDOWS\system32\saie321.dll
J:\WINDOWS\sp.dll
C:\Documents and Settings\Chris.SMAILLBUSINESS\My Documents\BSINSTALL.exe
Empty Recycle Bin
Re-scan with kaspersky
Send:
- a fresh HijackThis log
- kaspersky report
Due to the lack of feedback this Topic is closed.
If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.
Everyone else please begin a New Topic.