Smitfraud-C.Toolbar888 [Archive] - Safer-Networking Forums

View Full Version : Smitfraud-C.Toolbar888

dennisvega45

2007-06-21, 07:59

Can anyobody help?

I´ve been infected with "Smitfraud-C.Toolbar888" and I can´t get rid of it. The pop ups are getting out of hand and my computer is slower than ever.
any advise would be greatly appreciated..

Thanks in advance!

Dennis

Shaba

2007-06-22, 11:45

Hi dennisvega45

Use this (http://downloads.malwareremoval.com/hijackthis_sfx.exe) link to get HijackThis.
Save it to your desktop and then double-click to run it.
It will install the program in c:\program files\HijackThis.
Browse to that location with windows explorer, and double click on the HijackThis.exe program to run. Choose the 'Do a system scan and save a logfile'
That will allow you to save the log to the desktop (or some other place) and leave open a notepad file with the HijackThis log in it.

Now post your HijackThis log into this topic.

dennisvega45

2007-06-23, 07:08

Thanks so much for responding,
Here´s the HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 11:03:35 p.m., on 22/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Program Files\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [GPLv3] rundll32.exe "C:\WINDOWS\system32\baiaxicy.dll",realset
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Shaba

2007-06-23, 11:35

Hi

Rename HijackThis.exe to scanner.exe and post back a fresh HijackThis log :)

dennisvega45

2007-06-23, 15:53

Here´s the new log file, Thanks,

Logfile of HijackThis v1.99.1
Scan saved at 07:50:29 a.m., on 23/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Program Files\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {388C001D-5922-4969-8FC9-0BD4114819A4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5ADF3862-9E2E-4ad3-86F7-4510E6550CD0} - C:\WINDOWS\system32\lrakjvgp.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {73ED5FEC-C852-4F3B-94F7-27C6ACB646E9} - (no file)
O2 - BHO: (no name) - {8392A8A7-4886-481F-B945-650207D618A2} - (no file)
O2 - BHO: (no name) - {8E4B618A-8AA2-4610-A1C1-5AA303F81F8F} - C:\WINDOWS\system32\ddccb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: (no name) - {C004A8DA-623A-4409-B6ED-F3E3DA367792} - C:\WINDOWS\system32\urssrpp.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: ddccb - C:\WINDOWS\system32\ddccb.dll
O20 - Winlogon Notify: efcdaxw - efcdaxw.dll (file missing)
O20 - Winlogon Notify: urssrpp - C:\WINDOWS\SYSTEM32\urssrpp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Shaba

2007-06-23, 16:24

Hi

Please download VundoFix.exe (http://www.atribune.org/ccount/click.php?id=4) to your desktop.
Double-click VundoFix.exe to run it.
Click the Scan for Vundo button.
Once it's done scanning, click the Remove Vundo button.
You will receive a prompt asking if you want to remove the files, click YES
Once you click yes, your desktop will go blank as it starts removing Vundo.
When completed, it will prompt that it will reboot your computer, click OK.
Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.

dennisvega45

2007-06-24, 23:44

Hi, Thank You!

VunduFix said that it could not remove this file:

C:\WINDOWS\system32\urssrpp.dll

Here´s the new HijackThis log:

Logfile of HijackThis v1.99.1
Scan saved at 03:43:33 p.m., on 24/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {388C001D-5922-4969-8FC9-0BD4114819A4} - (no file)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {5825A353-7507-403E-966F-5EA6051FB9FE} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: (no name) - {73ED5FEC-C852-4F3B-94F7-27C6ACB646E9} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: efcdaxw - efcdaxw.dll (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Shaba

2007-06-25, 11:29

Hi

# Run Spybot-S&D in Advanced Mode.
# If it is not already set to do this Go to the Mode menu select "Advanced Mode"
# On the left hand side, Click on Tools
# Then click on the Resident Icon in the List
# Uncheck "Resident TeaTimer" and OK any prompts.
# Restart your computer.

Open HijackThis, click do a system scan only and checkmark these:

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
O2 - BHO: (no name) - {388C001D-5922-4969-8FC9-0BD4114819A4} - (no file)
O2 - BHO: (no name) - {5825A353-7507-403E-966F-5EA6051FB9FE} - C:\WINDOWS\system32\ddccb.dll (file missing)
O2 - BHO: (no name) - {73ED5FEC-C852-4F3B-94F7-27C6ACB646E9} - (no file)
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: (no name) - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - (no file)
O20 - Winlogon Notify: efcdaxw - efcdaxw.dll (file missing)

Close all windows including browser and press fix checked.

Reboot.

Please do an online scan with Kaspersky Online Scanner (http://www.kaspersky.com/downloads/kws/kavwebscan.html). You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
The program will launch and then start to download the latest definition files.
Once the scanner is installed and the definitions downloaded, click Next.
Now click on Scan Settings
In the scan settings make sure that the following are selected:

o Scan using the following Anti-Virus database:

+ Extended (If available otherwise Standard)

o Scan Options:

+ Scan Archives
+ Scan Mail Bases

Click OK
Now under select a target to scan select My Computer
The scan will take a while so be patient and let it run. Once the scan is complete it will display if your system has been infected.
Now click on the Save as Text button
Save the file to your desktop.
Copy and paste that information in your next post.

Post:

- a fresh HijackThis log
- kaspersky report

dennisvega45

2007-06-26, 08:20

Hi,

Last time, right after my last reply on 6/24, I ran VunduFix several times and then I ran my Antivirus program, and to my surprise, it did quarantine for first time the infamous file C:\WINDOWS\system32\urssrpp.dll

After this, I ran spybot again and when it finished, I got this message:

Congratulations, No inmediate threats were found!
and my other antispyware software XoftSpySE did not detect the vundu virus this time either.

Does this mean that my computer is clean now?

Should I go ahead and perform your instructions from your last reply anyway?
Thanks!

Shaba

2007-06-26, 11:09

Hi

"Should I go ahead and perform your instructions from your last reply anyway?"

Yes :)

dennisvega45

2007-06-26, 16:30

Hi,
I tried to download Kapersky but when I clicked on the accept buttom, it wouldn´t do anything, it would not download.

Here´s the new log,

Logfile of HijackThis v1.99.1
Scan saved at 08:27:43 a.m., on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://go.microsoft.com/fwlink/?LinkId=54843
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Shaba

2007-06-26, 16:44

Hi

That must be done using Internet Explorer, not Firefox :)

dennisvega45

2007-06-26, 20:46

I used Windows Explorer instead of Firefox and it worked. I ran Kapersky scanner a couple of times, it reads there are 25 infected files and about 7 virusus detected but it is not giving me an option to save as text. Where is the button?

Thank you.

dennisvega45

2007-06-27, 07:08

Hi, I finally got it working,

Here are the logs:

KASPERSKY ONLINE SCANNER REPORT
Tuesday, June 26, 2007 10:51:02 PM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 26/06/2007
Kaspersky Anti-Virus database records: 353902

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 62772
Number of viruses found: 7
Number of infected objects: 25
Number of suspicious objects: 0
Duration of the scan process: 01:04:00

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\uoxgonxw.dll Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dennis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbdam Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbdao Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbeam Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbeao Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbm Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\fii.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\hp Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Identities\{564881C4-3390-4BD7-860F-E33DA730500A}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Identities\{564881C4-3390-4BD7-860F-E33DA730500A}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Pando\Pando Files\cert\cert8.db Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Pando\Pando Files\cert\key3.db Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Pando\Pando Files\pando.log Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\History\History.IE5\MSHist012007062620070627\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\arc0000.tmp Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\~DF6AC0.tmp Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dennis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\BB17D0.cab/{F4C813DE_504B_5D93_DDFD_1AECFE42A871}_keygen.exe Infected: Trojan-Downloader.Win32.Nurech.ak skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\BB17D0.cab CAB: infected - 1 skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP108\A0016494.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP108\A0016494.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Nurech.ak skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Nurech.ak skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP164\snapshot\MFEX-1.DAT Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP165\A0027702.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP165\snapshot\MFEX-1.DAT Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP182\A0029306.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP192\A0029538.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP195\A0029621.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP195\A0029622.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP197\A0029824.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029938.DLL Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029939.DLL Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029942.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029943.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029944.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029945.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029947.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029949.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029950.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029951.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029952.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029953.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029955.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029956.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029957.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029958.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029959.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029960.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP199\A0030048.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP205\A0031354.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP207\A0031477.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP207\A0031478.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031582.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031615.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031620.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031690.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031809.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031824.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031840.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031844.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032243.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032247.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032249.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032250.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032251.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032254.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032257.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032304.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032305.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032306.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032310.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032331.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032335.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032336.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032357.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0033028.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0033042.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033069.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033079.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033121.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033195.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033313.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033325.dll Infected: Trojan.Win32.BHO.bd skipped
C

dennisvega45

2007-06-27, 07:11

Since the message was too long, Here´s the rest of the report:

C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033341.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033345.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033744.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033748.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033750.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033751.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033752.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033755.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033758.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033805.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033806.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033807.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033811.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033832.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033836.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033837.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033858.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0034550.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034621.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034646.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034661.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034681.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034682.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034683.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034684.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034685.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034689.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP214\A0034751.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP214\A0034780.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034842.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034888.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034953.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034984.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP217\A0035021.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP218\A0035085.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036098.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036232.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036233.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036234.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036235.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036236.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036237.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036238.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036239.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036240.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036241.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036242.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036243.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036244.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036245.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP220\A0036306.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP220\A0036307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP220\A0036308.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP221\A0036333.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP222\change.log Object is locked skipped
C:\VundoFix Backups\ddccb.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\VundoFix Backups\lrakjvgp.dll.bad Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\VundoFix Backups\rjwigkwk.dll.bad Infected: Trojan.Win32.BHO.bd skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\edb.log Object is locked skipped
C:\WINDOWS\system32\CatRoot2\tmp.edb Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp000017a9\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Logfile of HijackThis v1.99.1
Scan saved at 10:55:04 p.m., on 26/06/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
C:\Program Files\Atheros\ACU.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe
C:\Program Files\Pando Networks\Pando\pando.exe
C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
C:\Program Files\Webshots\WebshotsTray.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Google\Web Accelerator\googlewebaccclient.exe
C:\PROGRA~1\Yahoo!\COMPAN~1\Installs\cpn1\YTBSDK.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\HijackThis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ycomp/defaults/sb/*http://www.yahoo.com/search/ie.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = http://localhost:9100/proxy.pac
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
R3 - URLSearchHook: (no name) - {06663B56-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Pando Search Assistant BHO - {06663B51-0D73-4f9f-BCC5-4AA941470AFD} - C:\Program Files\PandoBar\SrchAstt\1.bin\P4SRCHAS.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: CookieHlprObj Class - {4DF1DB24-A57C-11d3-A180-00A0C90AE44B} - C:\Program Files\Zilla Popup Killer\ZillaBHO.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Google Web Accelerator Helper - {69A87B7D-DE56-4136-9655-716BA50C19C7} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Pando Toolbar BHO - {E3EA4FD1-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Google Web Accelerator - {DB87BFA2-A2E3-451E-8E5A-C89982D87CBF} - C:\Program Files\Google\Web Accelerator\GoogleWebAccToolbar.dll
O3 - Toolbar: Pando Toolbar - {E3EA4FD9-CADE-4ae5-84F7-086EEE888BE4} - C:\Program Files\PandoBar\bar\1.bin\PANDOBAR.DLL
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [TPNF] C:\Program Files\TOSHIBA\TouchPad\TPTray.exe
O4 - HKLM\..\Run: [ACU] "C:\Program Files\Atheros\ACU.exe" -nogui
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Ink Monitor] C:\Program Files\EPSON\Ink Monitor\InkMonitor.exe
O4 - HKLM\..\Run: [EPSON Stylus C67 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIAAL.EXE /P23 "EPSON Stylus C67 Series" /O6 "USB001" /M "Stylus C67"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [I&F Viewer toolbar] "C:\Program Files\Photo Toolkit\ivbar\phototoolkitmem.exe" -start
O4 - HKCU\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\pando.exe" /Minimized
O4 - Startup: Stardock ObjectDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat\ObjectDock\ObjectDock.exe
O4 - Startup: Webshots.lnk = C:\Program Files\Webshots\WebshotsTray.exe
O4 - Global Startup: Run Google Web Accelerator.lnk = C:\Program Files\Google\Web Accelerator\GoogleWebAccWarden.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (YInstStarter Class) - http://us.dl1.yimg.com/download.yahoo.com/dl/yinst/yinst_current.cab
O16 - DPF: {7B297BFD-85E4-4092-B2AF-16A91B2EA103} (WScanCtl Class) - http://www.ca.com/us/securityadvisor/virusinfo/webscan.cab
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Servicio del iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)

Shaba

2007-06-27, 11:24

Hi

Empty this folder:

C:\VundoFix Backups

Delete this:

C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth\ErrorRep\QSignoff\BB17D0.cab

Empty Recycle Bin

Otherwise looking good :)

Still problems?

dennisvega45

2007-06-28, 16:20

Hi,

Thanks so much for all your help,

I still have problems with this Trojan.BHO.AR virus, can you help?

Here´s my latest Kapersky log:

KASPERSKY ONLINE SCANNER REPORT
Thursday, June 28, 2007 7:28:04 AM
Operating System: Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.93.0
Kaspersky Anti-Virus database last update: 28/06/2007
Kaspersky Anti-Virus database records: 354782
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\

Scan Statistics:
Total number of scanned objects: 62890
Number of viruses found: 7
Number of infected objects: 20
Number of suspicious objects: 0
Duration of the scan process: 02:09:11

Infected Object Name / Virus Name / Last Action
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\uoxgonxw.dll Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped
C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\cert8.db Object is locked skipped
C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\formhistory.dat Object is locked skipped
C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\history.dat Object is locked skipped
C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\key3.db Object is locked skipped
C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\parent.lock Object is locked skipped
C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\search.sqlite Object is locked skipped
C:\Documents and Settings\Dennis\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\urlclassifier2.sqlite Object is locked skipped
C:\Documents and Settings\Dennis\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Ahead\Nero Home\bl.db Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Ahead\Nero Home\is2.db Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbc2e.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbdam Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbdao Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbeam Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbeao Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbm Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbu2d.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbvm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\dbvmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\fii.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\fiih.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\hp Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\hpt2i.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpm1m.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpm1mh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\rpmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-enchashm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-enchashmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-urlm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-black-urlmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-malware-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-malware-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-white-domainm.cf1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Google\Google Desktop\e29047a391fb\safeweb\goog-white-domainmh.ht1 Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Identities\{564881C4-3390-4BD7-860F-E33DA730500A}\Microsoft\Outlook Express\Folders.dbx Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Identities\{564881C4-3390-4BD7-860F-E33DA730500A}\Microsoft\Outlook Express\Offline.dbx Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\Cache\_CACHE_001_ Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\Cache\_CACHE_002_ Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\Cache\_CACHE_003_ Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Application Data\Mozilla\Firefox\Profiles\ctq9atsm.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\History\History.IE5\MSHist012007062720070628\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\googlewebaccclient.exe.log Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\GoogleWebAccelerator.pac Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\GoogleWebAcceleratorCache Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\GoogleWebAccWarden.exe.log Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temp\~DFDC9.tmp Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Documents and Settings\Dennis\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\Dennis\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\Dennis\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Cookies\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Documents and Settings\LocalService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\LocalService\ntuser.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG Object is locked skipped
C:\Documents and Settings\NetworkService\NTUSER.DAT Object is locked skipped
C:\Documents and Settings\NetworkService\ntuser.dat.LOG Object is locked skipped
C:\Program Files\eMule\eMule0.48a\Temp\001.part Object is locked skipped
C:\Program Files\eMule\eMule0.48a\Temp\002.part Object is locked skipped
C:\Program Files\eMule\eMule0.48a\Temp\003.part Object is locked skipped
C:\Program Files\eMule\eMule0.48a\Temp\004.part Object is locked skipped
C:\Program Files\eMule\eMule0.48a\Temp\005.part Object is locked skipped
C:\Program Files\eMule\eMule0.48a\Temp\006.part Object is locked skipped
C:\Program Files\eMule\eMule0.48a\Temp\007.part Object is locked skipped
C:\System Volume Information\MountPointManagerRemoteDatabase Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP108\A0016494.exe/Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP108\A0016494.exe RAR: infected - 1 skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Nurech.ak skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023691.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar/keygen.exe Infected: Trojan-Downloader.Win32.Nurech.ak skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar/crack.exe Infected: not-a-virus:AdWare.Win32.Virtumonde.bq skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar/serial.exe Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe/data.rar Infected: Trojan.Win32.Dialer.qn skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP160\A0023692.exe RarSFX: infected - 4 skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP164\snapshot\MFEX-1.DAT Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP165\A0027702.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP165\snapshot\MFEX-1.DAT Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP182\A0029306.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP192\A0029538.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP195\A0029621.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP195\A0029622.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP197\A0029824.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029938.DLL Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029939.DLL Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029942.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029943.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029944.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029945.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029947.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029949.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029950.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029951.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029952.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029953.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029955.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029956.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029957.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029958.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029959.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP198\A0029960.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP199\A0030048.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP205\A0031354.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP207\A0031477.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP207\A0031478.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031582.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031615.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031620.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031690.dll Object is locked skipped

dennisvega45

2007-06-28, 16:21

C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031809.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031824.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031840.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0031844.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032243.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032247.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032249.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032250.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032251.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032254.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032257.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032304.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032305.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032306.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032310.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032331.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032335.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032336.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0032357.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0033028.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP209\A0033042.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033069.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033079.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033121.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033195.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033313.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033325.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033341.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033345.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033744.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033748.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033750.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033751.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033752.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033755.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033758.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033805.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033806.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033807.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033811.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033832.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033836.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033837.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0033858.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP210\A0034550.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034621.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034646.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034661.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034681.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034682.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034683.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034684.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034685.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP211\A0034689.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP214\A0034751.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP214\A0034780.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034842.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034888.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034953.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP216\A0034984.exe Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP217\A0035021.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP218\A0035085.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036098.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036232.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036233.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036234.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036235.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036236.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036237.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036238.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036239.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036240.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036241.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036242.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036243.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036244.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP219\A0036245.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP220\A0036306.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.fp skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP220\A0036307.dll Infected: not-a-virus:AdWare.Win32.Virtumonde.kj skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP220\A0036308.dll Infected: Trojan.Win32.BHO.bd skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP221\A0036333.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP224\A0036627.dll Object is locked skipped
C:\System Volume Information\_restore{C58048A8-4560-4C05-9F5E-E75D18315D49}\RP224\change.log Object is locked skipped
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped
C:\WINDOWS\SchedLgU.Txt Object is locked skipped
C:\WINDOWS\SoftwareDistribution\EventCache\{C6C1E920-815A-43CE-AC29-09FC90A4924C}.bin Object is locked skipped
C:\WINDOWS\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\WINDOWS\Sti_Trace.log Object is locked skipped
C:\WINDOWS\system32\bdss.log Object is locked skipped
C:\WINDOWS\system32\config\AppEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\default Object is locked skipped
C:\WINDOWS\system32\config\default.LOG Object is locked skipped
C:\WINDOWS\system32\config\Internet.evt Object is locked skipped
C:\WINDOWS\system32\config\SAM Object is locked skipped
C:\WINDOWS\system32\config\SAM.LOG Object is locked skipped
C:\WINDOWS\system32\config\SecEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\SECURITY Object is locked skipped
C:\WINDOWS\system32\config\SECURITY.LOG Object is locked skipped
C:\WINDOWS\system32\config\software Object is locked skipped
C:\WINDOWS\system32\config\software.LOG Object is locked skipped
C:\WINDOWS\system32\config\SysEvent.Evt Object is locked skipped
C:\WINDOWS\system32\config\system Object is locked skipped
C:\WINDOWS\system32\config\system.LOG Object is locked skipped
C:\WINDOWS\system32\config\Windows_OneCare_Evt.evt Object is locked skipped
C:\WINDOWS\system32\h323log.txt Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA Object is locked skipped
C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP Object is locked skipped
C:\WINDOWS\Temp\tmp00004b73\tmp00000000 Object is locked skipped
C:\WINDOWS\wiadebug.log Object is locked skipped
C:\WINDOWS\wiaservc.log Object is locked skipped
C:\WINDOWS\WindowsUpdate.log Object is locked skipped

Scan process completed.

Shaba

2007-06-28, 16:51

Hi

"I still have problems with this Trojan.BHO.AR virus, can you help?"

Where is that located?

According to kaspersky, all your viruses are in system restore and inactive.

Shaba

2007-07-05, 11:03

Due to the lack of feedback this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.