PDA

View Full Version : ClickSpring.PurityScan won't go away!



Xschtar
2007-10-03, 05:57
Hello everybody!

This seems like a very nice place and I hope you can help me. For a few months I've had this weird adware called ClickSpring.PurityScan which sometimes randomly redirects my browser to some webpage. I'm running Windows Vista 32bit by the way. Windows Defender detects this program but cannot delete it or quarantine it, I just get an error message. This is what Windows Defender says about Adware:Win32/ClickSpring.PuritySCAN:

Category:
Adware

Description:
This program has potentially unwanted behavior.

Advice:
Review the alert details to see why the software was detected. If you do not like how the software operates or if you do not recognize and trust the publisher, consider blocking or removing the software.

Resources:
clsid:
HKLM\SOFTWARE\CLASSES\CLSID\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

regkey:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

regkey:
HKLM\SOFTWARE\CLASSES\CLSID\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

regkey:
HKCU@S-1-5-21-3318419505-3769054633-1778666024-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

regkey:
HKCU@S-1-5-21-3318419505-3769054633-1778666024-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

bho:
HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

ieaddon:
HKCU@S-1-5-21-3318419505-3769054633-1778666024-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

ieaddon:
HKCU@S-1-5-21-3318419505-3769054633-1778666024-1000\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{E7197846-CB82-B424-F0D4-B0DEBBB60891}

file:
C:\Windows\system32\oapgefve.dll










----





And here is the HiJackThis log:



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:47:04, on 2007-10-03
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16512)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe
C:\Windows\System32\CTHELPER.EXE
C:\Windows\System32\CTXFIHLP.EXE
C:\Program Files\RivaTuner v2.02\RivaTuner.exe
C:\Windows\System32\CTXFISPI.EXE
C:\Windows\System32\rundll32.exe
C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\ASUS\ASUS DH Remote\AsDhRemote.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Personal\bin\Personal.exe
C:\Program Files\Azureus\Azureus.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.aftonbladet.se/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O2 - BHO: 0 - {58891DAD-9C64-45B7-B0BB-C033FFDED3A6} - C:\Program Files\Internet Explorer\lawumec.dll (file missing)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: (no name) - {E7197846-CB82-B424-F0D4-B0DEBBB60891} - C:\Windows\system32\oapgefve.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [Ai Quicker Help] "C:\Program Files\ASUS\ASUS DH Remote\AsRc.exe"
O4 - HKLM\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [RivaTunerStartupDaemon] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /S
O4 - HKLM\..\Run: [RivaTuner] "C:\Program Files\RivaTuner v2.02\RivaTuner.exe" /T
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Ieuu] "C:\PROGRA~1\FNTS~1\tracert.exe" -vt yazb
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Azureus.lnk = C:\Program Files\Azureus\Azureus.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Personal.lnk = C:\Program Files\Personal\bin\Personal.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} (FilePlanet Download Control Class) - http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/pr02/resources/VistaMSNPUpldsv-se.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su/ocx/15030/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Creative ALchemy AL1 Licensing Service - Creative Labs - C:\Program Files\Common Files\Creative Labs Shared\Service\AL1Licensing.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PunkBuster (PnkBstrA) - Unknown owner - C:\Program Files\Electronic Arts\Medal of Honor Airborne\UnrealEngine3\MOHAGame\pb\PnkBstrA.exe

--
End of file - 9806 bytes


I have yet to run the Kaspersky scan, maybe someone can help me with this information?

Xschtar
2007-10-03, 07:46
Kaspersky says this:


KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 03, 2007 6:43:09 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 3/10/2007
Kaspersky Anti-Virus database records: 426539


Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Statistics:
Total number of scanned objects: 66881
Number of viruses found: 2
Number of infected objects: 177
Number of suspicious objects: 0
Duration of the scan process: 01:42:11

Infected Object Name / Virus Name / Last Action
C:\dll6wise.dll Infected: Backdoor.MSIL.Agent.b skipped
C:\dllhost32.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\op32.exe Infected: Trojan.Win32.Agent.tm skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Data\resources\Acrobat.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Data\resources\AcrobatInfo.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Data\resources\acrobat_sl.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Data\resources\AdobeUpdateManager.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\PaperCapture\Server\Roman\Data\resources\capserve.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\plug_ins\Preflight\Data\resources\Droplet.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\Updater\Data\resources\acroaum.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\Data\resources\Acrobat Elements.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\Data\resources\AdobeUpdateManager.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\ConvertIFD\Data\resources\ConvertIFD.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\Data\resources\ConvertIP.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\Data\resources\ConvertPDF.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\Data\resources\ConvertWord.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Designer 7.0\Data\resources\FormDesigner.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Data\resources\acrodist.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Data\resources\acrotray.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\ASUS\ASUS DH Remote\Data\resources\AsDHRemote.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\ASUS\ASUS DH Remote\Data\resources\AsRc.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\ASUS\AsusUpdate\Data\resources\MyLogo.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\ASUS\AsusUpdate\Data\resources\Update.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\ASUS\AsusUpdate\Data\resources\WinFlash.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\ASUS\IO\Data\resources\AsIoUnins.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\nwloader.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\nwn2.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\NWN2Launcher.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\nwn2main.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\nwn2main_amdxp.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\nwn2server.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\NWN2ToolsetLauncher.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Data\resources\nwupdate.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Atari\Neverwinter Nights 2\Utils\Data\resources\nwn2stub.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Azureus\Data\resources\Azureus.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Azureus\Data\resources\Uninstall.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Bethesda Softworks\Oblivion\Data\resources\Oblivion.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Bethesda Softworks\Oblivion\Data\resources\OblivionLauncher.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\BitLocker\Data\resources\BdeHdCfg.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\ArcadeInstallBG2TOB101b.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\baldur.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\BGConfig.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\bgdxtest.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\bggltest.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\BGMain.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\CharView.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\glsetup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\GSArcade.EXE Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\data\resources\mplaynow.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\eReg\Data\resources\Reg32.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\script compiler\Data\resources\AICompile.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Black Isle\BGII - SoA\ShadowKeeper\Data\resources\ShadowKeeper.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\Adobe Systems Shared\Service\Data\resources\Adobelmsvc.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Driver\11\Intel 32\Data\resources\IDriver.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Driver\11\Intel 32\Data\resources\IDriver2.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Driver\11\Intel 32\Data\resources\IDriverT.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Driver\9\Intel 32\Data\resources\IDriver.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Driver\9\Intel 32\Data\resources\IDriver2.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\engine\6\Intel 32\Data\resources\IKernel.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Professional\RunTime\09\01\Intel32\Data\resources\DotNetInstaller.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Professional\RunTime\10\00\Intel32\Data\resources\DotNetInstaller.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Professional\RunTime\10\01\Intel32\Data\resources\DotNetInstaller.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\InstallShield2\Professional\RunTime\11\00\Intel32\Data\resources\DotNetInstaller.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0.b105\Data\resources\launcher.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0.b105\Data\resources\patchjre.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0.b105\Data\resources\zipper.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\DW\Data\resources\DW20.EXE Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\DW\Data\resources\DWTRIG20.EXE Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\ink\Data\resources\FlickLearningWizard.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\ink\Data\resources\InkWatson.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\ink\Data\resources\InputPersonalization.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\ink\Data\resources\IpsOptInSrv.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\ink\Data\resources\pipanel.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\ink\Data\resources\ShapeCollector.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\ink\Data\resources\TabTip.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Common Files\microsoft shared\MSInfo\Data\resources\msinfo32.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\CPU-Z\Data\resources\cpuz.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\CPU-Z\Data\resources\latency.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Creative\AudioCS\Data\resources\CTAudCS.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Creative\ShareDLL\CADI\Data\resources\NotiMan.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\DAEMON Tools\Data\resources\daemon.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\DAEMON Tools\Data\resources\SetupDTSB.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\DAEMON Tools\Data\resources\uninst.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\DivX\Data\resources\DivXBundleUninstall.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\DivX\Data\resources\DivXCodecUninstall.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\DivX\DivX Codec\Data\resources\config.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\DivX\DivX Codec\Data\resources\DivX EKG.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Eidos\Just Cause\Data\resources\JCSetup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Eidos\Just Cause\Data\resources\JustCause.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Futuremark\3DMark06\Data\resources\3DMark06.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{17E96A7F-AFE3-4171-87B1-583E376319E8}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{34A0AF85-C323-4867-8AA3-00A3E5A7A12B}\Data\resources\Setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{5731C0A8-B266-451A-8D3F-8066AA21836F}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\Data\resources\Setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{6B2C675E-8040-431B-99C4-137DF4FBF75A}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{7C503E58-B2BC-11D5-978A-0050BA84F5F7}\Data\resources\Setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{7F3AD00A-1819-4B15-BB7D-08B3586336D7}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{8DAE4336-2B71-11D4-9A6C-006067325E47}\Data\resources\Setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{AA9944C8-7D34-475E-8C90-2788685B2C47}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{B8C3B479-1716-11D5-968A-0050BA84F5F7}\Data\resources\Setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{C0698BDA-0D29-40EE-8570-A31106DF9AB1}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{C9E270CC-AE42-4BD8-B9C6-1EB3A8657FF5}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\InstallShield Installation Information\{F20C1251-1D0A-4944-B2AE-678581B33B19}\Data\resources\setup.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Intel Corporation\Thermal Analysis Tool\Data\resources\MeromMaxPowerVer0p3.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Intel Corporation\Thermal Analysis Tool\Data\resources\TAT.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Intel Corporation\Thermal Analysis Tool\Data\resources\YonahMaxPowerVer1p0.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\java-rmi.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\java.exe Infected: Backdoor.MSIL.Agent.b skipped

Xschtar
2007-10-03, 07:47
C:\Program Files\Java\jre1.6.0\bin\Data\resources\javacpl.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\javaw.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\javaws.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\jucheck.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\jusched.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\keytool.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\kinit.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\klist.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\ktab.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\orbd.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\pack200.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\policytool.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\rmid.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\rmiregistry.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\servertool.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\tnameserv.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Java\jre1.6.0\bin\Data\resources\unpack200.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\K-Lite Codec Pack\Data\resources\unins000.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\K-Lite Codec Pack\Media Player Classic\Data\resources\mplayerc.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\K-Lite Codec Pack\tools\Data\resources\fixcodecs.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Media Player Classic\Data\resources\mplayerc.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\Chess\Data\resources\Chess.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\FreeCell\Data\resources\FreeCell.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\Hearts\Data\resources\Hearts.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\HoldEm\Data\resources\HoldEm.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\inkball\Data\resources\inkball.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\Mahjong\Data\resources\Mahjong.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\Minesweeper\Data\resources\MineSweeper.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\Purble Place\Data\resources\PurblePlace.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\Solitaire\Data\resources\Solitaire.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Microsoft Games\SpiderSolitaire\Data\resources\SpiderSolitaire.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Movie Maker\Data\resources\CaptureWizard.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Movie Maker\Data\resources\DVDMaker.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Movie Maker\Data\resources\MOVIEMK.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\Movie Maker\Data\resources\VideoCameraAutoPlayManager.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN\Data\resources\cclitesetupui.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN Messenger\Data\resources\livecall.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN Messenger\Data\resources\msnmsgr.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN Messenger\Data\resources\msvs.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN Messenger\Data\resources\usnsvc.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN Messenger\Device Manager\Data\resources\dpinst.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN Messenger\Device Manager\Data\resources\dpinst64.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\MSN Messenger\Device Manager\Data\resources\msgrdvmn.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\OpenAL\Data\resources\OALInst.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\QuickTime\Data\resources\PictureViewer.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\QuickTime\Data\resources\QTInfo.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\QuickTime\Data\resources\qttask.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\QuickTime\Data\resources\QuickTimePlayer.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\QuickTime\QTSystem\Data\resources\QTPluginInstaller.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\QuickTime\QTSystem\Data\resources\QuickTimeUpdateHelper.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\bink.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\binkconv.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\binkmix.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\binkpl64.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\binkplay.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\rad2exe.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\radana.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\radbatch.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\radinfo.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\radsiw.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\radvideo.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\smack.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\smackmix.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\smackplw.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\smackply.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\smackpw6.exe Infected: Backdoor.MSIL.Agent.b skipped
C:\Program Files\RADVideo\Data\resources\UNWISE.EXE Infected: Backdoor.MSIL.Agent.b skipped

Scan was interrupted by user!

I interrupted the scan because I had to reboot, but it's now scanning again although I doubt it will find more. It takes a long time because I have 2 000 GB harddisc space.

Please, someone help me!

Xschtar
2007-10-03, 09:40
Kaspersky scan of critical areas (full scan takes 50hrs or something):

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Wednesday, October 03, 2007 8:39:43 AM
Operating System: Microsoft Windows Vista Professional, (Build 6000)
Kaspersky Online Scanner version: 5.0.93.1
Kaspersky Anti-Virus database last update: 3/10/2007
Kaspersky Anti-Virus database records: 426539
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - Critical Areas:
C:\Windows
C:\Users\Xstar\AppData\Local\Temp\

Scan Statistics:
Total number of scanned objects: 57914
Number of viruses found: 10
Number of infected objects: 27
Number of suspicious objects: 0
Duration of the scan process: 01:29:31

Infected Object Name / Virus Name / Last Action
C:\Windows\109uninst.exe Infected: Trojan.Win32.VB.tg skipped
C:\Windows\CSC\v2.0.6\pq Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\ehben.dll Infected: Trojan-Spy.Win32.Delf.jq skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\LocalService\NTUSER.DAT{0f694465-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG1 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat.LOG2 Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TM.blf Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\ServiceProfiles\NetworkService\NTUSER.DAT{0f694461-6a70-11db-8eb3-985e31beb686}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\2.exe Infected: Trojan-Spy.Win32.Delf.jq skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 Object is locked skipped
C:\Windows\System32\bund1\2new.exe Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0002 Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0003 Infected: not-a-virus:AdWare.Win32.Agent.co skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0004/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0004/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0004/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0004 Infected: Trojan.Win32.VB.tg skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0005/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0005 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0006 Infected: not-a-virus:AdWare.Win32.NewDotNet skipped
C:\Windows\System32\bund1\ClientBundle1.exe/data0007 Infected: Trojan.Win32.BHO.ab skipped
C:\Windows\System32\bund1\ClientBundle1.exe NSIS: infected - 10 skipped
C:\Windows\System32\bund1\Delcom.exe Infected: not-a-virus:AdWare.Win32.SurfSide.ax skipped
C:\Windows\System32\bund1\mac.exe/data0002 Infected: Trojan.Win32.VB.tg skipped
C:\Windows\System32\bund1\mac.exe/data0005 Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Windows\System32\bund1\mac.exe/data0006 Infected: Trojan.Win32.VB.tg skipped
C:\Windows\System32\bund1\mac.exe NSIS: infected - 3 skipped
C:\Windows\System32\bund1\Yzz.exe/data0002 Infected: Trojan-Downloader.Win32.PurityScan.eg skipped
C:\Windows\System32\bund1\Yzz.exe NSIS: infected - 1 skipped
C:\Windows\System32\bund1\zq.exe Infected: Trojan.Win32.BHO.ab skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\RegBack\COMPONENTS Object is locked skipped
C:\Windows\System32\config\RegBack\DEFAULT Object is locked skipped
C:\Windows\System32\config\RegBack\SAM Object is locked skipped
C:\Windows\System32\config\RegBack\SECURITY Object is locked skipped
C:\Windows\System32\config\RegBack\SOFTWARE Object is locked skipped
C:\Windows\System32\config\RegBack\SYSTEM Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000003.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer00000000000000000004.regtrans-ms Object is locked skipped
C:\Windows\System32\drivers\sptd.sys Object is locked skipped
C:\Windows\System32\ehben.exe Infected: Trojan-Spy.Win32.Delf.jq skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTm.blf Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000001 Object is locked skipped
C:\Windows\System32\Msdtc\KtmRmTmContainer00000000000000000002 Object is locked skipped
C:\Windows\System32\oapgefve.dll Infected: not-a-virus:AdWare.Win32.PurityScan.ak skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\WDI\LogFiles\WdiContextLog.etl.001 Object is locked skipped
C:\Windows\System32\wfp\wfpdiag.etl Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Media Center.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\ODiag.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\OSession.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\uni_eh10.exe Infected: Trojan-Downloader.Win32.VB.tw skipped
C:\Windows\WindowsUpdate.log Object is locked skipped
C:\Users\Xstar\AppData\Local\Temp\FXSAPIDebugLogFile.txt Object is locked skipped
C:\Users\Xstar\AppData\Local\Temp\hsperfdata_Xstar\2808 Object is locked skipped
C:\Users\Xstar\AppData\Local\Temp\NeroDemo12061\Toolbar.exe Infected: not-a-virus:AdTool.Win32.MyWebSearch skipped
C:\Users\Xstar\AppData\Local\Temp\~DFB62E.tmp Object is locked skipped
C:\Users\Xstar\AppData\Local\Temp\~DFB680.tmp Object is locked skipped
C:\Users\Xstar\AppData\Local\Temp\~DFF035.tmp Object is locked skipped
C:\Users\Xstar\AppData\Local\Temp\~DFFDB3.tmp Object is locked skipped

Scan process completed.

little eagle
2007-10-08, 07:42
Lets try running combofix.exe
Download it from one of the links below:
Note:
It is important that it is saved directly to your desktop
http://download.bleepingcomputer.com/sUBs/combofix.exe
http://www.techsupportforum.com/sectools/combofix.exe

Double click combofix.exe & follow the prompts.
When finished, it will produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window while it's running. That may cause it to stall

tashi
2007-10-16, 01:33
This topic has been moved to archives.

If you need the thread re-opened, please send me a private message (pm) and provide a link.

Applies only to the original poster, anyone else with similar problems please start your own topic.